www.sentinelone.com Open in urlscan Pro
104.26.3.18 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Submission: On September 15 via api (September 15th 2021, 7:45:51 am UTC) from US — Scanned from DE

Summary HTTP 146 Redirects Links 39 Behaviour Indicators

Summary

This website contacted 48 IPs in 7 countries across 43 domains to perform 146 HTTP transactions. The main IP is 104.26.3.18, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.sentinelone.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 9th 2021. Valid for: a year.

This is the only time www.sentinelone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14 17	104.26.3.18 104.26.3.18	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 26	2620:12a:8000::2 2620:12a:8000::2	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4007:807::200a	15169 (GOOGLE) (GOOGLE)
1 1	173.223.105.25 173.223.105.25	16625 (AKAMAI-AS) (AKAMAI-AS)
7	104.17.73.206 104.17.73.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	151.139.242.10 151.139.242.10	33438 (HIGHWINDS2) (HIGHWINDS2)
1	185.93.2.242 185.93.2.242	60068 (CDN77 ^_^) (CDN77 ^_^)
5	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.18.82.210 52.18.82.210	16509 (AMAZON-02) (AMAZON-02)
17	23.4.213.149 23.4.213.149	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:10:... 2606:4700:10::6814:b844	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4007:819::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4007:819::2008	15169 (GOOGLE) (GOOGLE)
2	3.215.119.159 3.215.119.159	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:2b0... 2a02:26f0:2b00:98b::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.249.10.226 13.249.10.226	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4007:812::200e	15169 (GOOGLE) (GOOGLE)
1	216.58.214.162 216.58.214.162	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	143.204.228.129 143.204.228.129	16509 (AMAZON-02) (AMAZON-02)
1 2	172.217.22.134 172.217.22.134	15169 (GOOGLE) (GOOGLE)
1	151.101.0.65 151.101.0.65	54113 (FASTLY) (FASTLY)
3	2a03:2880:f02... 2a03:2880:f027:212:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	23.72.24.183 23.72.24.183	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.249.10.118 13.249.10.118	16509 (AMAZON-02) (AMAZON-02)
1	151.101.193.2 151.101.193.2	54113 (FASTLY) (FASTLY)
1	151.101.120.157 151.101.120.157	54113 (FASTLY) (FASTLY)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	2600:9000:218... 2600:9000:218d:400:11:8a36:7200:93a1	16509 (AMAZON-02) (AMAZON-02)
1 4	37.252.173.62 37.252.173.62	29990 (ASN-APPNEX) (ASN-APPNEX)
2	3.67.149.147 3.67.149.147	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	34.246.96.178 34.246.96.178	16509 (AMAZON-02) (AMAZON-02)
1	52.222.158.24 52.222.158.24	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4007:813::2002	15169 (GOOGLE) (GOOGLE)
2	52.222.174.116 52.222.174.116	16509 (AMAZON-02) (AMAZON-02)
1	52.222.149.2 52.222.149.2	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c09::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4007:80d::2002	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f13... 2a03:2880:f130:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	3.224.194.150 3.224.194.150	14618 (AMAZON-AES) (AMAZON-AES)
2	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4007:80c::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4007:818::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4007:818::2002	15169 (GOOGLE) (GOOGLE)
146	48

17 104.26.3.18 (United States) 14 redirects

ASN13335 (CLOUDFLARENET, US)

www.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2620:12a:8000::2 (United States) 2 redirects

ASN54113 (FASTLY, US)

de.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4007:807::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.223.105.25 (London, United Kingdom) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a173-223-105-25.deploy.static.akamaitechnologies.com

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.17.73.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 151.139.242.10 (United States)

ASN33438 (HIGHWINDS2, US)

899029.smushcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.93.2.242 (Paris, France)

ASN60068 (CDN77 ^_^, GB)
PTR: edge-576.bunnyinfra.net

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.18.82.210 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-82-210.eu-west-1.compute.amazonaws.com

collector-5527.tvsquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 23.4.213.149 (London, United Kingdom)

ASN16625 (AKAMAI-AS, US)
PTR: a23-4-213-149.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4007:819::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4007:819::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.215.119.159 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-119-159.compute-1.amazonaws.com

api.rebrandly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:2b00:98b::25ea (Paris, France)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.10.226 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-10-226.cdg53.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4007:812::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.214.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: mad01s26-in-f162.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.228.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-228-129.cdg3.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: par21s12-in-f6.1e100.net

10466992.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.0.65 (United States)

ASN54113 (FASTLY, US)

tag.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f027:212:face:b00c:0:3 (Chicago, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.72.24.183 (Paris, France)

ASN16625 (AKAMAI-AS, US)
PTR: a23-72-24-183.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.10.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-10-118.cdg53.r.cloudfront.net

munchkin.brightfunnel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.2 (United States)

ASN54113 (FASTLY, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.120.157 (Paris, France)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218d:400:11:8a36:7200:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.abrankings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.252.173.62 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.67.149.147 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-67-149-147.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.246.96.178 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-96-178.eu-west-1.compute.amazonaws.com

pixel-geo.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.158.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-158-24.cdg52.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4007:813::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.174.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-174-116.cdg50.r.cloudfront.net

api.brightfunnel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.149.2 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-149-2.cdg52.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c09::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4007:80d::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f130:83:face:b00c:0:25de (France)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.224.194.150 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-194-150.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4007:80c::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4007:818::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4007:818::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	sentinelone.com 16 redirects www.sentinelone.com de.sentinelone.com go.sentinelone.com	643 KB
17	6sc.co j.6sc.co c.6sc.co b.6sc.co	20 KB
11	smushcdn.com 899029.smushcdn.com	1 MB
7	cookielaw.org cdn.cookielaw.org	114 KB
6	onesignal.com cdn.onesignal.com onesignal.com img.onesignal.com	87 KB
4	facebook.com www.facebook.com	532 B
4	prfct.co 2 redirects pixel-geo.prfct.co	2 KB
4	adnxs.com 1 redirects secure.adnxs.com	3 KB
4	doubleclick.net 1 redirects 10466992.fls.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net Failed	4 KB
4	google-analytics.com www.google-analytics.com	60 KB
3	google.de www.google.de adservice.google.de	2 KB
3	google.com adservice.google.com www.google.com	2 KB
3	brightfunnel.com munchkin.brightfunnel.com api.brightfunnel.com	8 KB
3	facebook.net connect.facebook.net	201 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	63 KB
3	bing.com bat.bing.com	9 KB
3	gstatic.com fonts.gstatic.com	56 KB
2	twitter.com analytics.twitter.com	917 B
2	6sense.com epsilon.6sense.com	510 B
2	quora.com a.quora.com q.quora.com	14 KB
2	marketo.net munchkin.marketo.net	7 KB
2	rebrandly.com api.rebrandly.com	629 B
2	googletagmanager.com www.googletagmanager.com	116 KB
2	tvsquared.com collector-5527.tvsquared.com	9 KB
2	omappapi.com a.omappapi.com api.omappapi.com	58 KB
1	reddit.com alb.reddit.com	125 B
1	t.co t.co	454 B
1	abrankings.com cdn.abrankings.com	8 KB
1	redditstatic.com www.redditstatic.com	7 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	marinsm.com tag.marinsm.com	4 KB
1	googleadservices.com www.googleadservices.com	14 KB
1	licdn.com snap.licdn.com	2 KB
1	onetrust.com geolocation.onetrust.com	389 B
1	typography.com 1 redirects cloud.typography.com	449 B
1	googleapis.com fonts.googleapis.com	1 KB
0	clearbit.com Failed ga.clearbit.com Failed
0	hotjar.io Failed vc.hotjar.io Failed
0	rubiconproject.com Failed pixel.rubiconproject.com Failed
0	openx.net Failed us-u.openx.net Failed
0	yahoo.com Failed ads.yahoo.com Failed
0	mktoresp.com Failed 327-mnm-087.mktoresp.com Failed
0	linkedin.com Failed px4.ads.linkedin.com Failed
146	43

