www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environm...
Submission: On February 15 via manual (February 15th 2024, 7:29:50 am UTC) from GB — Scanned from GB

Summary HTTP 197 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 43 IPs in 4 countries across 33 domains to perform 197 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com. The Cisco Umbrella rank of the primary domain is 192828.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on April 4th 2023. Valid for: a year.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	2a02:e980:107... 2a02:e980:107::cf	19551 (INCAPSULA) (INCAPSULA)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	3.160.150.14 3.160.150.14	() ()
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
2	2606:4700:440... 2606:4700:4400::6812:216e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.102.38.132 104.102.38.132	16625 (AKAMAI-AS) (AKAMAI-AS)
7	104.16.92.80 104.16.92.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:267... 2600:9000:2670:4a00:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:d800:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.66.124.228 3.66.124.228	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
10	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:1499	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2606:4700:440... 2606:4700:4400::6812:2b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
67	18.245.86.77 18.245.86.77	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:440... 2606:4700:4400::6812:24c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	35.157.194.178 35.157.194.178	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
5 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a03:2880:f14... 2a03:2880:f145:82:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4	2600:9000:215... 2600:9000:2156:ee00:1d:85c3:6640:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.186.70 142.250.186.70	15169 (GOOGLE) (GOOGLE)
1	151.101.193.91 151.101.193.91	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	172.217.16.198 172.217.16.198	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:ab0... 2a02:26f0:ab00::214:8e41	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
10	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42::720 2a04:4e42::720	54113 (FASTLY) (FASTLY)
197	43

32 2a02:e980:107::cf (United States)

ASN19551 (INCAPSULA, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.160.150.14 (United States)

ASN- ()
PTR: server-3-160-150-14.fra60.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:216e (United States)

ASN13335 (CLOUDFLARENET, US)

geoip-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.38.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-38-132.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.16.92.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-abj.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.180 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2670:4a00:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:d800:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.66.124.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-124-228.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:1499 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:4400::6812:2b1f (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

67 18.245.86.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-77.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:24c4 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.194.178 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-194-178.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

309-rhv-619.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 5 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f145:82:face:b00c:0:25de (United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:ee00:1d:85c3:6640:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.70 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net

4788165.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.91 (United States)

ASN54113 (FASTLY, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f198.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::214:8e41 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	driftt.com js.driftt.com — Cisco Umbrella Rank: 7026	788 KB
32	proofpoint.com www.proofpoint.com — Cisco Umbrella Rank: 192828	1 MB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 6461 c.6sc.co — Cisco Umbrella Rank: 9771 ipv6.6sc.co — Cisco Umbrella Rank: 6648 b.6sc.co — Cisco Umbrella Rank: 4424	22 KB
10	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 8034 metrics.api.drift.com — Cisco Umbrella Rank: 7885 event.api.drift.com — Cisco Umbrella Rank: 8599 targeting.api.drift.com — Cisco Umbrella Rank: 8305	14 KB
8	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 391 www.linkedin.com — Cisco Umbrella Rank: 643 px4.ads.linkedin.com — Cisco Umbrella Rank: 6482	4 KB
7	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 113 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 4788165.fls.doubleclick.net — Cisco Umbrella Rank: 467894 ad.doubleclick.net — Cisco Umbrella Rank: 149	8 KB
7	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2400 www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 122	1 KB
7	marketo.com app-abj.marketo.com — Cisco Umbrella Rank: 618461	139 KB
7	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 4734 buttons-config.sharethis.com — Cisco Umbrella Rank: 5372 l.sharethis.com — Cisco Umbrella Rank: 5050 platform-cdn.sharethis.com — Cisco Umbrella Rank: 10375	51 KB
5	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 9827	3 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3199	9 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 45	21 KB
4	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 3349	777 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 30170 ibc-flow.techtarget.com — Cisco Umbrella Rank: 26535	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 409	14 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 11323	721 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 191	71 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1036	16 KB
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 523	2 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 4365	6 KB
2	geoip-js.com geoip-js.com — Cisco Umbrella Rank: 19595	2 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 3250	3 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 52	209 KB
1	imgix.net driftt.imgix.net — Cisco Umbrella Rank: 19300	3 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 260	467 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 737	16 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 2227	301 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	185 B
1	mktoresp.com 309-rhv-619.mktoresp.com — Cisco Umbrella Rank: 462776	318 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 48	1 KB
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 22747	235 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 17900	279 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 141	20 KB
197	33

	Domain	Requested by
67	js.driftt.com	www.proofpoint.com js.driftt.com
32	www.proofpoint.com	www.proofpoint.com
8	b.6sc.co	www.proofpoint.com
7	app-abj.marketo.com	www.proofpoint.com app-abj.marketo.com
5	px.ads.linkedin.com	4 redirects snap.licdn.com
5	tracking.g2crowd.com	www.proofpoint.com
4	targeting.api.drift.com	js.driftt.com
4	platform-cdn.sharethis.com	www.proofpoint.com
4	tags.srv.stackadapt.com	www.proofpoint.com tags.srv.stackadapt.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	www.google.co.uk	www.proofpoint.com
3	www.google.com	www.proofpoint.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.proofpoint.com
3	region1.analytics.google.com	www.googletagmanager.com
2	event.api.drift.com	js.driftt.com
2	metrics.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	epsilon.6sense.com	j.6sc.co
2	4788165.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	px4.ads.linkedin.com	www.proofpoint.com 4788165.fls.doubleclick.net
2	connect.facebook.net	www.proofpoint.com connect.facebook.net
2	snap.licdn.com	www.proofpoint.com snap.licdn.com
2	secure.adnxs.com	2 redirects
2	googleads.g.doubleclick.net	www.googletagmanager.com www.googleadservices.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	geoip-js.com	www.proofpoint.com geoip-js.com
2	dev.visualwebsiteoptimizer.com	www.proofpoint.com
2	www.googletagmanager.com	www.proofpoint.com
1	driftt.imgix.net
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.proofpoint.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	ad.doubleclick.net	4788165.fls.doubleclick.net
1	adservice.google.com	4788165.fls.doubleclick.net
1	pixel.mathtag.com	4788165.fls.doubleclick.net
1	www.facebook.com	www.proofpoint.com
1	www.linkedin.com	1 redirects
1	309-rhv-619.mktoresp.com	munchkin.marketo.net
1	trk.techtarget.com	www.proofpoint.com
1	j.6sc.co	www.proofpoint.com
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	fonts.googleapis.com	www.proofpoint.com
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	www.googleadservices.com	www.proofpoint.com
1	platform-api.sharethis.com	www.proofpoint.com
197	50

This site contains links to these domains. Also see Links.

Domain
proofpointcommunities.force.com
digitalrisk.proofpoint.com
emaildefense.proofpoint.com
threatintel.proofpoint.com
us1.proofpointessentials.com
partners.proofpoint.com
ipcheck.proofpoint.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
proofpoint.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
sharethis.com Amazon RSA 2048 M02	`2023-05-20` - `2024-06-17`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-17` - `2024-05-16`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
app-abj.marketo.com Cloudflare Inc ECC CA-3	`2023-04-05` - `2024-04-04`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.google.co.uk GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-01-21` - `2024-06-27`	5 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
6sc.co R3	`2024-01-29` - `2024-04-28`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-11-24` - `2024-02-22`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2024-01-13` - `2024-04-12`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.mediamath.com R3	`2024-01-18` - `2024-04-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-01-15` - `2025-02-15`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2023 Q4	`2023-12-07` - `2025-01-07`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Frame ID: 2224611C25E730074C9E318F298DC83D
Requests: 111 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505
Frame ID: 1E623D218BA61B48AAF273D918B3C589
Requests: 5 HTTP requests in this frame

Frame: https://app-abj.marketo.com/index.php/form/XDFrame
Frame ID: D93709AE9F38ABD3D32FA4BE796332CD
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Frame ID: D3A17193FABEB19E1F4FAC10B9EDEDEB
Requests: 39 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
Frame ID: 3006AF272E30E07971E440569FE10BD0
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments | Proofpoint US

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

197
Requests

98 %
HTTPS

52 %
IPv6

33
Domains

50
Subdomains

43
IPs

4
Countries

2839 kB
Transfer

7356 kB
Size

47
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://proofpointcommunities.force.com/community/s/
Title: Support Log-in

Search URL Search Domain Scan URL

URL: https://digitalrisk.proofpoint.com/
Title: Digital Risk Portal

Search URL Search Domain Scan URL

URL: https://emaildefense.proofpoint.com/login.php
Title: Email Fraud Defense

Search URL Search Domain Scan URL

URL: https://threatintel.proofpoint.com/
Title: ET Intelligence

Search URL Search Domain Scan URL

URL: https://us1.proofpointessentials.com/app/login.php
Title: Proofpoint Essentials

Search URL Search Domain Scan URL

URL: https://proofpointcommunities.force.com/community
Title: Sendmail Support Log-in

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/
Title: Channel PartnersBecome a channel partner. Deliver Proofpoint solutions to your customers and grow your business.

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/prm/English/s/applicant
Title: Become a Channel Partner

Search URL Search Domain Scan URL

URL: https://ipcheck.proofpoint.com/
Title: IP Address Blocked?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/proofpoint
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/proofpoint
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/proofpoint
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=764013486038455188

Request Chain 72

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1707982183865%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fblog%252Fcloud-security%252Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&cookiesTest=true&liSync=true&e_ipv6=AQJJWSt4EYpZfAAAAY2rq-CwPPM2BPPTIF3sFV_ZnA1GD7RRKwr7UkuV76XKyMxU3Crs

Request Chain 88

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505 HTTP 302
https://4788165.fls.doubleclick.net/activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505

Request Chain 96

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQLvDDYnb_FvTwAAAY2rq-D2RgiurAmg0NMRvqoAjFWP_lcPvol3hJ_sbSAuA2MThtx-

197 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Show response
www.proofpoint.com/us/blog/cloud-security/ 98 KB
30 KB 761ms
196ms Document
text/html 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e53e2f2193fd46c5605f062d66c8b95c9d27069004aa61bae4b6badf29fdf52a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com .visualwebsiteoptimizer.com app.vwo.com .sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com ; img-src 'self' 'unsafe-inline' data: blob: .visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com ; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com .visualwebsiteoptimizer.com ; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

Cache-Control: max-age=2216, public
Content-Encoding: gzip
Content-Length: 27380
Content-Security-Policy: default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Content-Type: text/html; charset=UTF-8
Date: Thu, 15 Feb 2024 07:29:41 GMT
Etag: "1707877592-gzip"
Expires: Thu, 15 Feb 2024 08:06:37 GMT
Feature-Policy: geolocation 'self'
Last-Modified: Wed, 14 Feb 2024 02:26:32 GMT
Referrer-Policy: origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-CDN: Imperva
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Iinfo: 18-63542725-63509890 2CNN RT(1707982181908 195) q(0 0 0 1) r(0 0)
X-Imperva-Purge-Tags: fk0h,2171,rsmc,0plh,r6o8,li2r,ebfb,unor,vunp,snpj,jamf,p7tt,khv0,8qo7,eken,6bqn,bvs8,71bl,hv57,ph4j,ek18,c5fi,9a92,7nqj,oq55,89nv,9lcq,fj6k,shcs,8g9j,r1oq,kuit,tp2i,87nt,kj5r,fllv,l2u0,5cr3,80b8,us5v,vkkb,prna,j81r,9ql2
X-Permitted-Cross-Domain-Policies: none

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 291 KB
95 KB 149ms
58ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc63bcb27ddcc7db31dbeb560783e0296c166e400221a46c9916909d56ad2870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96804
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 15 Feb 2024 07:29:42 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 411 KB
114 KB 233ms
154ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0460f4d8d8a0638e4f4264ad779227be77b226d9065432aa1d11d2cf7d60a8b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116562
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 15 Feb 2024 07:29:42 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 6 KB
3 KB 104ms
33ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=767242&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&f=1&vn=1.3
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: glon1 /
Resource Hash: 2b307b3d001c465c6bb1f12248cfacb443861ef82e1ec5d1dabfc9b06ba72990

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:41 GMT
content-encoding: gzip
via: 1.1 google
server: glon1
etag: W/"1706003551_EA"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 18 KB
18 KB 564ms
190ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Origin: https://www.proofpoint.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "01c16c31"
X-Iinfo: 17-43775263-0 0CNN RT(1707982182674 187) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985545, public
x-incap-sess-cookie-hdr: MKGNEAf3CkMRgo/x1GHtWma9zWUAAAAAdnDAGYXXViW0yQLc/gf54w==
Content-Length: 18296
Expires: Mon, 26 Feb 2024 17:15:27 GMT

GET
H/1.1 200
OK RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 566ms
190ms Font
application/font-woff 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Origin: https://www.proofpoint.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 16 Jan 2024 23:57:49 GMT
X-CDN: Imperva
Etag: "39ed386e"
Content-Type: application/font-woff
X-Iinfo: 17-43775264-0 0CNN RT(1707982182676 188) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1159938, public
x-incap-sess-cookie-hdr: gFoxAlS9zxERgo/x1GHtWma9zWUAAAAAx1VbQ2hbGvuG2CQ2MJHncw==
Content-Length: 20951
Expires: Wed, 28 Feb 2024 17:42:00 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 20 KB
20 KB 568ms
191ms Font
application/font-woff 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Origin: https://www.proofpoint.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 16 Jan 2024 23:57:49 GMT
X-CDN: Imperva
Etag: "3a88d25f"
Content-Type: application/font-woff
X-Iinfo: 16-26038401-0 0CNN RT(1707982182676 190) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1159938, public
x-incap-sess-cookie-hdr: KFN1Y2EcbmARgo/x1GHtWma9zWUAAAAANjdR7eEUD45mUraV8AXoMQ==
Content-Length: 19954
Expires: Wed, 28 Feb 2024 17:42:00 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 16 KB
17 KB 570ms
193ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Origin: https://www.proofpoint.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "80852160"
X-Iinfo: 15-14896465-0 0CNN RT(1707982182676 190) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985544, public
x-incap-sess-cookie-hdr: kE5xd8mFZzMRgo/x1GHtWma9zWUAAAAAF2+tSuVouv2GuGEWied/gg==
Content-Length: 16540
Expires: Mon, 26 Feb 2024 17:15:26 GMT

GET
H/1.1 200
OK RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 574ms
193ms Font
application/font-woff 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Origin: https://www.proofpoint.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 16 Jan 2024 23:57:49 GMT
X-CDN: Imperva
Etag: "8df65834"
Content-Type: application/font-woff
X-Iinfo: 16-26038402-0 0CNN RT(1707982182680 191) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=982719, public
x-incap-sess-cookie-hdr: 0D86fNHc/C0Rgo/x1GHtWma9zWUAAAAAn+MIjEXzAqVCJSKeahPgiQ==
Content-Length: 21304
Expires: Mon, 26 Feb 2024 16:28:21 GMT

GET
H/1.1 200
OK css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
www.proofpoint.com/sites/default/files/css/ 25 KB
5 KB 194ms
193ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Mon, 18 Dec 2023 22:27:43 GMT
X-CDN: Imperva
Etag: "032a9b05"
Content-Type: text/css
X-Iinfo: 18-63542725-0 0CNN RT(1707982181908 582) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1047804, public
Content-Length: 4376
Expires: Tue, 27 Feb 2024 10:33:06 GMT

GET
H/1.1 200
OK css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
www.proofpoint.com/sites/default/files/css/ 148 KB
21 KB 388ms
193ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

37843bfca90789f7ef8311a8377c91a0199e47c4fa057a420df13880fa2b6914

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 19 Jan 2024 00:50:59 GMT
X-CDN: Imperva
Etag: "bb827876"
Content-Type: text/css
X-Iinfo: 18-63542725-63538598 2CNN RT(1707982181908 776) q(0 0 0 -1) r(0 0)
Cache-Control: max-age=1167781, public
Content-Length: 21084
Expires: Wed, 28 Feb 2024 19:52:43 GMT

GET
H/1.1 200
OK js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js Show response
www.proofpoint.com/sites/default/files/js/ 310 B
706 B 582ms
193ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Mon, 18 Dec 2023 22:27:44 GMT
X-CDN: Imperva
Etag: "2c787c81"
Content-Type: text/javascript
X-Iinfo: 18-63542725-0 0CNN RT(1707982181908 971) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1159938, public
Content-Length: 235
Expires: Wed, 28 Feb 2024 17:42:00 GMT

GET
H/1.1 200
OK modernizr.min.js Show response
www.proofpoint.com/core/assets/vendor/modernizr/ 7 KB
3 KB 775ms
191ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/assets/vendor/modernizr/modernizr.min.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:53:58 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 18-63542725-0 0CNN RT(1707982181908 1165) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=982718, public
Content-Length: 3090
Expires: Mon, 26 Feb 2024 16:28:21 GMT

GET
H/1.1 200
OK modernizr-additional-tests.js Show response
www.proofpoint.com/core/misc/ 2 KB
1 KB 942ms
192ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/misc/modernizr-additional-tests.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:53:58 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 17-43775263-0 0CNN RT(1707982182674 564) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1159937, public
Content-Length: 972
Expires: Wed, 28 Feb 2024 17:42:00 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 206 KB
46 KB 142ms
46ms Script
text/javascript 3.160.150.14

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.160.150.14 , United States, ASN (),

Reverse DNS

server-3-160-150-14.fra60.r.cloudfront.net

Software

Resource Hash

cf9e92205faeb2fc9929f8aaf67ee6fb15084be8994babd310cfa01d62e29e5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:22:40 GMT
content-encoding: gzip
via: 1.1 0f391c2597a5d33716c9422eacf66306.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P7
age: 422
etag: W/"3360d-7zvdaxLS2Lhi3Pty7QrCYymkuqI"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-id: -_PTqA0ct_BNPYSDZzQipUThuCO2snqjJaIx265wWAke6_XHY7ttjQ==

GET
H/1.1 200
OK logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 196ms
195ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:09 GMT
X-CDN: Imperva
Etag: "13fdd2ef"
Content-Type: image/svg+xml
X-Iinfo: 15-14896465-0 0CNN RT(1707982182676 568) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985545, public
Content-Length: 1124
Expires: Mon, 26 Feb 2024 17:15:28 GMT

GET
H/1.1 200
OK pfpt-sb-nav-promo-696x708.png.webp
www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/ 17 KB
18 KB 195ms
195ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/pfpt-sb-nav-promo-696x708.png.webp?itok=yaBL11K0

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

1cf21f57d161f8de548c33c5232d48fa022d3a594ce5ea0df88b48ffeab17525

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 27 Sep 2023 00:47:25 GMT
X-CDN: Imperva
Content-Type: image/png
X-Iinfo: 17-43775264-0 0CNN RT(1707982182676 568) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985546, public
Content-Length: 17908
Expires: Mon, 26 Feb 2024 17:15:29 GMT

GET
H/1.1 200
OK home.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 784 B
945 B 193ms
189ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/home.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "4c25cdee"
Content-Type: image/svg+xml
X-Iinfo: 17-43775263-0 0CNN RT(1707982182674 766) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985544, public
Content-Length: 477
Expires: Mon, 26 Feb 2024 17:15:27 GMT

GET
H/1.1 200
OK pfpt-op-blog-hero-collapse.png.webp
www.proofpoint.com/sites/default/files/styles/image_1920_750/public/blog-banners/ 44 KB
45 KB 197ms
193ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/image_1920_750/public/blog-banners/pfpt-op-blog-hero-collapse.png.webp?itok=YJG_86PQ

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

dc9c9c844ff6344c978ced69c04166f6f559b58d9e6fbe703be19e77d01c9e14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Feb 2024 15:47:09 GMT
X-CDN: Imperva
Content-Type: image/png
X-Iinfo: 18-63542725-0 0CNN RT(1707982181908 1534) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=971884, public
Content-Length: 45236
Expires: Mon, 26 Feb 2024 13:27:47 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 52 KB
20 KB 180ms
79ms Script
text/javascript 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

8b8081b98739029cfe72e50bef788cffa1e67e084164b7a1203363607066a06f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19562
x-xss-protection: 0
server: cafe
etag: 1978575504501337255
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 15 Feb 2024 07:29:43 GMT

GET
H/1.1 200
OK js_v_LrRW2ivD9vLndB5zPIeKiIMEiKE5MqNiM7iQgwkMA.js Show response
www.proofpoint.com/sites/default/files/js/ 172 KB
59 KB 197ms
193ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_v_LrRW2ivD9vLndB5zPIeKiIMEiKE5MqNiM7iQgwkMA.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

bff2eb456da2bc3f6f2e7741e733c878a88830488a13932a36233b89083090c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 09 Feb 2024 00:08:22 GMT
X-CDN: Imperva
Etag: "7cf2b831"
Content-Type: text/javascript
X-Iinfo: 16-26038402-0 0CNN RT(1707982182680 764) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=681001, public
Content-Length: 60048
Expires: Fri, 23 Feb 2024 04:39:44 GMT

GET
H2 200 geoip2.js Show response
geoip-js.com/js/apis/geoip2/v2.1/ 3 KB
2 KB 135ms
42ms Script
application/javascript 2606:4700:4400::6812:216e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:216e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 15 Feb 2024 07:22:20 GMT
server: cloudflare
age: 443
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 855bd766ffc73dac-LHR
expires: Thu, 15 Feb 2024 11:29:43 GMT

GET
H/1.1 200
OK js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js Show response
www.proofpoint.com/sites/default/files/js/ 9 KB
3 KB 194ms
190ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 22 Dec 2023 00:34:28 GMT
X-CDN: Imperva
Etag: "6e3ea0aa"
Content-Type: text/javascript
X-Iinfo: 16-26038401-0 0CNN RT(1707982182676 766) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1159937, public
Content-Length: 2188
Expires: Wed, 28 Feb 2024 17:42:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 144ms
43ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H/1.1 200
OK js_-goIfon2dn1zwLr-0rnJqjvqh_k_LUL6N6trljWlDf8.js Show response
www.proofpoint.com/sites/default/files/js/ 1 MB
452 KB 191ms
190ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_-goIfon2dn1zwLr-0rnJqjvqh_k_LUL6N6trljWlDf8.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fa0a087e89f6767d73c0bafed2b9c9aa3bea87f93f2d42fa37ab6b9635a50dff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 13 Feb 2024 23:33:17 GMT
X-CDN: Imperva
Etag: "9a857da2"
Content-Type: text/javascript
X-Iinfo: 15-14896465-0 0CNN RT(1707982182676 766) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1112897, public
Content-Length: 462363
Expires: Wed, 28 Feb 2024 04:38:00 GMT

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ 199 KB
67 KB 256ms
65ms Script
application/x-javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
cf-cache-status: HIT
age: 5475
etag: "2011e9-31ad2-60e27d4627680"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 855bd767a81d63b4-LHR
expires: Thu, 15 Feb 2024 11:29:43 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 109ms
36ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je42c0v890103917za200&_p=1707982182290&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=706208503.1707982183&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1707982182&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&dt=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1046
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 108ms
36ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B1V8SZE3GL&cid=706208503.1707982183&gtm=45je42c0v890103917za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
408 B 149ms
55ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B1V8SZE3GL&cid=706208503.1707982183&gtm=45je42c0v890103917za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&z=511639656

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
145 B 114ms
112ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=767242&d=proofpoint.com&u=DE34BE285ABB1C11E000622C2A48ED593&h=718d182cb267cbd665f706e8f1479ea3&t=false

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv2c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:42 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv2c
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 133ms
42ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 15 Feb 2024 05:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6094
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 15 Feb 2024 07:48:09 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 3 KB
2 KB 147ms
54ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1707982182596&cv=11&fst=1707982182596&bg=ffffff&guid=ON&async=1&gtm=45He42c0v76619393za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&hn=www.googleadservices.com&frm=0&tiba=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&npa=0&pscdl=noapi&auid=976191227.1707982183&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca28ac9e0b87c62c2b1411d5a27a058556e4da936c1aafe2cb356fe5f8d4c716

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1356
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 108ms
43ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 15 Feb 2024 07:29:42 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 69C7B7F50776496DA1A7FCCD60FEC4F0 Ref B: LON04EDGE0620 Ref C: 2024-02-15T07:29:43Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13175

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=764013486038455188

0
235 B

547ms
438ms

Image
application/json

2600:9000:2670:4a00:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=764013486038455188
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Protocol: H2
Server: 2600:9000:2670:4a00:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
via: 1.1 4e5a83b6aa19a0c9339b31bdad0aa0d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P9
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: e2BPED6NNjm9GPr3no6own4aa55_E6H7TyO7BkcM2R1HQKZIovm9rw==
content-length: 0
apigw-requestid: TKqIXh5WIAMEJWg=

Redirect headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:44 GMT
an-x-request-uuid: fc405541-c1e7-411f-9f8a-a60c21037c4c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=proofpoint.com&pId=764013486038455188
x-proxy-origin: 217.138.196.99; 217.138.196.99; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 63ms
37ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je42c0v890103917za200&_p=1707982182290&gcd=13l3l3l3l1&npa=0&dma=0&cid=706208503.1707982183&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1707982182&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&dt=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&en=scroll&epn.percent_scrolled=90&_et=4&tfd=1093
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 200ms
51ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2a193fa1b1801dcdddf024a250b04b496f5e36e4324a8de73948e6421ff5865

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 15 Feb 2024 07:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 15 Feb 2024 07:22:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 15 Feb 2024 07:29:43 GMT

GET
H2 200 6543fd1a2398960013d900a7.js Show response
buttons-config.sharethis.com/js/ 745 B
1 KB 519ms
418ms Script
text/javascript 2600:9000:2057:d800:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/6543fd1a2398960013d900a7.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2057:d800:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9c1b1066c42f920ce30aee11e0645fc48f66f13f828e31865b34abe54d6dd4e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 17 Nov 2023 07:10:02 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
x-amz-server-side-encryption: AES256
etag: "923a352055e8a91048dec7ed5b809c72"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 745
x-amz-cf-id: 95_2oZq8rtUnwsb95ok1HseubC7fRDcAKyC0l-pxeUnhLIwmljXUBg==

GET
H/1.1 200
OK nav-search-icon.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 251 B
668 B 363ms
190ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/nav-search-icon.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

46454a26b3142dec4540c21c9c156f2b3e570488667f1bbcf81854e27925f2a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:09 GMT
X-CDN: Imperva
Etag: "f9d15cf7"
Content-Type: image/svg+xml
X-Iinfo: 16-26038401-0 0CNN RT(1707982182676 960) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985545, public
Content-Length: 200
Expires: Mon, 26 Feb 2024 17:15:28 GMT

GET
H/1.1 200
OK header-search-submit.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 263 B
680 B 383ms
191ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-search-submit.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

479f333c6cdf10724e19b33079cab821bb37b0a463170ea9943dcbc0c6d9dc67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "74f89ce5"
Content-Type: image/svg+xml
X-Iinfo: 17-43775264-0 0CNN RT(1707982182676 980) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985546, public
Content-Length: 212
Expires: Mon, 26 Feb 2024 17:15:29 GMT

GET
H/1.1 200
OK header-language-selector.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 357ms
189ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-language-selector.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

d53ad65904b3e7c8a7dbf9479478e5c3f84ac198f1d81f3a97edd0e4af552e3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "42805225"
Content-Type: image/svg+xml
X-Iinfo: 17-43775263-43771715 2CNN RT(1707982182674 956) q(0 0 0 -1) r(0 0)
Cache-Control: max-age=985545, public
Content-Length: 1344
Expires: Mon, 26 Feb 2024 17:15:28 GMT

GET
H/1.1 200
OK ransomware-bg-img.png.webp
www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/ 2 KB
2 KB 367ms
194ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/ransomware-bg-img.png.webp?itok=FI5DSrca

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

029d219cdef5f07caa9c512aa1e804f9251cc8623c2461dd9c01cb680700da97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 27 Sep 2023 00:47:25 GMT
X-CDN: Imperva
Content-Type: image/png
X-Iinfo: 18-63542725-63509890 2CNN RT(1707982181908 1729) q(0 0 0 -1) r(0 0)
Cache-Control: max-age=985546, public
Content-Length: 1624
Expires: Mon, 26 Feb 2024 17:15:29 GMT

GET
H/1.1 200
OK block-subscribe-button-addthis.webp
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 2 KB
2 KB 191ms
190ms Image
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/block-subscribe-button-addthis.webp

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

5f3083b731588016304b0ac105b66985b8ffc9d2c7a2e627f0435da5e86a4648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 30 Jan 2024 23:54:01 GMT
X-CDN: Imperva
Etag: "81ec458f"
X-Iinfo: 17-43775264-0 0CNN RT(1707982182676 788) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=14841, public
Content-Length: 1656
Expires: Thu, 15 Feb 2024 11:37:04 GMT

GET
H/1.1 200
OK marketo-form-spinner.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
881 B 200ms
200ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/marketo-form-spinner.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