	Domain	Requested by
26	de.sentinelone.com	2 redirects www.sentinelone.com de.sentinelone.com
17	www.sentinelone.com	14 redirects www.sentinelone.com
14	b.6sc.co	www.sentinelone.com
11	899029.smushcdn.com	www.sentinelone.com
7	go.sentinelone.com	www.sentinelone.com go.sentinelone.com
7	cdn.cookielaw.org	www.sentinelone.com cdn.cookielaw.org
4	www.facebook.com	www.sentinelone.com
4	pixel-geo.prfct.co	2 redirects www.sentinelone.com
4	secure.adnxs.com	1 redirects j.6sc.co www.sentinelone.com
4	www.google-analytics.com	www.googletagmanager.com munchkin.brightfunnel.com www.google-analytics.com www.sentinelone.com
3	connect.facebook.net	www.sentinelone.com connect.facebook.net
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.sentinelone.com
3	onesignal.com	cdn.onesignal.com
3	fonts.gstatic.com	fonts.googleapis.com
2	www.google.de	www.sentinelone.com
2	www.google.com	www.sentinelone.com
2	analytics.twitter.com	static.ads-twitter.com www.sentinelone.com
2	api.brightfunnel.com	munchkin.brightfunnel.com
2	epsilon.6sense.com	j.6sc.co
2	c.6sc.co	j.6sc.co
2	munchkin.marketo.net	www.sentinelone.com munchkin.marketo.net
2	10466992.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	api.rebrandly.com	www.sentinelone.com
2	www.googletagmanager.com	www.sentinelone.com www.googletagmanager.com
2	collector-5527.tvsquared.com	www.sentinelone.com
2	cdn.onesignal.com	www.sentinelone.com cdn.onesignal.com
1	adservice.google.de	adservice.google.com
1	alb.reddit.com	www.sentinelone.com
1	t.co	www.sentinelone.com
1	q.quora.com	www.sentinelone.com
1	img.onesignal.com	www.sentinelone.com
1	adservice.google.com	10466992.fls.doubleclick.net
1	stats.g.doubleclick.net	munchkin.brightfunnel.com
1	vars.hotjar.com	static.hotjar.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	script.hotjar.com	static.hotjar.com
1	cdn.abrankings.com	www.googletagmanager.com
1	www.redditstatic.com	www.sentinelone.com
1	static.ads-twitter.com	www.sentinelone.com
1	a.quora.com	www.sentinelone.com
1	munchkin.brightfunnel.com	www.sentinelone.com
1	tag.marinsm.com	www.sentinelone.com
1	static.hotjar.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	api.omappapi.com	a.omappapi.com
1	snap.licdn.com	www.sentinelone.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	j.6sc.co	www.sentinelone.com
1	a.omappapi.com	www.sentinelone.com
1	cloud.typography.com	1 redirects
1	fonts.googleapis.com	www.sentinelone.com
0	ga.clearbit.com Failed	www.googletagmanager.com
0	vc.hotjar.io Failed	munchkin.brightfunnel.com
0	cm.g.doubleclick.net Failed	www.sentinelone.com
0	pixel.rubiconproject.com Failed	www.sentinelone.com
0	us-u.openx.net Failed	www.sentinelone.com
0	ads.yahoo.com Failed	www.sentinelone.com
0	327-mnm-087.mktoresp.com Failed	munchkin.marketo.net
0	px4.ads.linkedin.com Failed	www.sentinelone.com
146	59

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
malpedia.caad.fkie.fraunhofer.de
www.fortinet.com
www.proofpoint.com
www.malwarebytes.com
www.mcafee.com
www.warriorforum.com
opengovca.com
lolbas-project.github.io
nsudo.m2team.org
bugs.chromium.org
tria.ge
urlhaus.abuse.ch
otx.alienvault.com
assets.sentinelone.com
www.facebook.com
reddit.com
github.com
t.co
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
sentinelone.com Cloudflare Inc ECC CA-3	`2021-06-09` - `2022-06-08`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-08-30` - `2021-11-22`	3 months	crt.sh
go.sentinelone.com Cloudflare Inc ECC CA-3	`2021-06-14` - `2022-06-13`	a year	crt.sh
*.smushcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-22` - `2022-03-22`	2 years	crt.sh
a.omappapi.com R3	`2021-08-24` - `2021-11-22`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
*.tvsquared.com Amazon	`2021-08-31` - `2022-09-29`	a year	crt.sh
*.6sc.co DigiCert SHA2 Secure Server CA	`2021-03-09` - `2022-03-16`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2021-02-12` - `2022-02-11`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-04-30` - `2022-05-11`	a year	crt.sh
*.rebrandly.com Go Daddy Secure Certificate Authority - G2	`2021-05-07` - `2022-06-08`	a year	crt.sh
api.opmnstr.com Amazon	`2021-03-11` - `2022-04-09`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-07-06` - `2022-01-06`	6 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
tag.marinsm.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-06-25` - `2021-09-23`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2021-03-29` - `2022-04-06`	a year	crt.sh
*.brightfunnel.com Amazon	`2021-03-15` - `2022-04-13`	a year	crt.sh
quora.com R3	`2021-09-12` - `2021-12-11`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
www.redditstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-23` - `2021-11-18`	6 months	crt.sh
cdn.abrankings.com Amazon	`2021-05-18` - `2022-06-16`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.6sense.com Amazon	`2021-06-30` - `2022-07-29`	a year	crt.sh
*.prfct.co DigiCert SHA2 Secure Server CA	`2019-09-03` - `2021-10-27`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.quora.com R3	`2021-09-12` - `2021-12-11`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-23` - `2021-11-18`	6 months	crt.sh
www.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Frame ID: 161547DC18FD77D5F44B408DF6C2F14C
Requests: 148 HTTP requests in this frame

Frame: https://go.sentinelone.com/index.php/form/XDFrame
Frame ID: 53460E5E4C50E2CD3786E68BE32A47FD
Requests: 2 HTTP requests in this frame

Frame: https://10466992.fls.doubleclick.net/activityi;dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F
Frame ID: 31B42279C18240BE2940267963AEF7BE
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Frame ID: 8DAFE56D07AD7E630E3E1FB39CDD9832
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F
Frame ID: 1FAC1A66E7CB693A75C235F503912BA0
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: AAA699208C1A0599BC66778FE601DAA5
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 60EADAECC6DFFF95E83DA7BA50A78DA4
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F
Frame ID: A075D55721BADA35B67258E9AA2E573D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms - SentinelOneBack ButtonSearch IconFilter Icon

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

146
Requests

95 %
HTTPS

42 %
IPv6

43
Domains

59
Subdomains

48
IPs

7
Countries

2759 kB
Transfer

5904 kB
Size

44
Cookies

39 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/LabsSentinel

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sentinelone

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.zloader
Title: ZLoader

Search URL Search Domain Scan URL

URL: https://www.fortinet.com/blog/threat-research/the-curious-case-of-an-unknown-trojan-targeting-german-speaking-users
Title: 2016

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns
Title: appeared

Search URL Search Domain Scan URL

URL: https://www.malwarebytes.com/resources/files/2020/06/the-silent-night-zloader-zbot_final.pdf
Title: Newer versions

Search URL Search Domain Scan URL

URL: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/zloader-with-a-new-infection-technique/
Title: recent

Search URL Search Domain Scan URL

URL: https://www.warriorforum.com/blogs/clint-butler/15012-google-ad-services-pagead-aclk-what-heck.html
Title: aclk

Search URL Search Domain Scan URL

URL: https://opengovca.com/corporation/13146341
Title: Flyintellect Inc

Search URL Search Domain Scan URL

URL: https://lolbas-project.github.io/lolbas/Binaries/Explorer/
Title: LOLBAS

Search URL Search Domain Scan URL

URL: https://lolbas-project.github.io/lolbas/Binaries/Regsvr32/
Title: LOLBAS

Search URL Search Domain Scan URL

URL: https://nsudo.m2team.org/en-us/
Title: NSudo

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=997
Title: abused

Search URL Search Domain Scan URL

URL: https://tria.ge/210316-7wv57c1c4n
Title: googleaktualizacija

Search URL Search Domain Scan URL

URL: https://urlhaus.abuse.ch/host/pornotublovers.com/
Title: 1

Search URL Search Domain Scan URL

URL: https://otx.alienvault.com/pulse/6114e84021bab5e48dd64903
Title: 2

Search URL Search Domain Scan URL

URL: https://assets.sentinelone.com/sentinellabs/SentinelLabs-Zloader
Title: Read the Full Report

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://s1.ai/wmaHwP

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://s1.ai/wmaHwP&text=Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://s1.ai/wmaHwP