5680e67bec883a7cc47635705afdaa0d28ad681a1bec515983784fe6c002356b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:09 GMT
X-CDN: Imperva
Etag: "d85f1d02"
Content-Type: image/svg+xml
X-Iinfo: 16-26038402-26035617 2CNN RT(1707982182680 1147) q(0 0 0 -1) r(0 0)
Cache-Control: max-age=985546, public
Content-Length: 408
Expires: Mon, 26 Feb 2024 17:15:29 GMT

GET
H/1.1 200
OK footer-logo.webp
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 22 KB
22 KB 195ms
194ms Image
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/footer-logo.webp

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

2fdb22da214a2f7bcfb7d56f8abbdca611c002e04b290aff79caa93d4aaa76f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "309d9079"
X-Iinfo: 16-26038401-0 0CNN RT(1707982182676 1156) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985547, public
Content-Length: 22268
Expires: Mon, 26 Feb 2024 17:15:30 GMT

GET
H/1.1 200
OK twitter-x.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 674 B
934 B 196ms
195ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/twitter-x.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

637bd059ef7a81089f0b6111be2ed656ca25fdf9200af682a3154a4ab5eab498

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:10 GMT
X-CDN: Imperva
Etag: "2420fbc3"
Content-Type: image/svg+xml
X-Iinfo: 18-63542725-0 0CNN RT(1707982181908 1930) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985547, public
Content-Length: 465
Expires: Mon, 26 Feb 2024 17:15:30 GMT

GET
H/1.1 200
OK regions.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 190ms
190ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/regions.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:10 GMT
X-CDN: Imperva
Etag: "6222cb97"
Content-Type: image/svg+xml
X-Iinfo: 17-43775264-0 0CNN RT(1707982182676 1250) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985547, public
Content-Length: 1355
Expires: Mon, 26 Feb 2024 17:15:30 GMT

GET
H/1.1 200
OK Screenshot%202024-02-07%20at%207.49.41%20AM.png
www.proofpoint.com/sites/default/files/inline-images/ 463 KB
463 KB 192ms
190ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screenshot%202024-02-07%20at%207.49.41%20AM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6df289b07c096cf9729c4ef06c3a14ad5de690f30e34f3a83928945cf8002d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Feb 2024 15:49:57 GMT
X-CDN: Imperva
Etag: "fb1461f0"
Content-Type: image/png
X-Iinfo: 17-43775263-0 0CNN RT(1707982182674 1353) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=971886, public
Content-Length: 474041
Expires: Mon, 26 Feb 2024 13:27:50 GMT

GET
H/1.1 200
OK Screenshot%202024-02-07%20at%207.50.34%20AM.png
www.proofpoint.com/sites/default/files/inline-images/ 181 KB
181 KB 193ms
192ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screenshot%202024-02-07%20at%207.50.34%20AM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aabc152127fc44c50240bee0e3eb8f9b697be4cb9e9987fb5924655dfedf4ada

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Feb 2024 15:50:47 GMT
X-CDN: Imperva
Etag: "a8ffdda2"
Content-Type: image/png
X-Iinfo: 16-26038402-0 0CNN RT(1707982182680 1349) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=974723, public
Content-Length: 185171
Expires: Mon, 26 Feb 2024 14:15:07 GMT

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
405 B 193ms
45ms XHR
text/plain 3.66.124.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=www.proofpoint.com&location=%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&product=inline-share-buttons&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&source=platform&fcmp=false&fcmpv2=false&has_segmentio=false&title=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&cms=unknown&publisher=6543fd1a2398960013d900a7&sop=true&version=st_sop.js&lang=en&description=Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...&ua=&ua_mobile=false&ua_full_version_list=&uuid=5d380944-b1fb-419c-acc2-394da77e77e8

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.66.124.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-66-124-228.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://www.proofpoint.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 204 17087961.js Show response
bat.bing.com/p/action/ 0
118 B 42ms
42ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17087961.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 15 Feb 2024 07:29:42 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DF7D9906E04E4035A333DBF1B9E6C906 Ref B: LON04EDGE0620 Ref C: 2024-02-15T07:29:43Z
x-cache: CONFIG_NOCACHE

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 43ms
43ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:43 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Sat, 25 May 2024 07:29:43 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 49ms
48ms XHR
text/plain 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=319333842&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&ul=en-us&de=UTF-8&dt=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAEK~&jid=1436414921&gjid=1150759683&cid=706208503.1707982183&tid=UA-2257074-1&_gid=747894658.1707982184&_r=1&_slc=1&gtm=45He42c0n81MGR7P8Xv76619393za200&gcd=13l3l3l3l1&dma=0&cd19=706208503.1707982183&z=965779193

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
455 B 148ms
54ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1707982182596&cv=11&fst=1707980400000&bg=ffffff&guid=ON&async=1&gtm=45He42c0v76619393za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&frm=0&tiba=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&npa=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_R9vnqLlNm8ZH3NwS2FLa5oZKvwkGkw&random=3426695787&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/950296937/ 42 B
154 B 59ms
59ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/950296937/?random=1707982182596&cv=11&fst=1707980400000&bg=ffffff&guid=ON&async=1&gtm=45He42c0v76619393za200&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&frm=0&tiba=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&npa=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_R9vnqLlNm8ZH3NwS2FLa5oZKvwkGkw&random=3426695787&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
17 KB 168ms
42ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 20 Dec 2023 22:26:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65836a29-fee9"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17567
expires: Thu, 15 Feb 2024 07:29:43 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
885 B 150ms
50ms Script
application/javascript 2a02:26f0:3500:16::215:1499
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1499 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

41b98c57dbe2a6c7a9e86497f1ffcf4ca102e86480be8cef7272a55855324355

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 623
date: Thu, 15 Feb 2024 07:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 14 Feb 2024 10:51:32 GMT
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=12465
accept-ranges: bytes
content-length: 624

GET
H2 200 1594.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
423 B 196ms
131ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: ae9142e4-28eb-47e7-a8af-ffd770c6e5ff
x-runtime: 0.003656
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 855bd7680c98637d-LHR

GET
H2 200 1644.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 193ms
128ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: ec39f2ec-eec1-4860-8fd0-30911f686611
x-runtime: 0.003755
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 855bd7680c95637d-LHR

GET
H2 200 1645.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
421 B 142ms
140ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 83e719c3-8751-4bb4-9746-88e5edfce543
x-runtime: 0.006826
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 855bd7684cef637d-LHR

GET
H2 200 1646.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
415 B 139ms
138ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 3c4f3811-e58e-45c3-8228-f22130db40d8
x-runtime: 0.005541
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 855bd7684cf2637d-LHR

GET
H2 200 1647.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
416 B 131ms
130ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: c34d0f11-2887-4032-bedf-f543f6583aa0
x-runtime: 0.003422
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 855bd7684cf3637d-LHR

GET
H2 200 5dfsgn7m2kst.js Show response
js.driftt.com/include/1707982200000/ 220 KB
62 KB 294ms
160ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1707982200000/5dfsgn7m2kst.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2632767b652b8d6e0a9bba35dd89cb580138cc604b6a862f21eec1cfa7ea6096

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id: 2Qzyvvg2UEHqxahFJMSD._DW2lRGhsFo
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Thu, 15 Feb 2024 07:29:43 GMT
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 30
last-modified: Fri, 09 Feb 2024 18:16:45 GMT
server: istio-envoy
etag: W/"c2a259489fb8e8e1bb4959cc8713bd5b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zlfTrKpeisn_f-D_--XbsCGlj091WCkDbFJQzQ8jjdzDOZkJWlHDug==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 214 KB
58 KB 124ms
42ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 15 Feb 2024 07:29:43 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57257
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: Dyw1RiBwsR7gYfARnMd+XbZWbB3saptJUGmblJkafbb4LHQfN6My/k/bUWOahCU8O5J5V3eiopZGM5qd/oxuSg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 146ms
57ms Script
text/javascript 2606:4700:4400::6812:24c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:24c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 1645
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 855bd7691a306331-LHR
expires: Thu, 15 Feb 2024 07:49:43 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 260ms
136ms Script
text/javascript 35.157.194.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.194.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-194-178.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 719346ec0aeaad194faaaa84772c53819fc99ddde239727e580847202fde5b68

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 15 Feb 2024 07:29:44 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 3 KB
2 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1707982183611&cv=9&fst=1707982183611&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&tiba=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da4244947ac210e9a7bf2720d0f264b562ba561235f9afe0981cedb815579b6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1418
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK visitWebPage
309-rhv-619.mktoresp.com/webevents/ 2 B
318 B 720ms
112ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1707982183617&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1707982183616-65887&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:44 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 360d7a78-39f3-4127-b310-a892aefd1e8d

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 7 B
154 B 37ms
36ms XHR
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2257074-1&cid=706208503.1707982183&jid=1436414921&gjid=1150759683&_gid=747894658.1707982184&_u=YADAAEAAAAAAACAEK~&z=1372197505

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 15 Feb 2024 07:29:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 56ms
56ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2257074-1&cid=706208503.1707982183&jid=1436414921&_u=YADAAEAAAAAAACAEK~&z=41982512

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.uk/ads/ 42 B
107 B 55ms
55ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2257074-1&cid=706208503.1707982183&jid=1436414921&_u=YADAAEAAAAAAACAEK~&z=41982512

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
108 B 60ms
60ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1707982183611&cv=9&fst=1707980400000&num=1&guid=ON&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&tiba=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_f-MksiPOU7u2sxdF6Ivy1ioTBdbwyAt_65avu5cWB42Xw8z3&random=3501869464&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.uk/pagead/1p-user-list/950296937/ 42 B
108 B 55ms
55ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/pagead/1p-user-list/950296937/?random=1707982183611&cv=9&fst=1707980400000&num=1&guid=ON&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&tiba=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_f-MksiPOU7u2sxdF6Ivy1ioTBdbwyAt_65avu5cWB42Xw8z3&random=3501869464&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 43 KB
16 KB 45ms
45ms Script
application/javascript 2a02:26f0:3500:16::215:1499
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1499 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 622
date: Thu, 15 Feb 2024 07:29:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 14 Feb 2024 10:51:31 GMT
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=12509
accept-ranges: bytes
content-length: 15732

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-maliciou...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-maliciou...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1707982183865%26url%3Dhttps%253A%252F%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-maliciou...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicio...

0
265 B

260ms
196ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&cookiesTest=true&liSync=true&e_ipv6=AQJJWSt4EYpZfAAAAY2rq-CwPPM2BPPTIF3sFV_ZnA1GD7RRKwr7UkuV76XKyMxU3Crs
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 4D20D69ECB21441F9D1FAEB21A67A0C3 Ref B: LTSEDGE1417 Ref C: 2024-02-15T07:29:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYRZpdpi+IdSrqOfFm8bw==

Redirect headers

date: Thu, 15 Feb 2024 07:29:44 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A8D05DEEA2C947A1A136118CA8372DE8 Ref B: LON04EDGE0714 Ref C: 2024-02-15T07:29:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1707982183865&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&cookiesTest=true&liSync=true&e_ipv6=AQJJWSt4EYpZfAAAAY2rq-CwPPM2BPPTIF3sFV_ZnA1GD7RRKwr7UkuV76XKyMxU3Crs
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYRZpdllqqXk+tEltpB2Q==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
622 B 307ms
248ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 15 Feb 2024 07:29:43 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 8A00A1E805DF4B05B755366C03AECC2C Ref B: LON04EDGE0714 Ref C: 2024-02-15T07:29:43Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.proofpoint.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYRZpddPRp406b9vGQCDw==

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
441 B 131ms
131ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1707982183904&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1268939
Referer: https://www.proofpoint.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPoLJ-DZvXrd6TLYQqCOpD6Ou4Yw5UT80XIFW_qqPRedU3oa8C04SsvRYbxjHWZJGa-7oA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Thu, 15 Feb 2024 08:29:44 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 258ms
121ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1707982183904&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 15 Feb 2024 07:29:44 GMT
expires: Thu, 15 Feb 2024 07:29:44 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ABPtcPr5FWWiGd-0rXcubXZjqzgwGypztfJYktFC40lfl4J0qZmj5xxdPkAQxBAN0HpE9wz1qr4

GET
H2 200 143852102935619 Show response
connect.facebook.net/signals/config/ 62 KB
13 KB 168ms
167ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/143852102935619?v=2.9.147&r=stable&domain=www.proofpoint.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

037bd3254471a8df28fa54512d91bc91c42f382511446c26e52d22017598796e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 15 Feb 2024 07:29:44 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: 0YoolRYpUIE4KQGz1RgMIei71wxrf6ni3KxtWe7kgigBoqdgb23ucFqNSFRrMHOc4EBWCv2zsfh9w5OKL97EHw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 150ms
51ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=143852102935619&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&rl=&if=false&ts=1707982184206&sw=1600&sh=1200&v=2.9.147&r=stable&ec=0&o=4126&fbp=fb.1.1707982184204.1527530445&cs_est=true&ler=empty&cdl=API_unavailable&it=1707982184018&coo=false&exp=e1&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 15 Feb 2024 07:29:44 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 me Show response
geoip-js.com/geoip/v2.1/country/ 687 B
887 B 108ms
44ms XHR
application/vnd.maxmind.com-country+json 2606:4700:4400::6812:216e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com

Requested by

Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:216e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a496d00c01045833797708c865613a4a4be23f15f3d3a8dcdf6be8fedbe6b13b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 855bd76c1959dc53-LHR
content-length: 687

GET
H/1.1 200
OK header-email.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 951 B
987 B 193ms
192ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-email.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "81ce57ee"
Content-Type: image/svg+xml
X-Iinfo: 15-14896465-14877695 2CNN RT(1707982182676 1612) q(0 0 0 -1) r(0 0)
Cache-Control: max-age=985546, public
Content-Length: 514
Expires: Mon, 26 Feb 2024 17:15:30 GMT

GET
H/1.1 200
OK header-shield.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 298 B
677 B 192ms
191ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-shield.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "1eb00a79"
Content-Type: image/svg+xml
X-Iinfo: 17-43775264-43771715 2CNN RT(1707982182676 1612) q(0 0 0 -1) r(0 0)
Cache-Control: max-age=985546, public
Content-Length: 204
Expires: Mon, 26 Feb 2024 17:15:30 GMT

GET
H/1.1 200
OK header-security.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 934 B
909 B 207ms
206ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-security.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 07:29:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "3296a54b"
Content-Type: image/svg+xml
X-Iinfo: 18-63542725-63538598 2CNN RT(1707982181908 2388) q(0 0 0 -1) r(1 1)
Cache-Control: max-age=985546, public
Content-Length: 436
Expires: Mon, 26 Feb 2024 17:15:30 GMT