Search URL Search Domain Scan URL

URL: https://reddit.com/submit?url=https://s1.ai/wmaHwP

Search URL Search Domain Scan URL

URL: https://github.com/antonio-s1

Search URL Search Domain Scan URL

URL: https://twitter.com/BleepinComputer
Title: @BleepinComputer

Search URL Search Domain Scan URL

URL: https://twitter.com/LawrenceAbrams
Title: @LawrenceAbrams

Search URL Search Domain Scan URL

URL: https://t.co/1oQfe2L0I4
Title: https://t.co/1oQfe2L0I4

Search URL Search Domain Scan URL

URL: https://twitter.com/vk_intel/statuses/1435758641072812035
Title: 6 days ago

Search URL Search Domain Scan URL

URL: https://twitter.com/y_advintel
Title: @y_advintel

Search URL Search Domain Scan URL

URL: https://twitter.com/search?q=REvil
Title: #REvil

Search URL Search Domain Scan URL

URL: https://twitter.com/AdvIntel
Title: @AdvIntel

Search URL Search Domain Scan URL

URL: https://t.co/8gStc3qxVI
Title: https://t.co/8gStc3qxVI

Search URL Search Domain Scan URL

URL: https://twitter.com/vk_intel/statuses/1437521819880337409
Title: yesterday

Search URL Search Domain Scan URL

URL: https://t.co/kJlAGLZZ99
Title: https://t.co/kJlAGLZZ99

Search URL Search Domain Scan URL

URL: https://twitter.com/vk_intel/statuses/1436436185996476420
Title: 4 days ago

Search URL Search Domain Scan URL

URL: https://twitter.com/benkow_
Title: @benkow_

Search URL Search Domain Scan URL

URL: https://t.co/1cykCduArW
Title: https://t.co/1cykCduArW

Search URL Search Domain Scan URL

URL: https://t.co/R6rS7GoT5Q
Title: https://t.co/R6rS7GoT5Q

Search URL Search Domain Scan URL

URL: https://twitter.com/vk_intel/statuses/1435990228414644229
Title: 5 days ago

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0 HTTP 302
https://de.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0

Request Chain 3

https://cloud.typography.com/7197018/6979812/css/fonts.css HTTP 302
https://www.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css HTTP 302
https://de.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

Request Chain 4

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881 HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Request Chain 5

https://www.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.1 HTTP 302
https://de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.1

Request Chain 6

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js

Request Chain 8

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1631569881 HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1631569881

Request Chain 9

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

Request Chain 10

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg

Request Chain 11

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg

Request Chain 12

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg

Request Chain 14

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg

Request Chain 20

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg

Request Chain 22

https://www.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2fd15cc99a5c050eff6e52ae2b595736 HTTP 302
https://de.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2fd15cc99a5c050eff6e52ae2b595736

Request Chain 23

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1631569882 HTTP 302
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1631569882

Request Chain 52

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg; HTTP 301
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg

Request Chain 53

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg; HTTP 301
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg

Request Chain 83

https://10466992.fls.doubleclick.net/activityi;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F HTTP 302
https://10466992.fls.doubleclick.net/activityi;dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F

Request Chain 105

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2225260%2C432890&time=1631691935744&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2225260%252C432890%26time%3D1631691935744%26url%3Dhttps%253A%252F%252Fwww.sentinelone.com%252Flabs%252Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2225260%2C432890&time=1631691935744&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2225260%2C432890&time=1631691935744&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&liSync=true&e_ipv6=AQJknloxuLTcDQAAAXvoazzpEMZsOaSPPq5ela827Dvdz9MN68qf1D1gyBIinrnv_zwm2oXN

Request Chain 110

https://pixel-geo.prfct.co/tagjs?a_id=56252&source=js_tag HTTP 302
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag

Request Chain 144

https://pixel-geo.prfct.co/cs/?partnerId=twtr HTTP 302
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_AGK2LBvnVHNVIsXl3

Request Chain 145

https://pixel-geo.prfct.co/cs/?partnerId=yah HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_AGK2LBvnVHNVIsXl3&sigv=1&esig=2~68cc99a110daac54696115b47ed5da43caad664d

Request Chain 146

https://pixel-geo.prfct.co/cs/?partnerId=opx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_AGK2LBvnVHNVIsXl3

Request Chain 147

https://pixel-geo.prfct.co/cs/?partnerId=rbcn HTTP 302
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_AGK2LBvnVHNVIsXl3

Request Chain 148

https://pixel-geo.prfct.co/cs/?partnerId=goo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfQUdLMkxCdm5WSE5WSXNYbDM

Request Chain 150

https://secure.adnxs.com/seg?t=2&add=4530935 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

146 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/ 78 KB
25 KB 5491ms
404ms Document
text/html 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dffb8445d323b773f33e3b74ac0299023ce55d0447ed937cef0509e2fb0b152a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost;
Strict-Transport-Security	max-age=15768000;, max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM SAMEORIGIN, sentinelone.pathfactory.com, sentinelone.lookbookhq.com, assets.pathfactory.com, go.sentinelone.com, www.sentinelone.com, app.scalyr.com, app.eu.scalyr.com, localhost
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.sentinelone.com
:scheme: https
:path: /labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 15 Sep 2021 07:45:19 GMT
content-type: text/html; charset=UTF-8
cf-ray: 68f03c208c4e3613-MAN
cache-control: max-age=60
last-modified: Wed, 15 Sep 2021 07:44:52 GMT
link: <https://www.sentinelone.com/wp-json/>; rel="https://api.w.org/", <https://www.sentinelone.com/?p=50396>; rel=shortlink
strict-transport-security: max-age=15768000;, max-age=300
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
cf-edge-cache: cache,platform=wordpress
content-security-policy: frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost;
expect-ct: enforce; max-age=2592000;
referrer-policy: origin-when-cross-origin
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-content-type-options: nosniff
x-frame-options: ALLOW-FROM SAMEORIGIN, sentinelone.pathfactory.com, sentinelone.lookbookhq.com, assets.pathfactory.com, go.sentinelone.com, www.sentinelone.com, app.scalyr.com, app.eu.scalyr.com, localhost
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-qj9vw
x-served-by: cache-mdw17367-MDW, cache-man4138-MAN
x-styx-req-id: 6e9240e1-15f8-11ec-9fed-a29a44257119
x-timer: S1631691920.819232,VS0,VE0
x-xss-protection: 1; mode=block
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a1k9cRNgfirci2xBilmHej9Dqz7u7jTGbwVcK14WC1pB15wRJz%2FbpRF362Ap94f3hPxZzCzg%2FZ%2BzCxQgdIqGptYet3aLMjI2QBj3wf%2FHQgowlQ%2FRUNB63rFDLwrUBPVGaLVK6dY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 19 KB
7 KB 5054ms
13ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e45f3b0dad8aa0528790a6dd6dd2831bb8547129bd1320c10fd120118f44616

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Sep 2021 07:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: BC5xsXKGgJbQbCzkLNvwBQ==
age: 3149114
vary: Accept-Encoding
content-length: 6328
x-ms-lease-status: unlocked
last-modified: Wed, 04 Aug 2021 01:49:58 GMT
server: cloudflare
etag: 0x8D956EA2A6E73F4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b8d637e9-f01e-012a-80bd-8bebf6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 68f03c429db36957-FRA
expires: Wed, 15 Sep 2021 11:45:24 GMT

GET
H2

200

tp_twitter_plugin.css
de.sentinelone.com/wp-content/plugins/recent-tweets-widget/
Redirect Chain

https://www.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0
https://de.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0

529 B
480 B

5066ms
22ms

Stylesheet
text/css

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3109fef8b2a9ab71fca698483d2bae36d8fed772517c259dacce872e739bb690

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d8-211"
age: 121854
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-7r9wk
x-cache: HIT, HIT
content-length: 286
x-served-by: cache-mdw17356-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:20 GMT
server: nginx
x-timer: S1631691925.955975,VS0,VE0
date: Wed, 15 Sep 2021 07:45:24 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c455b1c-14dd-11ec-bbae-2678fc2adc05
x-cache-hits: 1, 2

Redirect headers

date: Wed, 15 Sep 2021 07:45:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8wtyHOAvhWMsSczR%2FlRnj%2FZaCQkXiSJ%2BnH90%2BMg0kynmCcw%2FGUQU1njdCjNdmsqoIJMoTEz%2FfDbZBDJdTcGLPwUx%2FOZkFN%2FT4KtEWCVB2TYTc8Q9NAx6%2BZO5iMHHB5FWK3b7bE%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c233f3a3613-MAN
content-length: 0

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 5109ms
32ms Stylesheet
text/css 2a00:1450:4007:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:807::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9551336c47f8a2d07a6805394faaf2d009c8e558dd6b2c236fd63594651db770

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 15 Sep 2021 06:45:37 GMT
server: ESF
date: Wed, 15 Sep 2021 07:45:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Sep 2021 07:45:24 GMT

GET
H2

200

2EC96BA1F5C4837D6.css
de.sentinelone.com/fonts/804059/
Redirect Chain

https://cloud.typography.com/7197018/6979812/css/fonts.css
https://www.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css
https://de.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

104 KB
80 KB

10ms
10ms

Stylesheet
text/css

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ba0429c39149c85d1a9b6d03e40a59de57367d1fd22bbab68bee7e0b17c05f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d7-1a12c"
age: 120599
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-bhkw8
x-cache: HIT, HIT
content-length: 81369
x-served-by: cache-mdw17371-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:19 GMT
server: nginx
x-timer: S1631691926.950584,VS0,VE1
date: Wed, 15 Sep 2021 07:45:25 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 22:15:27 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 193bf6c5-14e0-11ec-bcbc-cef784aec92c
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JYwX7EO0thYRT%2Fc4EIfUf1ln2qSpplNN09FLuFBrjMQZbnL91XLgpt%2F4N5QrsaQy8BoaXdEw42Ng4w89qRpnUtTjhb4SiwmMO1qtSPispcPtENdFSc7DLRhZx5JJCmk1g2M2xTA%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c48e9ce3613-MAN
content-length: 0