GET
H2 200 getForm Show response
app-abj.marketo.com/index.php/form/ 6 KB
2 KB 103ms
103ms Script
application/javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app-abj.marketo.com/index.php/form/getForm?munchkinId=309-RHV-619&form=19277&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&callback=jQuery37106960475827848311_1707982184252&_=1707982184253
Requested by: Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d366b94ee3f0e5ea160fd99ba064d93d5a628a7eb0f53351f085753a478ac76

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 855bd76bcb8863b4-LHR
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
742 B 423ms
44ms Image
image/svg+xml 2600:9000:2156:ee00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/facebook.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:ee00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 01:42:29 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA50-C1
age: 1057636
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 301
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
etag: "c6e9be45643e197ce1db1d7e24a99adc"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
x-amz-cf-id: hD75GoZIsC__4ZyOae0Hnj7M3TI2ux6lnG7TKzo8CB6NI76VVKQR6Q==

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 368 B
780 B 419ms
41ms Image
image/svg+xml 2600:9000:2156:ee00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/twitter.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:ee00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

76ffdc5337cd5a509f15d70767b85a793aead82975d0d86912e1607e963c9aed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:25:11 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 15 Sep 2023 16:58:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 274
x-amz-server-side-encryption: AES256
etag: "2deb3d5121d475d195577a70b0a91a0c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 368
x-amz-cf-id: RX3UxBO3o1Z30IJRRyjEJnzWCEDHxpSXUp9aU8DRMc-FkRASasxC-g==

GET
H2 200 linkedin.svg
platform-cdn.sharethis.com/img/ 456 B
898 B 421ms
43ms Image
image/svg+xml 2600:9000:2156:ee00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/linkedin.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:ee00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

cb8c2b19fd9b56c41db14bd71b5c0616c1ba4e99b08c8e75084cf695f74b7120

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 16:46:48 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA50-C1
age: 139376
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 456
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
etag: "fa43b4ede18498b114fc7185993f6da7"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
x-amz-cf-id: 0nRepcZuZcuygJWloignER2c_Up7N_qVEbq_2WyfMEfXzSfIDIrw-g==

GET
H2 200 email.svg
platform-cdn.sharethis.com/img/ 343 B
786 B 421ms
43ms Image
image/svg+xml 2600:9000:2156:ee00:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/email.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:ee00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 08:14:41 GMT
via: 1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA50-C1
age: 1034104
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 343
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
etag: "5977437466e857c7ddcadda6f6d88c2a"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
x-amz-cf-id: FvVzVp2o5MpdXI--OFBFcR7b5HVvoqYqQ85YONjtKAQnPbzQZvSYlA==

GET
H2 204 0
bat.bing.com/action/ 0
286 B 44ms
44ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17087961&tm=gtm002&Ver=2&mid=a2bdfa8d-9e14-4d57-8209-002c9fa21f95&sid=fd46b430cbd311ee85e26dbbfaedb0c4&vid=fd46dae0cbd311eebe5d25a5858a8680&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&r=&lt=2772&evt=pageLoad&sv=1&rn=867871

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 15 Feb 2024 07:29:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B25776959762454598B25A22B360213A Ref B: LON04EDGE0620 Ref C: 2024-02-15T07:29:44Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505 Show response
4788165.fls.doubleclick.net/ Frame 1E62
Redirect Chain

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505?
https://4788165.fls.doubleclick.net/activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505?

2 KB
1 KB

85ms
85ms

Document
text/html

142.250.186.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4788165.fls.doubleclick.net/activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f6.1e100.net

Software

cafe /

Resource Hash

c2c103d87990d1a8b2a68a77d5008f8d272096c78d4eae48371629ec50118932

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1111
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 07:29:44 GMT
expires: Thu, 15 Feb 2024 07:29:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 15 Feb 2024 07:29:44 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 135ms
134ms Stylesheet
text/css 35.157.194.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.194.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-194-178.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: a740e8f24aeb94cab9c6685fce8b413f401d47b534ab58759bf20703442a421d

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 15 Feb 2024 07:29:44 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 221ms
134ms Fetch
image/jpeg 35.157.194.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.194.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-194-178.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 15 Feb 2024 07:29:44 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
BLOB 200
OK b8da42b7-c704-4514-8c0f-29cfc82c1108
https://www.proofpoint.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.proofpoint.com/b8da42b7-c704-4514-8c0f-29cfc82c1108
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 forms2.css
app-abj.marketo.com/js/forms2/css/ 13 KB
3 KB 75ms
74ms Stylesheet
text/css 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
age: 2081
etag: "2c09c5-3437-60e27d4627680"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 855bd76c6c0163b4-LHR
content-length: 2623
expires: Thu, 15 Feb 2024 11:29:44 GMT

GET
H2 200 forms2-theme-plain.css
app-abj.marketo.com/js/forms2/css/ 828 B
371 B 63ms
62ms Stylesheet
text/css 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 2081
content-length: 246
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
etag: "1e1d62-33c-60e27d4627680"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 855bd76c6c0263b4-LHR
expires: Thu, 15 Feb 2024 11:29:44 GMT

GET
H2 200 getKnownLead Show response
app-abj.marketo.com/index.php/form/ 48 B
256 B 465ms
465ms Script
application/javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/getKnownLead?form=19277&lpId=&munchkinId=309-RHV-619&filledFields=true&_mkt_trk=id%3A309-RHV-619%26token%3A_mch-proofpoint.com-1707982183616-65887&callback=jQuery37106960475827848311_1707982184252&_=1707982184254

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb6a603e893862c0b194cd1a0644c488408d801de2d9f6247499d7cce62f866d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
server: cloudflare
content-type: application/javascript; charset=utf-8
cf-ray: 855bd76c6c0363b4-LHR

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 185 B
381 B 134ms
134ms XHR
text/plain 35.157.194.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=dG-GbvdPxi8YOQyjVLjRlg&is_js=true&landing_url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&t=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&tip=gF-8VZUTqeXw1DYyk18HzHqzVvZ8d8kmVJzTLOSHxJk&host=https%3A%2F%2Fwww.proofpoint.com&sa_conv_data_css_value=%270-4efa4228-90c1-5536-73af-7b0e3c0b16ec%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd94efa422890c1553673af7b0e3c0b16ecd98ac463&sa-user-id-v3=s%253AAQAKIAimGv-wbccxevJtrIDTqDqCwQd6NJtujQHq5AnpDxxOEHwYBCDo-rauBjABOgTBqNnoQgRGfZpD.MjGeNOsLuZF3TtfAezS1TTj4dgqb0k5J9qabmefK32E&sa-user-id-v2=s%253ATvpCKJDBVTZzr3sOPAsW7NmKxGM.Sf%252BrsOEVI8HAslzyCpT6RztlAUp9NYmDgZJ20X4e6GQ&sa-user-id=s%253A0-4efa4228-90c1-5536-73af-7b0e3c0b16ec.YgYbtS1GsF0HXq3N1B9x3ft5CTAJ307LuxTswyPQNAI
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.157.194.178 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-194-178.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 00a028b6540a3f5309fccc8c5c6d5d5e1da884807e21931d907f29f7247ea734

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-origin: https://www.proofpoint.com
date: Thu, 15 Feb 2024 07:29:44 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 185
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2

200

collect
px4.ads.linkedin.com/ Frame 1E62
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQLvDDYnb_FvTwAAAY2rq-D2RgiurAmg0NMRvqoAjFWP_lcPvol3hJ_sbSAuA2MThtx-

43 B
247 B

191ms
191ms

Image
image/gif

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQLvDDYnb_FvTwAAAY2rq-D2RgiurAmg0NMRvqoAjFWP_lcPvol3hJ_sbSAuA2MThtx-
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505?
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:44 GMT
content-encoding: gzip
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A1874DF498AC4F758252FD376E9AFD3A Ref B: LTSEDGE1417 Ref C: 2024-02-15T07:29:44Z
linkedin-action: 1
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
content-type: image/gif
x-li-proto: http/2
content-length: 65
x-li-uuid: AAYRZpdpkWTz1ZWvmq1GWA==

Redirect headers

date: Thu, 15 Feb 2024 07:29:44 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1B62F86E6A544C13A6BCECF648C28BA4 Ref B: LON04EDGE0714 Ref C: 2024-02-15T07:29:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQLvDDYnb_FvTwAAAY2rq-D2RgiurAmg0NMRvqoAjFWP_lcPvol3hJ_sbSAuA2MThtx-
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYRZpdmqaFHkrOI2eGK1A==

GET
H2 200 img
pixel.mathtag.com/event/ Frame 1E62 0
301 B 186ms
119ms Image
image/gif 151.101.193.91
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1442966&mt_adid=226348&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=&ord=96246486
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: MT3 1487 7fd7a36 master ord ord-pixel-x18 config_version:"3305" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-cache-hits: 0
date: Thu, 15 Feb 2024 07:29:44 GMT
via: 1.1 varnish
expires: Thu, 15 Feb 2024 07:29:43 GMT
server: MT3 1487 7fd7a36 master ord ord-pixel-x18 config_version:"3305"
age: 0
x-timer: S1707982185.678419,VS0,VE89
x-cache: MISS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-served-by: cache-lcy-eglc8600055-LCY

GET
H2 200 dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505
adservice.google.com/ddm/fls/z/ Frame 1E62 42 B
401 B 169ms
78ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505

Requested by

Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNuYjbvprIQDFSZOHgId7y8OzQ;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=4161054100938.7505?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDQ3ODgxNjUKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3Byb29mcG9pbnQuY29tIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogQ09OVkVSU0lPTgpkZWJ1Z19r...
ad.doubleclick.net/ddm/activity/ Frame 1E62 0
2 KB 182ms
74ms Image
image/png 172.217.16.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDQ3ODgxNjUKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3Byb29mcG9pbnQuY29tIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogQ09OVkVSU0lPTgpkZWJ1Z19rZXk6IDQyMDU5MDE3ODEyMjQzNjAzNzUKY3RjX2NvbnZlcnNpb25fYnVja2V0OiA3CmFyY2hldHlwZV9pZDogMQphcmNoZXR5cGVfaWQ6IDMKYXJjaGV0eXBlX2lkOiA0CmFyY2hldHlwZV9pZDogNQphcmNoZXR5cGVfaWQ6IDYKYXJjaGV0eXBlX2lkOiA3CmFyY2hldHlwZV9pZDogOAphcmNoZXR5cGVfaWQ6IDkKYXJjaGV0eXBlX2lkOiAxMAphcmNoZXR5cGVfaWQ6IDExCmFyY2hldHlwZV9pZDogMTIKYXJjaGV0eXBlX2lkOiAxMwphcmNoZXR5cGVfaWQ6IDE0CmFyY2hldHlwZV9pZDogMTUKYXJjaGV0eXBlX2lkOiAxNgphcmNoZXR5cGVfaWQ6IDE3CmFyY2hldHlwZV9pZDogMTgKYXJjaGV0eXBlX2lkOiAxOQphcmNoZXR5cGVfaWQ6IDIwCmFyY2hldHlwZV9pZDogMjEKY29udmVyc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogQ09OVkVSU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9BQ1RJVklUWV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogODg4ODA1NQogIH0KfQpjb252ZXJzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBDT05WRVJTSU9OX0RJTUVOU0lPTl9DT05WRVJTSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0wMi0xNSIKICB9Cn0KYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDU3MDQyNTM0NApnY2xpZDogIiIKdHJpZ2dlcl9kZWR1cGxpY2F0aW9uX2tleTogMTgwMzA2MjA5MjYzODg2NjcxOAo

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f198.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:44 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"1803062092638866718"}],"aggregatable_trigger_data":[{"filters":{"14":["8888055"]},"key_piece":"0xdc143685fc953a6","source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"key_piece":"0xd3e955d828a8501c","not_filters":{"14":["8888055"]},"source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"filters":{"14":["8888055"]},"key_piece":"0x507c386f48ec47e3","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0x12aaced21f28eac4","not_filters":{"14":["8888055"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"1":327,"10":327,"11":5570,"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"3":327,"4":327,"5":5570,"6":327,"7":327,"8":5570,"9":327},"debug_key":"4205901781224360375","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"1803062092638866718","filters":{"14":["8888055"],"source_type":["event"]},"priority":"10","trigger_data":"1"},{"deduplication_key":"1803062092638866718","filters":{"14":["8888055"],"source_type":["navigation"]},"priority":"10","trigger_data":"6"},{"deduplication_key":"1803062092638866718","filters":{"source_type":["event"]},"priority":"0","trigger_data":"0"},{"deduplication_key":"1803062092638866718","filters":{"source_type":["navigation"]},"priority":"0","trigger_data":"7"}],"filters":{"8":["4788165"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 XDFrame Show response
app-abj.marketo.com/index.php/form/ Frame D937 2 KB
885 B 366ms
366ms Document
text/html 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/XDFrame

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 855bd76f7e0b63b4-LHR
content-encoding: gzip
content-length: 650
content-type: text/html; charset=utf-8
date: Thu, 15 Feb 2024 07:29:45 GMT
server: cloudflare
strict-transport-security: max-age=63113904
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ Frame D937 199 KB
66 KB 59ms
58ms Script
application/x-javascript 104.16.92.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.92.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://app-abj.marketo.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
cf-cache-status: HIT
age: 5477
etag: "2011e9-31ad2-60e27d4627680"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 855bd771cf9f63b4-LHR
expires: Thu, 15 Feb 2024 11:29:45 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 80ms
79ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:45 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 17 B
304 B 168ms
43ms XHR
text/html 2a02:26f0:ab00::214:8e41
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::214:8e41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 716a853225f7a19ddb9b47d7764d5396ae7c91288352c7e2ddbceaebdf2b179c

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:45 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:21:e::11
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1707982185367_34901565_6080578_23_834_40_83_219";dur=1
content-length: 17
expires: Thu, 15 Feb 2024 07:29:45 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 260ms
259ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=69ff33fa-7167-44cf-8073-70e4f6113b19&session=c243ad5b-cb48-443b-8a52-7ea1156d8012&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A43%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&pageViewId=f43fd0e0-8b2e-4ed2-8f75-d15994a5f224&v=1.1.14

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 258ms
258ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=69ff33fa-7167-44cf-8073-70e4f6113b19&session=c243ad5b-cb48-443b-8a52-7ea1156d8012&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2015%20Feb%202024%2007%3A29%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2276d4adecd2340b300ba5d4296ecef89d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2015%20Feb%202024%2007%3A29%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2015%20Feb%202024%2007%3A29%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22cf897ce61a58c53c1861f742ebebc2622f6b0fcf%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2015%20Feb%202024%2007%3A29%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2015%20Feb%202024%2007%3A29%3A43%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&pageViewId=f43fd0e0-8b2e-4ed2-8f75-d15994a5f224&v=1.1.14