GET
H2

200

style.min.css
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

646 KB
102 KB

5051ms
7ms

Stylesheet
text/css

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

382a3f866bd3a0e4428c592fbe0f61ed62c34a19dba07cf24208b793e3b42d6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-a18ef"
age: 121885
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-7r9wk
x-cache: HIT, HIT
content-length: 104210
x-served-by: cache-mdw17344-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691925.956020,VS0,VE0
date: Wed, 15 Sep 2021 07:45:24 GMT
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1a427563-14dd-11ec-bbae-2678fc2adc05
x-cache-hits: 1, 3

Redirect headers

date: Wed, 15 Sep 2021 07:45:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FsMJC5SXVNpwvKVOq10ebahOA3xHvgM9pNXJToZWTaCMqK7KXwXlzILiY4Jertk%2F6XatVw%2BIUvt%2BjMeJQNab0dheuBYPS7Q5GXhJjLQ36czLKndE8nm0HL9bpm712r%2B5o50d8ZU%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c233f3d3613-MAN
content-length: 0

GET
H2

200

wpp.min.js Show response
de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/
Redirect Chain

https://www.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.1
https://de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.1

3 KB
2 KB

5073ms
28ms

Script
application/x-javascript

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.1

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ace4208545fb0ff5ea87fbe1470d3bf0af8e73d7d52fea869966c4b9d8c78a60

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-bc3"
age: 121854
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-4w2l8
x-cache: HIT, HIT
content-length: 1422
x-served-by: cache-mdw17360-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691925.956148,VS0,VE1
date: Wed, 15 Sep 2021 07:45:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c4795b8-14dd-11ec-bc57-866160362ccf
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3vtUBkkdOwweVxmdGhoBrtmprvZXXse5bgNRHu31QqxWjdFBRr%2F8n5PuyjmaaPX4C4TeOczqCnjqfUd1NDN6XH5ezoXrLA3O0Ehy92R7xyM660qpQeUfWQwJB2EFgay06F1WPLE%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.1
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c233f3e3613-MAN
content-length: 0

GET
H2

200

jquery-3.5.1.min.js Show response
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js

87 KB
36 KB

5071ms
28ms

Script
application/x-javascript

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-15d84"
age: 121854
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-bhkw8
x-cache: HIT, HIT
content-length: 36067
x-served-by: cache-mdw17371-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691925.956086,VS0,VE1
date: Wed, 15 Sep 2021 07:45:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c45cce3-14dd-11ec-bcbc-cef784aec92c
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hq0L%2Fd4%2BEQPrI0heMduE1ATbj822fSEteGNP3zQRp34MVCei9KIJcNkoCfU9SZhR7QDWZ%2FfqMNnmKFRrkS%2BdD%2FJo%2BrOU8SKXxB5MPAcv78JZhamSSku%2B629Iz%2BU9xirFkrefW%2Fc%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c233f3f3613-MAN
content-length: 0

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ 205 KB
68 KB 5274ms
26ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689a0237a95cfd8135f8da3ac79c430e903f3c542f8b862f68141c84c348c43

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 10 Aug 2021 17:41:08 GMT
server: cloudflare
age: 6958
etag: "c60338-33210-5c93801bbf500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 68f03c43f9e9331d-CDG
expires: Wed, 15 Sep 2021 11:45:25 GMT

GET
H2

200

header.min.js Show response
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1631569881
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1631569881

148 KB
47 KB

5069ms
24ms

Script
application/x-javascript

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1631569881

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

15c2bee93924ba227132e2a5a601190bf7b1d10798c471a46b63a731ec1dc63e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-2502b"
age: 121885
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-vqq6w
x-cache: HIT, HIT
content-length: 48188
x-served-by: cache-mdw17322-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691925.956119,VS0,VE1
date: Wed, 15 Sep 2021 07:45:24 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1a4d54f4-14dd-11ec-adf5-7230d8a1ae9e
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ScvGrjYaEVvrIId6mEC0Zev2ADYwDiu8OKdD%2BdpItlIk4YOW7FwimfdBMlOm9BQ%2B7r9TURlPL4w97gxJ3%2FVcC2qoQf9BdF0XSP3kY9TbRl1erN9raub7JFqRTD9Lg0%2Bc1oba9pc%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1631569881
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c233f403613-MAN
content-length: 0

GET
H2

200

search-icon-white.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

681 B
663 B

7ms
7ms

Image
image/svg+xml

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5466092ef0deb16007dc2e8e61eb345b380ab6663bd3ef41808ffb7360abd61a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d8-2a9"
age: 121854
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-bhkw8
x-cache: HIT, HIT
content-length: 385
x-served-by: cache-mdw17321-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:20 GMT
server: nginx
x-timer: S1631691925.364543,VS0,VE0
date: Wed, 15 Sep 2021 07:45:25 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c69f871-14dd-11ec-bcbc-cef784aec92c
x-cache-hits: 1, 2

Redirect headers

date: Wed, 15 Sep 2021 07:45:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5izqst2dL%2BnMRQIfByZRFC1ebXuRCGg2WoBE%2B6fA8BWYqQnGLsOwjMqn7of10igyZR94k9czPOcPSs3SgzuxvjFg6tcFqnsfZ7XKl5%2Bw6Gvo%2FLoj8%2FtrRvYkGN9rz94TAxa7wUY%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c453da93613-MAN
content-length: 0

GET
H2

200

search-icon.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg

681 B
625 B

8ms
8ms

Image
image/svg+xml

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

516cbc569d4e8f15ac7917f186a911d85fd0aaca2d0ca074a6583e95486af856

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-2a9"
age: 121855
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-cq9h9
x-cache: HIT, HIT
content-length: 385
x-served-by: cache-mdw17330-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691925.421045,VS0,VE1
date: Wed, 15 Sep 2021 07:45:25 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c49cb50-14dd-11ec-84ea-de0358ae28e3
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AASNQwy2QYDRV740cw53Tz1Ru7afL3hGFuJEx8q8YB5NHQkk3%2BvC4GO94mLjQTN3OVzFSQm8RMfH9NNXZ56yNrlWZTVBwH3geTsqMmFmTorH%2BArvqb1mVXZNWSV%2FsZ1%2Bm1%2FqSXk%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c45ae393613-MAN
content-length: 0

GET
H2

200

navigation-close.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg

667 B
499 B

15ms
15ms

Image
image/svg+xml

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

dd7ec90bdddc830689a2a4e0b9d3864cd99aa688309ce12c36c625bb5c154398

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-29b"
age: 121855
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-7r9wk
x-cache: HIT, HIT
content-length: 339
x-served-by: cache-mdw17363-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691925.481597,VS0,VE1
date: Wed, 15 Sep 2021 07:45:25 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c4a2aa7-14dd-11ec-bbae-2678fc2adc05
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KW6%2FJiGuC3fwTa0HdJuiAOfNX1tyIrjCkv8x65BWIJok%2Bqa%2Bl%2FPsBEnXAIXaL0e2iT0pkN7vXuI9oiw2njtMOEgcb34c5Xljxo9pZ3ZSY9zcfjio%2B0zLitKmhLbi6eF0FFpSiq4%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c45fe953613-MAN
content-length: 0

GET
H2

200

navigation-close-dark.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg

667 B
464 B

8ms
8ms

Image
image/svg+xml

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

de02e745c51299417a1126c3707d033de02baef0f9be8fed07185c1a6b74eac1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-29b"
age: 121855
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-cq9h9
x-cache: HIT, HIT
content-length: 339
x-served-by: cache-mdw17327-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691926.537490,VS0,VE1
date: Wed, 15 Sep 2021 07:45:25 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c497437-14dd-11ec-84ea-de0358ae28e3
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=InA0JpN9reo5e4EUMizf2hTMfLgjEVGx2eiFLFPHgC1%2Bb5sR1mgxFNY4MuPzDrLFRIBJXFwnSJ%2BXrGlu3EKPSjOa3mtZkSc1YGEWsatbDOxvL4YUireXZRMpytxGIRzzmw3EAOg%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c465f1b3613-MAN
content-length: 0

GET
H2 200 SentinelLabs_Logo_RGB_WhitePurp.png
899029.smushcdn.com/2131410/wp-content/themes/sentinelone/carbine/assets/img/ 4 KB
4 KB 5121ms
72ms Image
image/png 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/themes/sentinelone/carbine/assets/img/SentinelLabs_Logo_RGB_WhitePurp.png?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: fb0ccd0e560efc5118401105d0d9d26940ddc759fd534f465339466d575cde02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Sat, 25 Sep 2021 19:35:16 GMT", rule-id="expire"
last-modified: Thu, 26 Aug 2021 19:35:16 GMT
server: nginx
etag: "ce96241bb4c574b741f742b936eebde6"
x-cache: HIT
smushed: origFmt=png, origSize=5631, smushRatio=30.46, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/png
content-length: 3916
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2

200

navigation-arrow-left.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg

566 B
530 B

9ms
8ms

Image
image/svg+xml

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

adedd0befd73ee02e5480f500d1c8518bc6ab5ec39f4f06024102f53e8c0a683

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d8-236"
age: 121855
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-cq9h9
x-cache: HIT, HIT
content-length: 326
x-served-by: cache-mdw17368-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:20 GMT
server: nginx
x-timer: S1631691926.048152,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c66fb67-14dd-11ec-84ea-de0358ae28e3
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4TAq0dnmToPDq5%2B8mCoAledArPnbeIt%2BiOkIqpqX9S933sKPXwB6cqtuWpsV6tgBPbyWVcGx69D97lx8gSuyesjzrgFuQK4xS28zaHxgLLVE%2BIb2DnWDnzVDhApiSBNyDouQxE%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c495a3b3613-MAN
content-length: 0

GET
H2 200 Hide-and-Seek-New-Zloader-Infection-Chain-Comes-With-Improved-Stealth-and-Evasion-Mechanisms-6.jpg
899029.smushcdn.com/2131410/wp-content/uploads/2021/09/ 819 KB
820 KB 4616ms
24ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/2021/09/Hide-and-Seek-New-Zloader-Infection-Chain-Comes-With-Improved-Stealth-and-Evasion-Mechanisms-6.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 52df282a939bf914f841bc194e18f4748268363014ac33278a15d6352c53dfb2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Wed, 13 Oct 2021 14:34:01 GMT", rule-id="expire"
last-modified: Mon, 13 Sep 2021 14:34:01 GMT
server: nginx
etag: "9dec9eb63827f3663765157d22cf1cc3"
x-cache: HIT
smushed: origFmt=jpg, origSize=877609, smushRatio=4.42, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 838852
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2 200 email-decode.min.js Show response
www.sentinelone.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 26ms
25ms Script
application/javascript 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: __cfredirector_sm=DE
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.sentinelone.com
referer: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 07 Sep 2021 12:26:08 GMT
server: cloudflare
etag: W/"61375a60-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GfEgGOv679VVtT9O4zRT0pNq1hwlLOUcNlj5MMCOvykO1iosibXgLGntPmZlpmFH%2BwtyGSVAuAmKZ7Q6iRRA597V45V6RwJT3XEnK3Yoptr22tHBhpm5fjKWfFuXJXy8Ad%2Ff16Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 68f03c444c8d3613-MAN
vary: Accept-Encoding
expires: Fri, 17 Sep 2021 07:45:25 GMT

GET
H2 200 Hive-Attacks-Analysis-of-the-Human-Operated-Ransomware-Targeting-Healthcare-10-300x157.jpg
899029.smushcdn.com/2131410/wp-content/uploads/labs/2021/08/ 12 KB
13 KB 4645ms
54ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/labs/2021/08/Hive-Attacks-Analysis-of-the-Human-Operated-Ransomware-Targeting-Healthcare-10-300x157.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 9ef6ab87d09a104298aa6fb0698c52559901475a3e22c31705ac53360dfe6dee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Fri, 01 Oct 2021 22:27:12 GMT", rule-id="expire"
last-modified: Wed, 01 Sep 2021 22:27:12 GMT
server: nginx
etag: "9b4bba42ebf6ea40b83dfd7681b9c06e"
x-cache: HIT
smushed: origFmt=jpg, origSize=12587, smushRatio=0, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 12587
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2 200 Conti-Unpacked-Understanding-Ransomware-Development-As-a-Response-to-Detection-2-300x157.jpg
899029.smushcdn.com/2131410/wp-content/uploads/labs/2021/07/ 8 KB
8 KB 4653ms
62ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/labs/2021/07/Conti-Unpacked-Understanding-Ransomware-Development-As-a-Response-to-Detection-2-300x157.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 2e635c4abcee1ef2c27859eb6193d67bc52dd21c6645e250c4c8fa1b1ce8231f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Sat, 02 Oct 2021 19:29:02 GMT", rule-id="expire"
last-modified: Thu, 02 Sep 2021 19:29:02 GMT
server: nginx
etag: "ec1511045e15ecb2ce3edaef39f21338"
x-cache: HIT
smushed: origFmt=jpg, origSize=8232, smushRatio=0, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 8232
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2 200 Evasive-Maneuvers-Massive-IcedID-Campaign-Aims-For-Stealth-with-Benign-Macros-5-300x157.jpg
899029.smushcdn.com/2131410/wp-content/uploads/labs/2021/06/ 9 KB
9 KB 4645ms
54ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/labs/2021/06/Evasive-Maneuvers-Massive-IcedID-Campaign-Aims-For-Stealth-with-Benign-Macros-5-300x157.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 653e8898152effb6bcfd48c02d16a24f19c2ce14464a739f0d46baea5b410f6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Sat, 02 Oct 2021 19:29:03 GMT", rule-id="expire"
last-modified: Thu, 02 Sep 2021 19:29:03 GMT
server: nginx
etag: "be58f61dbec920f872b99146409a9074"
x-cache: HIT
smushed: origFmt=jpg, origSize=9355, smushRatio=0, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 9355
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2

200

testimonial_icon_close.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg

658 B
584 B

8ms
8ms

Image
image/svg+xml

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c66c8be72f0f2c0a85d3693ebd2e5a480c5b1d4e705c065cd7117dddfe3f6957

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7da-292"
age: 121855
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-4w2l8
x-cache: HIT, HIT
content-length: 334
x-served-by: cache-mdw17354-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:22 GMT
server: nginx
x-timer: S1631691926.064498,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c46b4de-14dd-11ec-bc57-866160362ccf
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RFqD%2BNEBIbY%2FYANoHf6zRSoyTCBgZomj%2BN%2FAvX2L3BeTcDehOewFcFbhzlgDywtiR1IbIZh7cjUJ69HU6UroTUfs0ca15%2FEQrrRT3A2XLFYglaP3mZ68kev1N6GbRGr9kAeoRuU%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/testimonial_icon_close.svg
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c499a723613-MAN
content-length: 0

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 205 KB
58 KB 5120ms
34ms Script
application/javascript 185.93.2.242
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.93.2.242 Paris, France, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: edge-576.bunnyinfra.net
Software: BunnyCDN-FR1-576 /
Resource Hash: 9fc5cafcc9a380057930c57fbf1005def9daf6a09bd8d906c068dd47a44ed32c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: br
cdn-edgestorageid: 576
perma-cache: HIT
cdn-storageserver: DE-169
cdn-cachedat: 08/20/2021 20:07:18
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-FR1-576
access-control-allow-origin: *
last-modified: Fri, 20 Aug 2021 18:07:15 GMT
cdn-proxyver: 1.0
cdn-fileserver: 152
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: b28ac6a60528ead321a36181fc946c74
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2

200

clipboard.min.js Show response
de.sentinelone.com/wp-includes/js/
Redirect Chain

https://www.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2fd15cc99a5c050eff6e52ae2b595736
https://de.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2fd15cc99a5c050eff6e52ae2b595736

10 KB
4 KB

8ms
8ms

Script
application/x-javascript

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2fd15cc99a5c050eff6e52ae2b595736

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5a4934fe889bc2f975cd69f0c35adc72107079ef0d36a139fa141b5219e0e6b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-296f"
age: 121854
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-kvsd7
x-cache: HIT, HIT
content-length: 3735
x-served-by: cache-mdw17381-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691925.234114,VS0,VE1
date: Wed, 15 Sep 2021 07:45:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c46a6b9-14dd-11ec-bf59-42cbcb5c18d1
x-cache-hits: 1, 1

Redirect headers

date: Wed, 15 Sep 2021 07:45:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNROe6SJuOZIvwvDUZJfCTPv8uiosTsIQn%2BOCE3l5EIRzShhKKli3sP9g5iGk1tkcwlsIq0B2sNNusucxz0zfHoexPpSinL%2BEsigsx1JoMfSJdzEZxd4pdPLz3ciBT%2BIR5EcZmE%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2fd15cc99a5c050eff6e52ae2b595736
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c446cc93613-MAN
content-length: 0

GET
H2

200

footer.min.js Show response
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/
Redirect Chain

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1631569882
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1631569882

107 KB
43 KB

9ms
9ms

Script
application/x-javascript

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1631569882

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

afe6f624a4f930498de50d6dfee8f702aa462f00101ec703a29607242b459dd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7db-1ad9d"
age: 121885
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-vqq6w
x-cache: HIT, HIT
content-length: 44041
x-served-by: cache-mdw17370-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:23 GMT
server: nginx
x-timer: S1631691925.290935,VS0,VE0
date: Wed, 15 Sep 2021 07:45:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1a6da9f5-14dd-11ec-adf5-7230d8a1ae9e
x-cache-hits: 1, 2