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame D3A1 2 KB
1 KB 146ms
146ms Document
text/html 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1707982200000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8912e42fc410c1e5bb6e04f4e0a8f1866487446cf71653c511dab44ab077214a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 15 Feb 2024 07:29:45 GMT
etag: W/"482adde291895ad7be66f439d8f9a745"
last-modified: Fri, 09 Feb 2024 18:16:23 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-id: PxnuTJqSKsyrhmGKokTAzrgfBD7cTP3II0i6_Vi5xdEBc3DxspE85w==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: N8KFPPqj1r4PtrdNjDXwDHEiRrqOp3.N
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 3006 2 KB
1 KB 144ms
144ms Document
text/html 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1707982200000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8912e42fc410c1e5bb6e04f4e0a8f1866487446cf71653c511dab44ab077214a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 15 Feb 2024 07:29:45 GMT
etag: W/"482adde291895ad7be66f439d8f9a745"
last-modified: Fri, 09 Feb 2024 18:16:23 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-id: g1qUA9ERbrCswfsIdZsSFBM8zhnuNISn1E-aZJzy4ruR8Mp64w6hZg==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: N8KFPPqj1r4PtrdNjDXwDHEiRrqOp3.N
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 nr-rum-1.252.0.min.js Show response
js-agent.newrelic.com/ 45 KB
16 KB 100ms
30ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.252.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.proofpoint.com/
Origin: https://www.proofpoint.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id: MnZvesGWBG.EVnzUmRfpgushluAYDfro
content-encoding: br
via: 1.1 varnish
date: Thu, 15 Feb 2024 07:29:45 GMT
strict-transport-security: max-age=300
x-amz-request-id: ZJ7HP825XK5B27TX
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15806
x-amz-id-2: MhYkPWkDoDerEvQcYSxnuo6uQBdSaJGbJ49exU/oqNzyaoydHIb2wpbAjgpKEuv0rRTvCXNkE/s=
x-served-by: cache-lcy-eglc8600064-LCY
last-modified: Tue, 13 Feb 2024 00:41:07 GMT
server: AmazonS3
x-timer: S1707982185.403819,VS0,VE0
etag: "2c25d4506676f166485b739ec4e56a2e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 54315

POST
H/1.1 200
OK 0ae22ad83e Show response
bam.nr-data.net/1/ 40 B
467 B 403ms
262ms XHR
text/plain 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/0ae22ad83e?a=573869349&v=1.252.0&to=bgQBYERQXBBWVBFbDldOIldCWF0NGEcEVQRmAgJXXlQ%3D&rst=3926&ck=0&s=6c4bda5e3a77bc10&ref=https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&hr=0&qt=11&ap=32&be=760&fe=3051&dc=2012&at=QkMWFgxKT08VVkcIGkQc&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1707982181514,%22n%22:0,%22dn%22:182,%22dne%22:182,%22c%22:182,%22s%22:372,%22ce%22:565,%22rq%22:565,%22rp%22:761,%22rpe%22:953,%22di%22:2743,%22ds%22:2743,%22de%22:2772,%22dc%22:3797,%22l%22:3808,%22le%22:3811%7D,%22navigation%22:%7B%7D%7D&fp=1948&fcp=1948
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.252.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a

Request headers

Referer: https://www.proofpoint.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
content-type: text/plain

Response headers

Date: Thu, 15 Feb 2024 07:29:45 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.proofpoint.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 855bd773faf123ad-LHR
Content-Length: 40

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 163ms
50ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.proofpoint.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Thu, 15 Feb 2024 07:29:45 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 4056363624323503618

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 749 B
721 B 143ms
55ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 1264087bbd4672bbcea47f3cdc8b6b6894a96909638e499738c6894b7e303909

Request headers

Referer: https://www.proofpoint.com/
accept-language: en-GB,en;q=0.9
Authorization: Token cf897ce61a58c53c1861f742ebebc2622f6b0fcf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
X-6s-CustomID: WebTag1.0 76d4adecd2340b300ba5d4296ecef89d

Response headers

x-trace-id: 6362973255847499011
date: Thu, 15 Feb 2024 07:29:45 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.proofpoint.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 399

GET
H2 200 runtime~main.9529c9e3.js Show response
js.driftt.com/core/assets/js/ Frame 3006 6 KB
3 KB 42ms
41ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fc7d5e41bfcae13c9f8d4ceb0c50f1a19b9ca02f68334f9f864ca4f36048412f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:22 GMT
x-amz-version-id: xuGqZg35SFEHjNQJFXAlA9HwZ4._ikQ.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 479602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Fri, 09 Feb 2024 17:52:46 GMT
server: istio-envoy
etag: W/"aa41f0c3b09fe172de965115f65bf8a2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OTcle_JFro9qaOT48D170LKzUCZTJs-lhJc8FgnKOdKmHrb6DUle0g==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 35 KB
13 KB 45ms
45ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:47 GMT
x-amz-version-id: xDLMc9.vfMRinFJv17uWwlTUqFMyHh91
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386658
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Tue, 19 Dec 2023 18:34:39 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: f-CbUsXeIPwumVEeYIAtfwen7qqgqC-va3l6yq0JrjDzqfd2vPGpdQ==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 7 KB
3 KB 47ms
47ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:52:55 GMT
x-amz-version-id: vHJcyo5_wsHnB664RlshK2ErhD729WKk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 6903410
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 21 Nov 2023 16:21:43 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zKe7RBnb1wceBfAvZ5iqt6ikfC8Zhqr7Ue1X5D0xW04qxrxRBTP3Gw==

GET
H2 200 runtime~main.9529c9e3.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 6 KB
3 KB 47ms
47ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fc7d5e41bfcae13c9f8d4ceb0c50f1a19b9ca02f68334f9f864ca4f36048412f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:22 GMT
x-amz-version-id: xuGqZg35SFEHjNQJFXAlA9HwZ4._ikQ.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 479602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Fri, 09 Feb 2024 17:52:46 GMT
server: istio-envoy
etag: W/"aa41f0c3b09fe172de965115f65bf8a2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: C1jTtXIjUtumHLigtbe9QNOGQLWHBUM7cnXs8B7MC_n0XHtFuNOZCQ==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 35 KB
13 KB 51ms
51ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:47 GMT
x-amz-version-id: xDLMc9.vfMRinFJv17uWwlTUqFMyHh91
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386658
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Tue, 19 Dec 2023 18:34:39 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OZCJMLhrdszpFBnbypgxBJ1KqAlIRylrV70V-tlYA1XJe9pLavDBjw==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 7 KB
3 KB 53ms
53ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
Origin: https://js.driftt.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 09:52:55 GMT
x-amz-version-id: vHJcyo5_wsHnB664RlshK2ErhD729WKk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 6903410
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 21 Nov 2023 16:21:43 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FEUBhT1oQYXp2mwRVMTZUIPo7Ucn7exRi_egQjbm3PyXJSG-zE_mMw==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 225ms
225ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=69ff33fa-7167-44cf-8073-70e4f6113b19&session=c243ad5b-cb48-443b-8a52-7ea1156d8012&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A21%3Ae%3A%3A11%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&pageViewId=f43fd0e0-8b2e-4ed2-8f75-d15994a5f224&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 23 KB
8 KB 51ms
46ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:42:32 GMT
x-amz-version-id: jAn.UV4FUigTQ2pXuPEfcgJGaVkaFeLh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 3649633
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Wed, 03 Jan 2024 21:36:01 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: g8uVRHa03kb9RS0qdrd4tPb795C-RI-pwtuacZpJ53G7iwkm4HG0Ig==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 36 KB
10 KB 55ms
50ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: sgEYGmeR8Py6tciS9o0uWaEb0DViiRFb
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Tue, 19 Dec 2023 16:15:24 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dlPgVjIct7HTy1yd4xHSrxAI6Ypp1CGDwwsMX_FPnh1eGPs9JAuuTQ==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 32 KB
11 KB 56ms
53ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: DvJ7CLlBPxNj4KV_C1b2ZR1X9H2QpJXV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XnmOhqxSxJSMnYbB0-6KPPk3k1On2CdJeIsFuUgiP1dWE0kG75iGCw==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 17 KB
6 KB 58ms
55ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: TS.9ApOzy..rylGKiVPdLcCX5dJ9HsBw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yjRw9FIL_sLINH_pcEVq0NGsPpYujTiPP_EHaHfQgQjHnbLQMg_4Fg==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 25 KB
8 KB 60ms
57ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:30 GMT
x-amz-version-id: E9YrwVejTprhZqeWxhn5pc.KEORxTIm1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678294
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Thu, 11 Jan 2024 23:20:33 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: l6Ev8rOythqiJ9RxE7ZbijqjYYEMHrtIFckDfkwFqS5eAvTXnrfNhw==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 74 KB
23 KB 65ms
62ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: 4VyxTF9cOmpvyHPO7jaWSto1hTdtU.sl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 45
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HSnaq6a7euPT5g7Vz4QFi8vhLWAeG27sRxHqvAtvqTHfTSLDYd6ZmQ==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 66 KB
20 KB 73ms
70ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: cqsMaYjOHahH71A7EXhyHFywLOEay3sx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 32
last-modified: Tue, 19 Dec 2023 16:15:24 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 79GwupKh0W6nqIiNYYBm_lF7cBYcIsXALm9woNgh2-7e-AQ2BNdmoA==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 91 KB
28 KB 79ms
77ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: iLluOjfpMSRsML8bOSqA9V8JfTEqMP9L
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2eMP27yx7QXU2v_NjWoynMbAJLojJwAV3GUhOhsKQNPUUApuXZTrxQ==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 23 KB
7 KB 85ms
83ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:30 GMT
x-amz-version-id: fTPxsmx5We5V2pMGDl1ykjBzTcYFF2dc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 11 Jan 2024 23:20:32 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ---HMdH98A1a_SRMQiwJ7s3JqD7OV99jDnhi64iPhhk_tLSe1VbN7g==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 62 KB
20 KB 90ms
89ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: q8W9FNPLIM8OX5drRDX0sp4TnKuKPMbY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jXKwiUIDVC0nJ3bpbxug4XBtKZPl9XakxifKWmHa-TuJ8D0og31bpg==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 105 KB
34 KB 96ms
95ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: sZGsqYJSO5RNt4iGri.m215HFs7tyyoY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Tue, 19 Dec 2023 16:15:24 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cTaW9nxMX5kxh6UJqWu3qooceXHqcM5X-XRiPyzZEJxGyv1lDdcYDg==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 12 KB
4 KB 104ms
102ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 03:25:55 GMT
x-amz-version-id: d4Mpj6_OHbbARq4FSdDizJv80LDhJS9j
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 6062630
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Wed, 06 Dec 2023 19:18:01 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AYfXdMZnazwpxq18bXiUnREmPaqYVVhr2XxjknwK5-idKzkKdvRapA==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 13 KB
6 KB 105ms
104ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 02:39:00 GMT
x-amz-version-id: sy2gXVIBAtxn_z6EcojE2GGUK5H4qzOW
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 6929445
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 21 Nov 2023 16:21:41 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PEn4JAS4jas2QK-UVQI6nnWvKSq0oTvMz2MwyCUi9YKaPPqMVsbJag==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 17 KB
7 KB 108ms
107ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:30 GMT
x-amz-version-id: mbKfJZbsWw.V.LuUA4S0Y6Eza3IzJhvH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Thu, 11 Jan 2024 23:20:33 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eH_k6KzRecJra3_Wae4y0TH7tQz00ayG8sMjbxQwEq0Jbdz24R6BKA==

GET
H2 200 8.ab226b4a.chunk.css
js.driftt.com/core/assets/css/ Frame 3006 31 KB
4 KB 43ms
42ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 21:38:16 GMT
x-amz-version-id: Iy50rWLvnka9klYMF5qa_8hsgho0e_uB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1677089
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 26 Jan 2024 18:11:46 GMT
server: istio-envoy
etag: W/"1e97f00f07b87f701d0bf06259f954e4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Xj-m7-a2UYYsGVV7wiP8ge4wmlBKbS-2xBX1ZzsWbcR5xptmwyz3sg==

GET
H2 200 8.ce202881.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 82 KB
26 KB 112ms
111ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.ce202881.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: mQIEwfFQyClv1G1Ejf6MWBI5BBswFf_l
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1336149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 93
last-modified: Tue, 30 Jan 2024 16:30:58 GMT
server: istio-envoy
etag: W/"182944c0e758d6ff6a202ce976d91cc6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5GM6OJCTT295gtLBMT9EMm3hhSyhmQVh6lUFdMIyT53ojsaqbbELhg==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 3006 24 B
698 B 45ms
44ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 10:04:47 GMT
x-amz-version-id: oL98YdzlpaGyxUOIAT2tnEGpxnQwpHij
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P6
age: 4397098
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 13
content-length: 24
last-modified: Tue, 19 Dec 2023 18:34:35 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7HqFj1ZlqXhfiBDl9fqI5xWO5Xap-jGKyS3CQiWh0oNrQIUak-SKjw==

GET
H2 200 16.0a87dc8c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 93 KB
24 KB 119ms
118ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.0a87dc8c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: RsA2hpXwDntL3q66hRYGEyJFeaiGX5Be
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1336149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 45
last-modified: Tue, 30 Jan 2024 16:30:56 GMT
server: istio-envoy
etag: W/"4d556324f40b4d890d1ae22bdef7d679"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aAiVqvJ50Zan-EesB8h2_rhO2DdaGJvEnEKYePuidNrDrYYO_kwqyQ==

GET
H2 200 24.7f33ec6b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 51 KB
14 KB 124ms
124ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.7f33ec6b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

50ae38488522123a40313a67234c357d2b15b74e0114a69344b4d0ec711ce4a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:23 GMT
x-amz-version-id: IJ.g6.blKin4pKm5qEbkM9S7OXyKk.QY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 479602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 09 Feb 2024 17:52:44 GMT
server: istio-envoy
etag: W/"e79409f6e07e1acc7ff47a8873a070f5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lQ-nFfGnjAfydMLwT3Pqsd6ITxpc_naWJL43x_CilJnjitghQ2F9bg==

GET
H2 200 17.76424341.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 40 KB
13 KB 127ms
127ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.76424341.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