Redirect headers

date: Wed, 15 Sep 2021 07:45:25 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YbwMTTkqecN723qo5uYODo5C%2BIVp163lrbGA%2F2%2Bl4lU8ykAiMsBth%2F%2BMz%2FCxOdRk4mm3sc8ciSvDu1mYyBRYYg6XXMQzEBLLz0RCO5J2YN7wq7EKje9jNzxJS2DOI3OTNJVHCc%3D"}],"group":"cf-nel","max_age":604800}
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1631569882
set-cookie: __cfredirector_sm=DE; path=/; domain=sentinelone.com;
cf-ray: 68f03c44dd433613-MAN
content-length: 0

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 5060ms
17ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=2fd15cc99a5c050eff6e52ae2b595736
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b70aa192cf670ffbccd24885ff71e159e03c809b890abe15e74cce9f497dd8e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2330
etag: W/"3e792b2dc76a5a063e1c4f30d40ae527"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 68f03c6908786969-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 18 Sep 2021 07:45:31 GMT

GET
H2 200 02ad5672-6494-4b20-a5ae-7d131a0f4f9c.json Show response
cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/ 4 KB
2 KB 35ms
16ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/02ad5672-6494-4b20-a5ae-7d131a0f4f9c.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95f35e1959ce4156ff0c8342109ccbf64e6bbe029221053fed01d0e54e66be92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Sep 2021 07:45:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: CqPSDQgRayZT5/dw1EENjQ==
age: 2341
vary: Accept-Encoding
content-length: 1450
x-ms-lease-status: unlocked
last-modified: Fri, 10 Sep 2021 19:25:19 GMT
server: cloudflare
etag: 0x8D97490BA2F1567
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 348da6d8-101e-014d-2a79-a65851000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 68f03c42d85ac290-FRA

GET
H/1.1 200
OK tv2track.js Show response
collector-5527.tvsquared.com/ 20 KB
9 KB 5167ms
43ms Script
application/javascript 52.18.82.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-5527.tvsquared.com/tv2track.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.82.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-82-210.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:31 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Jul 2021 13:21:20 GMT
Server: nginx
ETag: "60df12d0-2133"
Content-Type: application/javascript
Cache-Control: max-age=600
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 8499
Expires: Wed, 15 Sep 2021 07:55:31 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 26 KB
9 KB 5244ms
26ms Script
application/javascript 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

9ec1002988b30be58344be55afcc9b1075519b3e2a96380b35ad343922e0d7ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 8542
Pragma: no-cache
Last-Modified: Fri, 06 Aug 2021 19:26:06 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "610d8cce-69e1"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 15 Sep 2021 07:45:31 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 189 B
389 B 5064ms
21ms Script
text/javascript 2606:4700:10::6814:b844
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fbee1118e2f0183e4f02ad8968e1758861d8872550d2ced4eba3bd43b239118

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 68f03c690d47c2c2-FRA

POST
H2 500 popular-posts Show response
www.sentinelone.com/wp-json/wordpress-popular-posts/v1/ 4 KB
4 KB 306ms
306ms XHR
text/html 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-json/wordpress-popular-posts/v1/popular-posts

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc3419dfcbb807a6b5eef174b856019cdab3110f22cd3f48e41403a509238399

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://www.sentinelone.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: __cfredirector_sm=DE
content-length: 61
:path: /wp-json/wordpress-popular-posts/v1/popular-posts
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded
accept: */*
cache-control: no-cache
:authority: www.sentinelone.com
referer: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 15 Sep 2021 07:45:26 GMT
referrer-policy: same-origin
server: cloudflare
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 68f03c495a3e3613-MAN
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v9/ 18 KB
18 KB 5096ms
24ms Font
font/woff2 2a00:1450:4007:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v9/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:819::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

392f196c197758bafbfb4a917625b5a20a84cd7977433a134140f9c6f745058f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 03:29:48 GMT
x-content-type-options: nosniff
age: 533743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18096
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 16:52:22 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Sep 2022 03:29:48 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 311 KB
79 KB 5124ms
48ms Script
application/javascript 2a00:1450:4007:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:819::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

831c52a6d641ff0145d3df87596c2c6cba356f8f5b65c82f826a273ec2db6a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80708
x-xss-protection: 0
last-modified: Wed, 15 Sep 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 Sep 2021 07:45:31 GMT

GET
H2 200 labs-bg-light.png
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/ 75 KB
76 KB 9ms
9ms Image
image/png 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/img/labs-bg-light.png

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

9bcdb94ad74931ea092ec31ed6aa7b1d7addd5cf819e8d374cd57883db25204a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish
etag: "613fc7d9-12db8"
age: 121853
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-length: 77240
x-served-by: cache-mdw17347-MDW, cache-fra19168-FRA
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691926.007448,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
content-type: image/png
x-styx-req-id: 2da36c01-14dd-11ec-adf5-7230d8a1ae9e
expires: Wed, 14 Sep 2022 21:54:32 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-vqq6w

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c

Request headers

Referer
Origin: https://www.sentinelone.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 user-icon.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 1 KB
1 KB 11ms
10ms Image
image/svg+xml 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/user-icon.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ca8e60ba9a281ae41f019d64c681ba7b523d7b9c839db4d41eb042dcbaad8b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7da-556"
age: 121853
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-7r9wk
x-cache: MISS, HIT
content-length: 775
x-served-by: cache-mdw17353-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:22 GMT
server: nginx
x-timer: S1631691926.012541,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:32 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2da50087-14dd-11ec-bbae-2678fc2adc05
x-cache-hits: 0, 1

GET
H2 200 calendar-icon.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
1 KB 10ms
10ms Image
image/svg+xml 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/calendar-icon.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

0cfc74f37470c666d6ac10d4d7a933b923c13b29879134c0866c7de7dcee0310

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d8-7ae"
age: 121853
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-8gptr
x-cache: MISS, HIT
content-length: 847
x-served-by: cache-mdw17322-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:20 GMT
server: nginx
x-timer: S1631691926.012625,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:32 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2d976916-14dd-11ec-9c59-12801cec0821
x-cache-hits: 0, 1

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393

Request headers

Referer
Origin: https://www.sentinelone.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v9/ 18 KB
18 KB 5094ms
41ms Font
font/woff2 2a00:1450:4007:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v9/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:819::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d11abf7d6f4725555bfd3493838bae4afe645ac11b8a4a62ef92daf760b03b56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 10 Sep 2021 08:23:21 GMT
x-content-type-options: nosniff
age: 429730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18348
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 16:53:07 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 10 Sep 2022 08:23:21 GMT

GET
H2 200 Socicon.woff2
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/fonts/ 63 KB
63 KB 27ms
8ms Font
font/woff2 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/fonts/Socicon.woff2?87visu

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

c254279147099e0b696b281d62b436b8aed42fb0f3abf1ba17abc398ca6c90e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
Origin: https://www.sentinelone.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish, 1.1 varnish
etag: "613fc7da-fc00"
age: 121853
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-kvsd7
x-cache: MISS, HIT
content-length: 64512
x-served-by: cache-mdw17340-MDW, cache-fra19162-FRA
last-modified: Mon, 13 Sep 2021 21:51:22 GMT
server: nginx
x-timer: S1631691926.034098,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
content-type: font/woff2
access-control-allow-origin: *
expires: Wed, 14 Sep 2022 21:54:32 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2d9e5101-14dd-11ec-bf59-42cbcb5c18d1
x-cache-hits: 0, 1

GET
H2 200 1-overview-of-ZLoader-infection-chain.jpg
899029.smushcdn.com/2131410/wp-content/uploads/2021/09/ 177 KB
178 KB 4615ms
63ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/2021/09/1-overview-of-ZLoader-infection-chain.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 7a0926a86f6e887b558ec7e581804ab926a2f14b55b554e46d8b8cdd7c5a10e0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Wed, 13 Oct 2021 14:34:01 GMT", rule-id="expire"
last-modified: Mon, 13 Sep 2021 14:34:01 GMT
server: nginx
etag: "aed8bbdfb6c488d7438d56fe64b81416"
x-cache: HIT
smushed: origFmt=jpg, origSize=206835, smushRatio=12.33, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 181336
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2 200 2-The-first-part-of-the-attack-chain.jpg
899029.smushcdn.com/2131410/wp-content/uploads/2021/09/ 78 KB
78 KB 53ms
53ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/2021/09/2-The-first-part-of-the-attack-chain.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 167200bacd757a9680c326e9e32b5afdd72dfe4e86a139c1193e3016ce8b962a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Wed, 13 Oct 2021 14:34:01 GMT", rule-id="expire"
last-modified: Mon, 13 Sep 2021 14:34:01 GMT
server: nginx
etag: "66361587770c623200cfd7a3bb747588"
x-cache: HIT
smushed: origFmt=jpg, origSize=94419, smushRatio=15.89, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 79419
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2 200 3-Resources-embedded-in-the-tim.exe-binary-left-and-legit-wextract.exe-right.jpg
899029.smushcdn.com/2131410/wp-content/uploads/2021/09/ 89 KB
89 KB 53ms
53ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/2021/09/3-Resources-embedded-in-the-tim.exe-binary-left-and-legit-wextract.exe-right.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 1435fba8341a99fde5901812c625e465fb91316c9b208c69473b3986c2e1e414

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Wed, 13 Oct 2021 14:34:01 GMT", rule-id="expire"
last-modified: Mon, 13 Sep 2021 14:34:01 GMT
server: nginx
etag: "31c7c859f296430a37f63545d5243403"
x-cache: HIT
smushed: origFmt=jpg, origSize=104611, smushRatio=13.17, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 90831
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2 200 arrow-left-dark.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 835 B
708 B 9ms
7ms Image
image/svg+xml 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/arrow-left-dark.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

adc0e2dacc10d6d2acec5ffc5b5346f30a3424ea0bfccff7b902b6a594878a18

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7da-343"
age: 121853
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-vqq6w
x-cache: MISS, HIT
content-length: 489
x-served-by: cache-mdw17369-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:22 GMT
server: nginx
x-timer: S1631691926.052715,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:32 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2d971746-14dd-11ec-adf5-7230d8a1ae9e
x-cache-hits: 0, 1

GET
H2 200 arrow-right-dark.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 920 B
792 B 8ms
8ms Image
image/svg+xml 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/arrow-right-dark.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

444c83e95470e69f7355fcdb3a370c872025ae298b139090ff9f194ce28dea5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d8-398"
age: 110160
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-kvsd7
x-cache: HIT, HIT
content-length: 513
x-served-by: cache-mdw17332-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:20 GMT
server: nginx
x-timer: S1631691926.052786,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Thu, 15 Sep 2022 01:09:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 6787890f-14f8-11ec-bf59-42cbcb5c18d1
x-cache-hits: 1, 1

GET
H2 200 search-icon-white.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 681 B
574 B 7ms
7ms Image
image/svg+xml 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

5466092ef0deb16007dc2e8e61eb345b380ab6663bd3ef41808ffb7360abd61a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d8-2a9"
age: 121855
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-bhkw8
x-cache: HIT, HIT
content-length: 385
x-served-by: cache-mdw17321-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:20 GMT
server: nginx
x-timer: S1631691926.052800,VS0,VE0
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:30 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2c69f871-14dd-11ec-bcbc-cef784aec92c
x-cache-hits: 1, 3

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c

Request headers

Referer
Origin: https://www.sentinelone.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70

Request headers

Referer
Origin: https://www.sentinelone.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 6 KB
2 KB 76ms
76ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=1985&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&callback=jQuery1124010634297589244679_1631691925980&_=1631691925981
Requested by: Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cecd66b40825f009ded6693a91e1b0922bb5d130c048cd65ec3e2d1d7c8c6b40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:26 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 68f03c49ef46331d-CDG
cached: true

OPTIONS
H2 200 links
api.rebrandly.com/v1/ Frame 0
0 5373ms
104ms Preflight 3.215.119.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rebrandly.com/v1/links
Protocol: H2
Server: 3.215.119.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-119-159.compute-1.amazonaws.com
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: apikey,content-type
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Sep 2021 07:45:31 GMT
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
access-control-allow-headers: Content-Type,Accept,X-Access-Token,X-Key,apikey,Authorization,Workspace,x-http-verb,x-rebrandly-internal
access-control-max-age: 3600

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 6 KB
1 KB 82ms
82ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=2673&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&callback=jQuery1124010634297589244679_1631691925982&_=1631691925983
Requested by: Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f11788b74e8b93c09600deff2acb0dcb49ff7c091b6ed5e40ea88fa341f22fdd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:26 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 68f03c49ff59331d-CDG
cached: true

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 5094ms
23ms Script
application/x-javascript 2a02:26f0:2b00:98b::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:2b00:98b::25ea Paris, France, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:35 GMT
Content-Encoding: gzip
Last-Modified: Fri, 13 Aug 2021 21:34:05 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=84395
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 calendar-icon-light.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
1 KB 8ms
8ms Image
image/svg+xml 2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/calendar-icon-light.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

de51ba53b38ba54ff68c8d8446802ae1a917d5c456494d88e3bb9d488dc605b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-798"
age: 121853
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-8gptr
x-cache: MISS, HIT
content-length: 842
x-served-by: cache-mdw17330-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691926.081170,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:32 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2da19783-14dd-11ec-9c59-12801cec0821
x-cache-hits: 0, 1

GET
H2

200

social-twitter-white.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg;
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg

2 KB
1 KB

8ms
8ms

Image
image/svg+xml

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

7a5d0f939c5224a8efb5b96759dd0509360b5d071774bb702f788f37a00a8426

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-7e1"
age: 121853
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-2v6mk
x-cache: MISS, HIT
content-length: 1036
x-served-by: cache-mdw17324-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691926.135489,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:33 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2ddca6a7-14dd-11ec-9ed2-3ea16141587b
x-cache-hits: 0, 1

Redirect headers

cf-edge-cache: cache,platform=wordpress
content-security-policy: frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com;
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 590
x-redirect-by: WordPress
x-pantheon-styx-hostname: styx-fe2-a-57f96c4978-ws5c5
x-cache: HIT, HIT
vary: Cookie, Cookie
content-length: 0
x-xss-protection: 1; mode=block
x-served-by: cache-mdw17352-MDW, cache-fra19168-FRA
referrer-policy: origin-when-cross-origin
server: nginx
x-timer: S1631691926.081790,VS0,VE1
x-frame-options: ALLOW-FROM SAMEORIGIN, sentinelone.pathfactory.com, sentinelone.lookbookhq.com, assets.pathfactory.com, go.sentinelone.com, www.sentinelone.com
date: Wed, 15 Sep 2021 07:45:26 GMT
expect-ct: enforce; max-age=2592000;
strict-transport-security: max-age=15768000;, max-age=300
content-type: text/html; charset=UTF-8
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: public, max-age=600
accept-ranges: bytes
x-styx-req-id: 83cea05e-15f7-11ec-8b7d-9679f030593e
x-cache-hits: 1, 1

GET
H2

200

social-linkedin-white.svg
de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/
Redirect Chain

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg;
https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg

2 KB
1 KB

8ms
8ms

Image
image/svg+xml

2620:12a:8000::2
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg

Requested by

Host: de.sentinelone.com
URL: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

eae2c34014a512a5bebe4a87261c00c87807d4d185dfe1bc0cc09eae0592e6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1631569881
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
etag: W/"613fc7d9-90f"
age: 121853
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-bhkw8
x-cache: MISS, HIT
content-length: 993
x-served-by: cache-mdw17330-MDW, cache-fra19168-FRA
access-control-allow-origin: *
last-modified: Mon, 13 Sep 2021 21:51:21 GMT
server: nginx
x-timer: S1631691926.208592,VS0,VE1
date: Wed, 15 Sep 2021 07:45:26 GMT
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 varnish, 1.1 varnish
expires: Wed, 14 Sep 2022 21:54:33 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 2dd4b880-14dd-11ec-bcbc-cef784aec92c
x-cache-hits: 0, 1

Redirect headers

cf-edge-cache: cache,platform=wordpress
content-security-policy: frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com;
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
age: 591
x-redirect-by: WordPress
x-pantheon-styx-hostname: styx-fe2-b-9989bc85d-vqq6w
x-cache: HIT, MISS
vary: Cookie, Cookie
content-length: 0
x-xss-protection: 1; mode=block
x-served-by: cache-mdw17380-MDW, cache-fra19168-FRA
referrer-policy: origin-when-cross-origin
server: nginx
x-timer: S1631691926.081866,VS0,VE109
x-frame-options: ALLOW-FROM SAMEORIGIN, sentinelone.pathfactory.com, sentinelone.lookbookhq.com, assets.pathfactory.com, go.sentinelone.com, www.sentinelone.com
date: Wed, 15 Sep 2021 07:45:26 GMT
expect-ct: enforce; max-age=2592000;
strict-transport-security: max-age=15768000;, max-age=300
content-type: text/html; charset=UTF-8
location: https://de.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: public, max-age=600
accept-ranges: bytes
x-styx-req-id: 83cf7123-15f7-11ec-adf5-7230d8a1ae9e
x-cache-hits: 1, 0