60942f2cf61e5111f92383919330337b1f447270fc61ef81a0d113fa599cc833

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:23 GMT
x-amz-version-id: Izaeib97V9biXJLsdd2dJ3iva_raJqvW
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 479602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 30
last-modified: Fri, 09 Feb 2024 17:52:43 GMT
server: istio-envoy
etag: W/"b2d396c6e8a21414ed43a83422cd3e28"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EpEYQeifaWPNsN_qnvTXsIhJaq9P1cgAs5kgnUQPHe0ndf84o9wVcw==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 23 KB
8 KB 127ms
126ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 01:42:32 GMT
x-amz-version-id: jAn.UV4FUigTQ2pXuPEfcgJGaVkaFeLh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 3649633
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Wed, 03 Jan 2024 21:36:01 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Sg-9nW6CgjLioMqCaJ5fp64KX0p3jY8S-Dzl5tXi4dZ7QHl2bG2ZJw==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 36 KB
10 KB 128ms
127ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: sgEYGmeR8Py6tciS9o0uWaEb0DViiRFb
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Tue, 19 Dec 2023 16:15:24 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bKhx9ga6nLD3aaRdo3Vzkv_Mw__pbZLZFGyGVTfpAEP4-9HCS_pMlQ==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 32 KB
11 KB 129ms
129ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: DvJ7CLlBPxNj4KV_C1b2ZR1X9H2QpJXV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ELxbRaj6eOSAHjMRIkIp0X1oi7qwd6Tnyqo47y-gZ_K6ElkU6WQGXA==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 17 KB
6 KB 130ms
130ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: TS.9ApOzy..rylGKiVPdLcCX5dJ9HsBw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KGIosYpcmeriMDqPK6SCtE-3U6oZIQ8FuZSWPfG_7LSfNWTofOGnlQ==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 25 KB
8 KB 131ms
131ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:30 GMT
x-amz-version-id: E9YrwVejTprhZqeWxhn5pc.KEORxTIm1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678294
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Thu, 11 Jan 2024 23:20:33 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RXzmg0uLn_LgNV1qcwIfzZadB9FA-OCmSo1hhB42sZeAKP_OlXvZ9A==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 74 KB
23 KB 133ms
132ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: 4VyxTF9cOmpvyHPO7jaWSto1hTdtU.sl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 45
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _VvASsuIfGXo4EXFIU7kf2IWSgHlsL8PQ6eZ2BvE2x8rDfvGdHua-Q==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 66 KB
20 KB 135ms
134ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: cqsMaYjOHahH71A7EXhyHFywLOEay3sx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 32
last-modified: Tue, 19 Dec 2023 16:15:24 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EH-nVJLsNBVhVKFZ0jA2vXFf9mFsievzvObDhPpzgqZtxPOripangg==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 91 KB
28 KB 137ms
136ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: iLluOjfpMSRsML8bOSqA9V8JfTEqMP9L
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OP3wUfUMW5dDea4fv1GsHh-XgR65HopEpfwYX5u7AoXi80LL8e33nQ==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 23 KB
7 KB 139ms
138ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:30 GMT
x-amz-version-id: fTPxsmx5We5V2pMGDl1ykjBzTcYFF2dc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 11 Jan 2024 23:20:32 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FxT2CpzYspY9nZi5dtiQQorDisEaEgFcpmZWrFQKC4qOAuvRLsNDaw==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 62 KB
20 KB 140ms
140ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: q8W9FNPLIM8OX5drRDX0sp4TnKuKPMbY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: afnDg9-8mUKZ0T9r0oGRsr9fAvGOp6TI9iD0P3oZg4PXbuBfzr4c5Q==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 105 KB
34 KB 143ms
142ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:48 GMT
x-amz-version-id: sZGsqYJSO5RNt4iGri.m215HFs7tyyoY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Tue, 19 Dec 2023 16:15:24 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: woXvKSVJQKM2YTmYi4eovJEyVhAaqxuGyt_wOk3ZcDj3eqpAIlX6jw==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 12 KB
4 KB 146ms
145ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 03:25:55 GMT
x-amz-version-id: d4Mpj6_OHbbARq4FSdDizJv80LDhJS9j
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 6062630
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Wed, 06 Dec 2023 19:18:01 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ct1KIrMqVpaLWXxFGC4Zhwaq1rjD8E55mlM467Yom083cY19Rgz-0Q==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 13 KB
6 KB 146ms
146ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 02:39:00 GMT
x-amz-version-id: sy2gXVIBAtxn_z6EcojE2GGUK5H4qzOW
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 6929445
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 21 Nov 2023 16:21:41 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: izbnD1RJgwOhiC8HdLDBMIfF1eymdXGZeyLc5in-Dsjlc5Bbk4bQDg==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 17 KB
7 KB 148ms
147ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:30 GMT
x-amz-version-id: mbKfJZbsWw.V.LuUA4S0Y6Eza3IzJhvH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678295
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Thu, 11 Jan 2024 23:20:33 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rCdlZrvgu9bR9wfy2Vso7AfDQMPysFD-J-b6W7Z8z9diU26yq_zb9w==

GET
H2 200 8.ab226b4a.chunk.css
js.driftt.com/core/assets/css/ Frame D3A1 31 KB
4 KB 148ms
148ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 26 Jan 2024 21:38:16 GMT
x-amz-version-id: Iy50rWLvnka9klYMF5qa_8hsgho0e_uB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1677089
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 26 Jan 2024 18:11:46 GMT
server: istio-envoy
etag: W/"1e97f00f07b87f701d0bf06259f954e4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KRkyyQQiNqcYNnKNjF7oEEhDUR8Igrxm7My17MK3NJ9qd8e552C0NA==

GET
H2 200 8.ce202881.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 82 KB
26 KB 150ms
149ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.ce202881.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: mQIEwfFQyClv1G1Ejf6MWBI5BBswFf_l
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1336149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 93
last-modified: Tue, 30 Jan 2024 16:30:58 GMT
server: istio-envoy
etag: W/"182944c0e758d6ff6a202ce976d91cc6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: p8-rmsyjh74KTELWcFtbeEATEb0G0w5laujS01F8a-256EIrcLhhew==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame D3A1 24 B
696 B 151ms
151ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 10:04:47 GMT
x-amz-version-id: oL98YdzlpaGyxUOIAT2tnEGpxnQwpHij
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P6
age: 4397098
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 13
content-length: 24
last-modified: Tue, 19 Dec 2023 18:34:35 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Vr66og2Ch3OlPm8J3zIcpo7ZOvnvu2sK8R78b-Em0ZEzrxivdOiWgg==

GET
H2 200 16.0a87dc8c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 93 KB
24 KB 153ms
152ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.0a87dc8c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: RsA2hpXwDntL3q66hRYGEyJFeaiGX5Be
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1336149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 45
last-modified: Tue, 30 Jan 2024 16:30:56 GMT
server: istio-envoy
etag: W/"4d556324f40b4d890d1ae22bdef7d679"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Qv1tPcjN6XHAd5nxCE9vlXhz7x0kpSssPp6Rjjc7WQYA7e2qEnFhkQ==

GET
H2 200 24.7f33ec6b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 51 KB
14 KB 156ms
156ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.7f33ec6b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

50ae38488522123a40313a67234c357d2b15b74e0114a69344b4d0ec711ce4a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:23 GMT
x-amz-version-id: IJ.g6.blKin4pKm5qEbkM9S7OXyKk.QY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 479602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 09 Feb 2024 17:52:44 GMT
server: istio-envoy
etag: W/"e79409f6e07e1acc7ff47a8873a070f5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9AL3Yzn7hpb2QkqbNHZb6Yt8b50O21cVMloFt4D_Jb3OCBmIguzNeQ==

GET
H2 200 17.76424341.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 40 KB
13 KB 157ms
157ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.76424341.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

60942f2cf61e5111f92383919330337b1f447270fc61ef81a0d113fa599cc833

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:23 GMT
x-amz-version-id: Izaeib97V9biXJLsdd2dJ3iva_raJqvW
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 479602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 30
last-modified: Fri, 09 Feb 2024 17:52:43 GMT
server: istio-envoy
etag: W/"b2d396c6e8a21414ed43a83422cd3e28"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qF2ZmX574hqkw1i40R8_fUA0foxK58HXswEN0Uq94CsekNYlHRYIMQ==

GET
H2 200 37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 3006 3 KB
1 KB 42ms
41ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:32 GMT
x-amz-version-id: sRdyAX.mmmfnHJ1amTnG0RmacaiJNP23
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678293
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 11 Jan 2024 23:20:31 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Zo0s5vqhS3pvDjYZ5u6bNeqAtrcL_Ulkd8sB2UH4t1hAlasoMOH9Fw==

GET
H2 200 37.fba521ea.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 3 KB
2 KB 43ms
42ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.fba521ea.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b1700a9f05644621ffe3a13f59d5258261f170718eb8a6076e5fc55cd918afc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 17:24:59 GMT
x-amz-version-id: yjKQYZO7C1D0av2terpN.3WV3CPoW8Ab
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4975486
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 19 Dec 2023 16:15:24 GMT
server: istio-envoy
etag: W/"deb91ed165197613da3fac3d4f67edf9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _uwVErQJLJrG271c9CE2qxnMm8W9gnQBz41w1bnb_yozoWA8PyFV0Q==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 9 KB
3 KB 45ms
43ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:50 GMT
x-amz-version-id: wIYiMMOv59k7p4Fbql5xBCm9H7moGtf2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386655
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 19 Dec 2023 18:34:36 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zY8fgTgtdN0rYKwPcWNHAqMtJhM4w-tNRd3Ab-Zgjs1BV8T7IGgB3w==

GET
H2 200 27.01c2bea5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 35 KB
10 KB 45ms
44ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 02:28:31 GMT
x-amz-version-id: 2Korw8bi9AAiRilvLsrbqBc0f21NyJHT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1141274
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 01 Feb 2024 23:00:48 GMT
server: istio-envoy
etag: W/"04a233a42dcf8c50a83bfecea8ba552d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: u42_jyAtxzuuxXJSmBnyX5Jrmy6CEmXCahIwhv-fjVlG6rSu5zllMA==

GET
H2 200 28.b5e8f5e1.chunk.css
js.driftt.com/core/assets/css/ Frame D3A1 8 KB
2 KB 42ms
41ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/28.b5e8f5e1.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:50 GMT
x-amz-version-id: .fUlXnml9vNpf6zIEbVH9.TYckUJHxxL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386655
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Tue, 19 Dec 2023 16:15:21 GMT
server: istio-envoy
etag: W/"e7107bc29ccb3c6d928f0f8f10a0f22d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TvCHfVAuLPw2VpjMwxo05ngvWiTjcfKnI4bc_d1CWQUyjbmU31t4hA==

GET
H2 200 28.07e1b068.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 15 KB
6 KB 46ms
46ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.07e1b068.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7d78bcb45e61155283355f98b205d9dc7b416aef6cfd5ae58c76d7633941a52b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: n2Ilv3EJ7xNfD3rdnMTYy30EaO4FuNsw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1336149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Tue, 30 Jan 2024 16:30:57 GMT
server: istio-envoy
etag: W/"c5f153de3aa4a7014a810aa46b771779"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xXR72pNlzpRAxQRCf1L5zLVinSGNsh-Feh7SsRkhVXvrNLbf2wEE5Q==

GET
H2 200 25.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame D3A1 365 B
1 KB 43ms
42ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 12:03:54 GMT
x-amz-version-id: 0H7FjD7Jl9xIJbAVeMxI..hCPUWnSz0t
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P6
age: 6895551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
content-length: 365
last-modified: Tue, 21 Nov 2023 16:21:39 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XpA0OOgBncRtzLP-JO8BiWAKkaaNc7ohpAZFI8lRtWf6rpC-Nioagw==

GET
H2 200 25.67862572.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 92 KB
25 KB 47ms
47ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.67862572.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8afb6c394c753852596c484e8e09d9e3a3fdcaffbcfd8855e0ff97710f98e41d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:23 GMT
x-amz-version-id: J49giViUzvRADF2BchKYayHGhbCr__Nk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 479602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 09 Feb 2024 17:52:44 GMT
server: istio-envoy
etag: W/"8d997df2511297b8e457c84407a52fbe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ykUpmizm3nCUk98bINJMelX4MzjCKGLkQXWxyr6WQE7la0wvGdEdBQ==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 9 KB
3 KB 43ms
42ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:50 GMT
x-amz-version-id: wIYiMMOv59k7p4Fbql5xBCm9H7moGtf2
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386655
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Tue, 19 Dec 2023 18:34:36 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: l1qgPoa3kj43AaBVOaeBf0NTOKDwog3R38mGOZA87VbByZtIXn0gAg==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 3006 7 KB
2 KB 41ms
41ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 12:03:54 GMT
x-amz-version-id: Z3aGNvKDu1qrwflzzKzoomVmgF30.VOg
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 6895551
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Tue, 21 Nov 2023 16:21:39 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wCyDAehTC_XBqbTTFnlSnGYfMXgJu-IHQyhgcdi1WXT8nw4RTHOBtA==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 54 KB
15 KB 43ms
43ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:51 GMT
x-amz-version-id: gL82ppKirwR7fxxrhBV_OSoLEOxW5mhG
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386654
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Tue, 19 Dec 2023 18:34:38 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: abIP3gpeMYJM_03Siz7xQZ610W_V_sHwIY3oKGlA1-nqgtXd24zVuw==

GET
H2 200 1.12ba17b6.chunk.css
js.driftt.com/core/assets/css/ Frame 3006 44 KB
7 KB 44ms
43ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.12ba17b6.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 12:58:51 GMT
x-amz-version-id: 1xzUgPbFb7aaeyDZtp6vQOQncX9.jojY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 4386654
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 19 Dec 2023 16:15:21 GMT
server: istio-envoy
etag: W/"3b8ba82e1bac13ee29e9764a55620d99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QsBKXx-SC3dRO5U_6WLSRt4-5sfNJ6rjOGCADJpBnKgKytAIuonCCg==

GET
H2 200 1.30d23e08.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 54 KB
18 KB 46ms
45ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.30d23e08.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ebc6864388422f0526dd1be3d78d40f17410bbdaa50809606a7f017c4d347345

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:23 GMT
x-amz-version-id: kJjpXaU0DvCwVfr3xvzsSJwk3b2WS8YN
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 479602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 09 Feb 2024 17:52:43 GMT
server: istio-envoy
etag: W/"e66872f1c9a70f62c1283ed6349dfc0c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nDynRgPIV5Q2ds-o6Vl8vQYJCQWa5gObpYZ3fOJYg0U5RCiZHFLCjQ==

GET
H2 200 4.c6304c2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 23 KB
24 KB 47ms
46ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.c6304c2e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a55619fd27a0e1c6c940e668707a13ea02bc52953106260a570c28e5a300c070

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 11 Jan 2024 06:23:55 GMT
x-amz-version-id: 4LEfTfToPshxVoamr6yGWkSKNsKtAgK6
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA60-P6
age: 3027950
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 40
content-length: 23376
last-modified: Wed, 03 Jan 2024 21:36:01 GMT
server: istio-envoy
etag: "672c1436035fd059b992723cdedd3472"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QquZo6bPPuwCEXrQX-xr02nw61ULS9mo9MwlXeeygKXV0jlRl9rOIQ==

GET
H2 200 34.5fdd3e3b.chunk.css
js.driftt.com/core/assets/css/ Frame 3006 16 KB
3 KB 45ms
44ms Stylesheet
text/css 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.5fdd3e3b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a03b854d10519fd5be9cdcbc78fad3927c1a3de9e84fa74353c8a19cc20d0501

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: IrMkVQs7lH.AehsQAbAKz1mDjOweAHHO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1336149
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 30 Jan 2024 16:30:54 GMT
server: istio-envoy
etag: W/"6f779260053e30787f84dfa7ba6743e5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2h_KiAJgHFh0KG3jKYFCM7uvbpw-zOG2sYp92Ox_6nT-VD-Nq6Dfcg==

GET
H2 200 34.a74cf682.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 13 KB
5 KB 47ms
47ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.a74cf682.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a0ecd664d717fc9ad0a511a6379f291db344fd80bfe9058989c0f4d658d65e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:36 GMT
x-amz-version-id: 3riUQLKgKFzP8T6iTzopZY0msGOhRJyj
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 1336148
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Tue, 30 Jan 2024 16:30:57 GMT
server: istio-envoy
etag: W/"a5ca20176509792eb61e2e83db9487a0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7rXcU8cW3CYTnAQu74Lf7nAGPPrqP-lgGbS5VwhqsP32qEUjCPMZyw==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 43ms
43ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=319333842&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&ul=en-us&de=UTF-8&dt=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABAAAAACAEK~&jid=&gjid=&cid=706208503.1707982183&tid=UA-2257074-1&_gid=747894658.1707982184&gtm=45He42c0n81MGR7P8Xv76619393za200&gcd=13l3l3l3l1&dma=0&cd19=706208503.1707982183&cd2=&cd3=&cd5=&cd6=&cd10=Manchester&cd11=England&cd12=United%20Kingdom&cd17=&z=345307951

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Feb 2024 19:20:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 43727
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 38ms
37ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je42c0v890103917z876619393za200&_p=1707982182290&gcd=13l3l3l3l1&npa=0&dma=0&cid=706208503.1707982183&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAC&_s=3&sid=1707982182&sct=1&seg=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&dt=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&en=page_view&_et=35&tfd=4395
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 15 Feb 2024 07:29:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame D3A1 207 B
648 B 379ms
124ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

b7738a1e839a0c565352056f8efb00ee9ee01ba4f58638490e8b8b3e74584f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 15 Feb 2024 07:29:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 514dd4e0e5e37497
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 10
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 207

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 218ms
218ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=69ff33fa-7167-44cf-8073-70e4f6113b19&session=c243ad5b-cb48-443b-8a52-7ea1156d8012&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A43%20GMT%22%2C%22timeSpent%22%3A%222452%22%2C%22totalTimeSpent%22%3A%222452%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&pageViewId=f43fd0e0-8b2e-4ed2-8f75-d15994a5f224&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:46 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame D3A1 25 B
89 B 132ms
126ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 15 Feb 2024 07:29:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 16b41a612934b465
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame D3A1 33 KB
11 KB 393ms
393ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

4b720890fea2bd9aa0aca4293b6ac99ca856c080f4ed5d8370bfbd0b0e2d0b3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 15 Feb 2024 07:29:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 4700c13b6f5aebc2
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 280
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 142ms
113ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 15 Feb 2024 07:29:47 GMT
requestid: driftc76fc7f4c97a407dbfe3153b399
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 track Show response
event.api.drift.com/ Frame D3A1 725 B
785 B 115ms
115ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

5823a89cb6b3e83ce0f997d6cb610972e199d6898978649b81708243b57d0edb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMTAxNDIzMjQwMyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3Mzk2MDQ1ODYsImlhdCI6MTcwNzk4MjE4Nn0.pDk0ZdpxzFLuq2Je7-9u7GfPn6U3SXHBhzdSbdu3lNYYOb705LMzk3KbqiajAfg11rqqTDzO6bvt-adii0NieA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 15 Feb 2024 07:29:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: d3b155df0b4289f7
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 725

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 120ms
114ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 15 Feb 2024 07:29:47 GMT
requestid: drift53b36344708aaddd2b3c4c9fa08
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame D3A1 2 KB
837 B 115ms
115ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

8174d2eff89286bc311c7c0d6216f45a9d423a0e769dfeb04d122ab90a504f2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMTAxNDIzMjQwMyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3Mzk2MDQ1ODYsImlhdCI6MTcwNzk4MjE4Nn0.pDk0ZdpxzFLuq2Je7-9u7GfPn6U3SXHBhzdSbdu3lNYYOb705LMzk3KbqiajAfg11rqqTDzO6bvt-adii0NieA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 15 Feb 2024 07:29:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: e14f5f9dcb70278f
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 773

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 219ms
219ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=69ff33fa-7167-44cf-8073-70e4f6113b19&session=c243ad5b-cb48-443b-8a52-7ea1156d8012&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A46%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223452%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&pageViewId=f43fd0e0-8b2e-4ed2-8f75-d15994a5f224&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:47 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 114ms
113ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 15 Feb 2024 07:29:47 GMT
requestid: drift79b2cdb4142b5fe39a373f03859
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame D3A1 0
38 B 131ms
131ms XHR
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMTAxNDIzMjQwMyIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3Mzk2MDQ1ODYsImlhdCI6MTcwNzk4MjE4Nn0.pDk0ZdpxzFLuq2Je7-9u7GfPn6U3SXHBhzdSbdu3lNYYOb705LMzk3KbqiajAfg11rqqTDzO6bvt-adii0NieA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 15 Feb 2024 07:29:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: a96d6156535a84ac
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 17
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 43ms
42ms Image
image/gif 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=319333842&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&ul=en-us&de=UTF-8&dt=Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%202592682&_u=aDDAAEABAAAAACAEK~&jid=&gjid=&cid=706208503.1707982183&tid=UA-2257074-1&_gid=747894658.1707982184&gtm=45He42c0n81MGR7P8Xv76619393za200&gcd=13l3l3l3l1&dma=0&cd19=706208503.1707982183&z=201197208

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 14 Feb 2024 19:20:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 43729
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame D3A1 19 KB
7 KB 41ms
41ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=5e5851ba-3739-4eb6-abd2-5585eea55b46&sessionStarted=1707982185.316&campaignRefreshToken=a707485f-b12f-4f49-845a-69da5efb70e5&hideController=false&pageLoadStartTime=1707982182466&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:34 GMT
x-amz-version-id: Zqc8tAJgSsjNOAXYaxQdNZubY1vGBLp.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678293
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 11 Jan 2024 23:20:34 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: m0N8_IW4YwfzmEKkNL4EHHU_98jWZyMZd7QNTP7jDoXSZVSOv4OIsQ==

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 3006 19 KB
7 KB 41ms
41ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1707982182466
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Mon, 15 Jan 2024 07:31:34 GMT
x-amz-version-id: Zqc8tAJgSsjNOAXYaxQdNZubY1vGBLp.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 56a77d6c9e6b49fa4179a99507a9582e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
age: 2678293
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 11 Jan 2024 23:20:34 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GRHLTEu5_nn2bnsCF0woWd-9Ir-1VOx6hxE4feBv3GTFqFGjcVAnsw==

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1309750%252Fb676fc411192216d9fa871532ccd1ef16m64sa65z394%3Ffit%3Dmax%26fm%3Dpng%26h...
driftt.imgix.net/ Frame D3A1 3 KB
3 KB 90ms
26ms Image
image/png 2a04:4e42::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1309750%252Fb676fc411192216d9fa871532ccd1ef16m64sa65z394%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D66f22e2d85aec618f47000d1029736f1?fit=max&fm=png&h=200&w=200&s=f333800c5d66a1ec12ddc6d9d2ea2213

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

4997035dbb477fd4132f3770718fe988c59a3659a74952f5473c366ff6a79907

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:47 GMT
x-content-type-options: nosniff
age: 2046236
x-cache: HIT, HIT
x-imgix-id: 58d330ad921d156f24a9c9ee73509de7abd20922
cross-origin-resource-policy: cross-origin
content-length: 3195
x-served-by: cache-sjc10042-SJC, cache-man4148-MAN
x-imgix-render-farm: 02.131624
last-modified: Mon, 22 Jan 2024 15:05:51 GMT
server: Google Frontend
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 240ms
240ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=69ff33fa-7167-44cf-8073-70e4f6113b19&session=c243ad5b-cb48-443b-8a52-7ea1156d8012&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224453%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&pageViewId=f43fd0e0-8b2e-4ed2-8f75-d15994a5f224&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:48 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame D3A1 25 B
112 B 124ms
124ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 15 Feb 2024 07:29:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 58c78b2bfb88be1c
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 11
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 218ms
218ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=69ff33fa-7167-44cf-8073-70e4f6113b19&session=c243ad5b-cb48-443b-8a52-7ea1156d8012&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A48%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225454%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&pageViewId=f43fd0e0-8b2e-4ed2-8f75-d15994a5f224&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:49 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 228ms
228ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=69ff33fa-7167-44cf-8073-70e4f6113b19&session=c243ad5b-cb48-443b-8a52-7ea1156d8012&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2015%20Feb%202024%2007%3A29%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226455%22%7D&isIframe=false&m=%7B%22description%22%3A%22Over%20the%20past%20weeks%2C%20Proofpoint%20researchers%20have%20been%20monitoring%20an%20ongoing%20cloud%20account%20takeover%20campaign%20impacting%20dozens%20of%20Microsoft%20Azure%20environments%20and%20compromising%20hundreds%20of%20user%20accoun...%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Community%20Alert%3A%20Ongoing%20Malicious%20Campaign%20Impacting%20Azure%20Cloud%20Environments%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fcloud-security%2Fcommunity-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments&pageViewId=f43fd0e0-8b2e-4ed2-8f75-d15994a5f224&v=1.1.14

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Thu, 15 Feb 2024 07:29:50 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

176 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

47 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.proofpoint.com/us/blog/cloud-security	1969-12-31 23:59:59	Name: hide_lang_switcher Value: 1
www.proofpoint.com/us/blog/cloud-security	1969-12-31 23:59:59	Name: pp_user_country Value: gb
.proofpoint.com/	1970-01-21 03:11:04	Name: visid_incap_177663 Value: +0WogGfRQ32g7Wxc+4LcE2a9zWUAAAAAQUIPAAAAAADlXDB7mJvZDc+UaktcSwlN
.proofpoint.com/	1969-12-31 23:59:59	Name: incap_ses_6552_177663 Value: 0L7iUDr0fn0Rgo/x1GHtWma9zWUAAAAAquowaFHgt+5Rm3orYGI+bg==
.proofpoint.com/	1970-01-21 03:13:24	Name: _vwo_uuid_v2 Value: DE34BE285ABB1C11E000622C2A48ED593\|718d182cb267cbd665f706e8f1479ea3
.proofpoint.com/	1970-01-20 20:35:58	Name: _gcl_au Value: 1.1.976191227.1707982183
.proofpoint.com/	1970-01-21 04:02:22	Name: _ga Value: GA1.2.706208503.1707982183
.proofpoint.com/	1970-01-20 18:27:48	Name: _gid Value: GA1.2.747894658.1707982184
.proofpoint.com/	1970-01-20 18:26:22	Name: _gat_UA-2257074-1 Value: 1
.proofpoint.com/	1970-01-21 04:02:22	Name: _mkto_trk Value: id:309-RHV-619&token:_mch-proofpoint.com-1707982183616-65887
.doubleclick.net/	1970-01-21 03:47:58	Name: IDE Value: AHWqTUmi9GOVpZJ-GtHaijRzlbxTrDpB8KLiN63d-YP504_uszut_hENcxAgvmWW
.app-abj.marketo.com/	1970-01-20 18:26:23	Name: __cf_bm Value: o6TLfVdMlmyRjaUUVhceCR3AdzmOn5UwhBzTzoIcYho-1707982183-1.0-AbC6RcX5uvicziOPCAHR8mNOG6kfMPvnCq0nX/9WcA7tuOz/EtTMehc06BzB51TJ4UnHIB0pOZ7g1GPUCHLKwjY=
tracking.g2crowd.com/	1970-01-20 18:46:31	Name: _session_id Value: 716ee89ffeace49ea09ac7f67a7f21cf
.g2crowd.com/	1970-01-20 18:26:23	Name: __cf_bm Value: TQoU_1ebqPUaspdsjoXSMGmSegVnD0svkjw09AAfyTw-1707982183-1.0-AYe1uG0nKR2mt6gxAW2ldTZBi9GzLvXZWvnL/D7W3r3xZPJz6nx/rGUO2za1nxGjfstodyiE7V3clQe8rDQbdNk=
.techtarget.com/	1970-01-20 18:26:23	Name: __cf_bm Value: tO0yHuJQ1uQFh6bDtAJ5oTQUwTcI7LK5s0K7LlQeHps-1707982183-1.0-AS2Gywi3RhBgpqAhVp7CobZ8NTVEgnzJOPHg8K4sxReJqn7qMXRowt4EirU/o5zze0G3qdg8fG+TT0ctrBmgDj8=
.adnxs.com/	1970-01-20 20:35:58	Name: XANDR_PANID Value: 9VBdoVN_Lz3ublr5qQ5LwsDbXScKSkLbv6jBjTTc0pNQKrwyDuh3LyxpsQg7YJZ4ThvI6m0NlMjAf8qUsJ2FR6CX6njcIkdVRqpNagXRzzo.
.adnxs.com/	1970-01-21 04:02:22	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:35:58	Name: uuid2 Value: 764013486038455188
.linkedin.com/	1970-01-20 20:35:58	Name: li_sugr Value: d0f0bb2a-a830-42ff-a6b2-cdcdf4ebe25f
.linkedin.com/	1970-01-20 18:27:48	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3095:u=1:x=1:i=1707982184:t=1708068584:v=2:sig=AQFr60osXYwoaKjqRPB3iEtM43Sg1oan"
.proofpoint.com/	1970-01-20 20:35:58	Name: _fbp Value: fb.1.1707982184204.1527530445
tags.srv.stackadapt.com/	1970-01-21 03:11:58	Name: sa-user-id Value: s%3A0-4efa4228-90c1-5536-73af-7b0e3c0b16ec.YgYbtS1GsF0HXq3N1B9x3ft5CTAJ307LuxTswyPQNAI
.srv.stackadapt.com/	1970-01-21 03:11:58	Name: sa-user-id Value: s%3A0-4efa4228-90c1-5536-73af-7b0e3c0b16ec.YgYbtS1GsF0HXq3N1B9x3ft5CTAJ307LuxTswyPQNAI
tags.srv.stackadapt.com/	1970-01-21 03:11:58	Name: sa-user-id-v2 Value: s%3ATvpCKJDBVTZzr3sOPAsW7NmKxGM.Sf%2BrsOEVI8HAslzyCpT6RztlAUp9NYmDgZJ20X4e6GQ
.srv.stackadapt.com/	1970-01-21 03:11:58	Name: sa-user-id-v2 Value: s%3ATvpCKJDBVTZzr3sOPAsW7NmKxGM.Sf%2BrsOEVI8HAslzyCpT6RztlAUp9NYmDgZJ20X4e6GQ
tags.srv.stackadapt.com/	1970-01-21 03:11:58	Name: sa-user-id-v3 Value: s%3AAQAKIAimGv-wbccxevJtrIDTqDqCwQd6NJtujQHq5AnpDxxOEHwYBCDo-rauBjABOgTBqNnoQgRGfZpD.MjGeNOsLuZF3TtfAezS1TTj4dgqb0k5J9qabmefK32E
.srv.stackadapt.com/	1970-01-21 03:11:58	Name: sa-user-id-v3 Value: s%3AAQAKIAimGv-wbccxevJtrIDTqDqCwQd6NJtujQHq5AnpDxxOEHwYBCDo-rauBjABOgTBqNnoQgRGfZpD.MjGeNOsLuZF3TtfAezS1TTj4dgqb0k5J9qabmefK32E
.proofpoint.com/	1970-01-20 18:27:48	Name: _uetsid Value: fd46b430cbd311ee85e26dbbfaedb0c4
.proofpoint.com/	1970-01-21 03:47:58	Name: _uetvid Value: fd46dae0cbd311eebe5d25a5858a8680
www.proofpoint.com/	1970-01-21 03:11:58	Name: sa-user-id Value: s%253A0-4efa4228-90c1-5536-73af-7b0e3c0b16ec.YgYbtS1GsF0HXq3N1B9x3ft5CTAJ307LuxTswyPQNAI
www.proofpoint.com/	1970-01-21 03:11:58	Name: sa-user-id-v2 Value: s%253ATvpCKJDBVTZzr3sOPAsW7NmKxGM.Sf%252BrsOEVI8HAslzyCpT6RztlAUp9NYmDgZJ20X4e6GQ
www.proofpoint.com/	1970-01-21 03:11:58	Name: sa-user-id-v3 Value: s%253AAQAKIAimGv-wbccxevJtrIDTqDqCwQd6NJtujQHq5AnpDxxOEHwYBCDo-rauBjABOgTBqNnoQgRGfZpD.MjGeNOsLuZF3TtfAezS1TTj4dgqb0k5J9qabmefK32E
.linkedin.com/	1970-01-20 19:09:34	Name: UserMatchHistory Value: AQLGyu4y6blRqwAAAY2rq98bu8r0YdIFVxgOnHg4R-Qyzu1dTN9GWd8HNcLsU4NxB8FhGDBqM0LH3Q
.linkedin.com/	1970-01-20 19:09:34	Name: AnalyticsSyncHistory Value: AQIhucoIu1eJtQAAAY2rq98bc9Y08e_XkMKAcWAnnvux-d0trTYYCj_QSo8Ycj0cnuJAs5h94fd8v8E8Mru8Mg
.linkedin.com/	1970-01-21 03:11:58	Name: bcookie Value: "v=2&5a54a243-2c77-4f04-8982-5e0ae967fe38"
.bing.com/	1970-01-21 03:47:58	Name: MUID Value: 3C4714EDFCD663822A3200CBFDF162AB
.www.linkedin.com/	1970-01-21 03:11:58	Name: bscookie Value: "v=1&202402150729446ad3945f-41c7-4440-8538-05089ce522b1AQEAedXZxRYpZkpDQ9d0SyREKe6FJMW3"
.linkedin.com/	1970-01-20 22:45:34	Name: li_gc Value: MTswOzE3MDc5ODIxODQ7MjswMjH/kfHNW+Y/oKTfzYSwVM/o1jUg4qI5EYyCFySwk7z9NQ==
.doubleclick.net/	1970-01-20 22:45:34	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-20 19:09:34	Name: ar_debug Value: 1
www.proofpoint.com/	1970-01-21 04:02:22	Name: _gd_visitor Value: 69ff33fa-7167-44cf-8073-70e4f6113b19
www.proofpoint.com/	1970-01-20 18:26:36	Name: _gd_session Value: c243ad5b-cb48-443b-8a52-7ea1156d8012
www.proofpoint.com/	1970-01-20 18:26:23	Name: drift_campaign_refresh Value: a707485f-b12f-4f49-845a-69da5efb70e5
.6sc.co/	1970-01-21 04:02:22	Name: 6suuid Value: ce64110267bb350069bdcd65aa02000091941d00
.proofpoint.com/	1970-01-21 04:02:22	Name: _ga_B1V8SZE3GL Value: GS1.1.1707982182.1.1.1707982185.57.0.0
www.proofpoint.com/	1970-01-21 04:02:22	Name: drift_aid Value: 2cea5f49-9d03-4f77-9b20-a1553c1ebffb
www.proofpoint.com/	1970-01-21 04:02:22	Name: driftt_aid Value: 2cea5f49-9d03-4f77-9b20-a1553c1ebffb

113 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments(Line 881) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments(Line 881) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments(Line 900) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments(Line 900) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments(Line 900) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments(Line 900) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/143852102935619?v=2.9.147&r=stable&domain=www.proofpoint.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://js.driftt.com/include/1707982200000/5dfsgn7m2kst.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/cloud-security/community-alert-ongoing-malicious-campaign-impacting-azure-cloud-environments Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com .visualwebsiteoptimizer.com app.vwo.com .sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com ; img-src 'self' 'unsafe-inline' data: blob: .visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com ; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com .visualwebsiteoptimizer.com ; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

309-rhv-619.mktoresp.com
4788165.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
app-abj.marketo.com
attr.ml-api.io
b.6sc.co
bam.nr-data.net
bat.bing.com
bootstrap.api.drift.com
buttons-config.sharethis.com
c.6sc.co
connect.facebook.net
dev.visualwebsiteoptimizer.com
driftt.imgix.net
epsilon.6sense.com
event.api.drift.com
fonts.googleapis.com
geoip-js.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
js.driftt.com
l.sharethis.com
metrics.api.drift.com
munchkin.marketo.net
pixel.mathtag.com
platform-api.sharethis.com
platform-cdn.sharethis.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.ml-attr.com
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
tags.srv.stackadapt.com
targeting.api.drift.com
tracking.g2crowd.com
trk.techtarget.com
www.facebook.com
www.google-analytics.com
www.google.co.uk
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.proofpoint.com
104.102.38.132
104.16.92.80
13.107.42.14
142.250.186.70
142.250.74.194
151.101.130.137
151.101.193.91
162.247.241.14
172.217.16.198
18.245.86.77
185.89.210.180
192.28.144.124
2.17.100.210
2001:4860:4802:32::36
2600:9000:2057:d800:c:abe:f440:93a1
2600:9000:2156:ee00:1d:85c3:6640:93a1
2600:9000:2670:4a00:12:3734:2a40:93a1
2606:4700:4400::6812:216e
2606:4700:4400::6812:24c4
2606:4700:4400::6812:2b1f
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:808::2002
2a00:1450:4001:809::2004
2a00:1450:4001:80b::200a
2a00:1450:4001:80b::200e
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2008
2a00:1450:400c:c00::9d
2a02:26f0:3500:16::215:1499
2a02:26f0:ab00::214:8e41
2a02:e980:107::cf
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f145:82:face:b00c:0:25de
2a04:4e42::720
3.160.150.14
3.66.124.228
34.111.208.231
34.96.102.137
35.157.194.178
50.16.7.188
68.67.153.60
76.223.9.105
00a028b6540a3f5309fccc8c5c6d5d5e1da884807e21931d907f29f7247ea734
029d219cdef5f07caa9c512aa1e804f9251cc8623c2461dd9c01cb680700da97
037bd3254471a8df28fa54512d91bc91c42f382511446c26e52d22017598796e
0460f4d8d8a0638e4f4264ad779227be77b226d9065432aa1d11d2cf7d60a8b4
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0d366b94ee3f0e5ea160fd99ba064d93d5a628a7eb0f53351f085753a478ac76
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
1264087bbd4672bbcea47f3cdc8b6b6894a96909638e499738c6894b7e303909
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1cf21f57d161f8de548c33c5232d48fa022d3a594ce5ea0df88b48ffeab17525
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2632767b652b8d6e0a9bba35dd89cb580138cc604b6a862f21eec1cfa7ea6096
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2b307b3d001c465c6bb1f12248cfacb443861ef82e1ec5d1dabfc9b06ba72990
2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2fdb22da214a2f7bcfb7d56f8abbdca611c002e04b290aff79caa93d4aaa76f3
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5
37843bfca90789f7ef8311a8377c91a0199e47c4fa057a420df13880fa2b6914
3c25b077a6d92cd9d3576660b68c4c0bd135b78b3cd3b66491ff2c7aa0eeaad3
3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
41b98c57dbe2a6c7a9e86497f1ffcf4ca102e86480be8cef7272a55855324355
46454a26b3142dec4540c21c9c156f2b3e570488667f1bbcf81854e27925f2a4
479f333c6cdf10724e19b33079cab821bb37b0a463170ea9943dcbc0c6d9dc67
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
4997035dbb477fd4132f3770718fe988c59a3659a74952f5473c366ff6a79907
4b720890fea2bd9aa0aca4293b6ac99ca856c080f4ed5d8370bfbd0b0e2d0b3c
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09
50ae38488522123a40313a67234c357d2b15b74e0114a69344b4d0ec711ce4a5
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5680e67bec883a7cc47635705afdaa0d28ad681a1bec515983784fe6c002356b
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5823a89cb6b3e83ce0f997d6cb610972e199d6898978649b81708243b57d0edb
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5f3083b731588016304b0ac105b66985b8ffc9d2c7a2e627f0435da5e86a4648
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
60942f2cf61e5111f92383919330337b1f447270fc61ef81a0d113fa599cc833
637bd059ef7a81089f0b6111be2ed656ca25fdf9200af682a3154a4ab5eab498
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6df289b07c096cf9729c4ef06c3a14ad5de690f30e34f3a83928945cf8002d42
716a853225f7a19ddb9b47d7764d5396ae7c91288352c7e2ddbceaebdf2b179c
719346ec0aeaad194faaaa84772c53819fc99ddde239727e580847202fde5b68
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
76ffdc5337cd5a509f15d70767b85a793aead82975d0d86912e1607e963c9aed
7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787
7d78bcb45e61155283355f98b205d9dc7b416aef6cfd5ae58c76d7633941a52b
8174d2eff89286bc311c7c0d6216f45a9d423a0e769dfeb04d122ab90a504f2f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
8912e42fc410c1e5bb6e04f4e0a8f1866487446cf71653c511dab44ab077214a
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8afb6c394c753852596c484e8e09d9e3a3fdcaffbcfd8855e0ff97710f98e41d
8b8081b98739029cfe72e50bef788cffa1e67e084164b7a1203363607066a06f
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353
94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae
9c1b1066c42f920ce30aee11e0645fc48f66f13f828e31865b34abe54d6dd4e0
a03b854d10519fd5be9cdcbc78fad3927c1a3de9e84fa74353c8a19cc20d0501
a0ecd664d717fc9ad0a511a6379f291db344fd80bfe9058989c0f4d658d65e1c
a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394
a496d00c01045833797708c865613a4a4be23f15f3d3a8dcdf6be8fedbe6b13b
a55619fd27a0e1c6c940e668707a13ea02bc52953106260a570c28e5a300c070
a740e8f24aeb94cab9c6685fce8b413f401d47b534ab58759bf20703442a421d
aabc152127fc44c50240bee0e3eb8f9b697be4cb9e9987fb5924655dfedf4ada
aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b1700a9f05644621ffe3a13f59d5258261f170718eb8a6076e5fc55cd918afc7
b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1
b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0
b7738a1e839a0c565352056f8efb00ee9ee01ba4f58638490e8b8b3e74584f66
b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d
bff2eb456da2bc3f6f2e7741e733c878a88830488a13932a36233b89083090c0
c2c103d87990d1a8b2a68a77d5008f8d272096c78d4eae48371629ec50118932
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
ca28ac9e0b87c62c2b1411d5a27a058556e4da936c1aafe2cb356fe5f8d4c716
cb8c2b19fd9b56c41db14bd71b5c0616c1ba4e99b08c8e75084cf695f74b7120
cf9e92205faeb2fc9929f8aaf67ee6fb15084be8994babd310cfa01d62e29e5c
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d53ad65904b3e7c8a7dbf9479478e5c3f84ac198f1d81f3a97edd0e4af552e3a
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
da4244947ac210e9a7bf2720d0f264b562ba561235f9afe0981cedb815579b6e
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
dc9c9c844ff6344c978ced69c04166f6f559b58d9e6fbe703be19e77d01c9e14
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e2a193fa1b1801dcdddf024a250b04b496f5e36e4324a8de73948e6421ff5865
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e53e2f2193fd46c5605f062d66c8b95c9d27069004aa61bae4b6badf29fdf52a
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
ebc6864388422f0526dd1be3d78d40f17410bbdaa50809606a7f017c4d347345
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa0a087e89f6767d73c0bafed2b9c9aa3bea87f93f2d42fa37ab6b9635a50dff
fb6a603e893862c0b194cd1a0644c488408d801de2d9f6247499d7cce62f866d
fc63bcb27ddcc7db31dbeb560783e0296c166e400221a46c9916909d56ad2870
fc7d5e41bfcae13c9f8d4ceb0c50f1a19b9ca02f68334f9f864ca4f36048412f
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a
ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

www.proofpoint.com Open in urlscan Pro 2a02:e980:107::cf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

197 Requests

98 %HTTPS

52 %IPv6

33 Domains

50 Subdomains

43 IPs

4 Countries

2839 kBTransfer

7356 kBSize

47 Cookies

13 Outgoing links

Redirected requests

197 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Screenshot
Live screenshot

Full Image

197
Requests

98 %
HTTPS

52 %
IPv6

33
Domains

50
Subdomains

43
IPs

4
Countries

2839 kB
Transfer

7356 kB
Size

47
Cookies

197 HTTP transactions
0 data transactions