GET
DATA 200
OK truncated
/ 715 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 380 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 zYX-KVElMYYaJe8bpLHnCwDKhdTuF6ZJ.woff2
fonts.gstatic.com/s/ibmplexsans/v9/ 19 KB
19 KB 5030ms
48ms Font
font/woff2 2a00:1450:4007:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v9/zYX-KVElMYYaJe8bpLHnCwDKhdTuF6ZJ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:819::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dc380695af9f92a38f1570106049fb6d12f0a0aa3a2fe0ac1fb04801eeabfa0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 14 Sep 2021 10:42:05 GMT
x-content-type-options: nosniff
age: 75806
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19660
x-xss-protection: 0
last-modified: Wed, 18 Aug 2021 16:52:47 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Sep 2022 10:42:05 GMT

POST
H2 403 links Show response
api.rebrandly.com/v1/ 152 B
629 B 185ms
185ms XHR
application/json 3.215.119.159
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rebrandly.com/v1/links
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/jquery-3.5.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.215.119.159 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-119-159.compute-1.amazonaws.com
Software: / Express
Resource Hash: 03f94ea8844e57c376e7fa137ca45fedfd4282be27aaa3d3ce25afe79dd7e375

Request headers

Accept: */*
Referer: https://www.sentinelone.com/
apikey: 499c8e7548a643f090e8263994728de3
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 Sep 2021 07:45:31 GMT
x-rate-limit-reset-peak: 1631691932566
x-rate-limit-reset-peak-ip: 1631691932536
x-powered-by: Express
x-rate-limit-first-expire-peak: 1631691932566
vary: Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-rate-limit-remaining-peak: 24
content-length: 152
access-control-allow-headers: Content-Type,Accept,X-Access-Token,X-Key,apikey,Authorization,Workspace,x-http-verb,x-rebrandly-internal
x-rate-limit-first-expire-peak-ip: 1631691932536
x-rate-limit-remaining-peak-ip: 99

GET
H2 200 CVE-2021-3437-HP-OMEN-Gaming-Hub-Privilege-Escalation-Bug-Hits-Millions-of-Gaming-Devices-1-150x150.jpg
899029.smushcdn.com/2131410/wp-content/uploads/2021/09/ 6 KB
6 KB 4414ms
19ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/2021/09/CVE-2021-3437-HP-OMEN-Gaming-Hub-Privilege-Escalation-Bug-Hits-Millions-of-Gaming-Devices-1-150x150.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: dc899f9f8942979010cca601dee6f3f0c6f5b755babd44b629627fee02a71743

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Thu, 14 Oct 2021 11:00:20 GMT", rule-id="expire"
last-modified: Tue, 14 Sep 2021 11:00:20 GMT
server: nginx
etag: "73672d01d94230f75a8d134da095c0dd"
x-cache: HIT
smushed: origFmt=jpg, origSize=6004, smushRatio=0, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 6004
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2 200 EGoManiac-An-Unscrupulous-Turkish-Nexus-Threat-Actor-3-150x150.jpg
899029.smushcdn.com/2131410/wp-content/uploads/2021/09/ 8 KB
8 KB 4449ms
53ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/2021/09/EGoManiac-An-Unscrupulous-Turkish-Nexus-Threat-Actor-3-150x150.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: aafb0b853e6f14505e98b62ae49d7009bbe60bc9027fb2fe2daa41725ac235d3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Fri, 08 Oct 2021 13:08:17 GMT", rule-id="expire"
last-modified: Wed, 08 Sep 2021 13:08:17 GMT
server: nginx
etag: "d99aac12240d5639fd9e50746673a0cf"
x-cache: HIT
smushed: origFmt=jpg, origSize=8214, smushRatio=0, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 8214
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
H2 200 6-Pro-Tricks-for-Rapid-macOS-Malware-Triage-with-Radare2-7-150x150.jpg
899029.smushcdn.com/2131410/wp-content/uploads/labs/2021/08/ 3 KB
4 KB 4449ms
54ms Image
image/jpeg 151.139.242.10
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://899029.smushcdn.com/2131410/wp-content/uploads/labs/2021/08/6-Pro-Tricks-for-Rapid-macOS-Malware-Triage-with-Radare2-7-150x150.jpg?lossy=0&strip=1&webp=0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.139.242.10 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: nginx /
Resource Hash: 0b7c52530d952eb5e5477810a259173f9bcef0432a2f1bde3e5183414278062a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:30 GMT
x-amz-expiration: expiry-date="Fri, 01 Oct 2021 20:41:53 GMT", rule-id="expire"
last-modified: Wed, 01 Sep 2021 20:41:53 GMT
server: nginx
etag: "18202ef85ce37a1e487883554d78c201"
x-cache: HIT
smushed: origFmt=jpg, origSize=3553, smushRatio=0, originCache=HIT
cache-control: max-age=31104000
accept-ranges: bytes
content-type: image/jpeg
content-length: 3553
expires: Sat, 10 Sep 2022 07:45:30 GMT

GET
DATA 200
OK truncated
/ 547 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 552 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 forms2.css
go.sentinelone.com/js/forms2/css/ 13 KB
3 KB 26ms
26ms Stylesheet
text/css 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6505
content-length: 2623
last-modified: Tue, 10 Aug 2021 17:41:08 GMT
server: cloudflare
etag: "c6032f-3437-5c93801bbf500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 68f03c4af877331d-CDG
expires: Wed, 15 Sep 2021 11:45:26 GMT

GET
H2 200 forms2-theme-plain.css
go.sentinelone.com/js/forms2/css/ 828 B
336 B 27ms
27ms Stylesheet
text/css 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6504
content-length: 246
last-modified: Tue, 10 Aug 2021 17:41:08 GMT
server: cloudflare
etag: "1ee00cf-33c-5c93801bbf500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 68f03c4af879331d-CDG
expires: Wed, 15 Sep 2021 11:45:26 GMT

GET
H2 200 XDFrame Show response
go.sentinelone.com/index.php/form/ Frame 5346 2 KB
872 B 119ms
119ms Document
text/html 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/index.php/form/XDFrame

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64d117a5cdaf7b8aa3bc5ff1abeec0e1d98b834782d49f34260c4e1ecc7ec4c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: go.sentinelone.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sentinelone.com/
accept-encoding: gzip, deflate, br
cookie: __cfredirector_sm=DE; __cf_bm=18zlbOYuJ1R6YiMQXPg4iWHJKx9r3WtAg5AFWCnsySY-1631691925-0-AQ4s8Ho7VoYgjBjJxzsnC+PuUIlxeCXwbU/E5uZZzV1J0M9L1a5TFTsO9KDmP80s903Y8Z/m9VmEr/NY6oQJLdU=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/

Response headers

date: Wed, 15 Sep 2021 07:45:26 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=3600
x-content-type-options: nosniff
vary: Accept-Encoding
set-cookie: BIGipServerab14web-nginx-app_https=!yfShgXf1ZwOWcU/w/jjXoMq3bOgvMiYZfv6QoIXFjCIv8Efjnn4FztOGH5yX9CLbi5axW9Rfeg0jNkI=;Path=/;Version=1;Secure;Httponly
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 68f03c4b68ef331d-CDG
content-encoding: gzip

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ Frame 5346 205 KB
68 KB 27ms
27ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689a0237a95cfd8135f8da3ac79c430e903f3c542f8b862f68141c84c348c43

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://go.sentinelone.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 10 Aug 2021 17:41:08 GMT
server: cloudflare
age: 6959
etag: "c60338-33210-5c93801bbf500"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 68f03c4c49f9331d-CDG
expires: Wed, 15 Sep 2021 11:45:26 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 15ms
14ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151507
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=2fd15cc99a5c050eff6e52ae2b595736
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 534047d152df49b3ea66735a76a84aeaa993e3d193e8dff1daf39aff2d5fa43c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 3029
etag: W/"7cb42d545f90e08baa9fa2499b1edad3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 68f03c6928b66969-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 18 Sep 2021 07:45:31 GMT

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ 312 KB
75 KB 17ms
17ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 1782406
vary: Accept-Encoding
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Wed, 25 Aug 2021 06:33:50 GMT
server: cloudflare
etag: 0x8D967924D3E7D45
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 9e20270a-a01e-003d-3fcf-996dc0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 68f03c693d306957-FRA
expires: Thu, 23 Sep 2021 07:45:31 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/acaf2329-c613-4dbe-a651-1ed5a45c3762/ 3 KB
2 KB 5053ms
34ms Script
text/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/acaf2329-c613-4dbe-a651-1ed5a45c3762/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger(R) 6.0.8

Resource Hash

f7c3506f6898931ea944281f196458adbe9fa7d6580913ee3d606fc022e4338a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 596
x-powered-by: Phusion Passenger(R) 6.0.8
status: 200 OK
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: b7287270-f904-4931-a0ed-5d6a64676a15
x-runtime: 0.086793
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"354c2d4b39857b9c4dd0d6a4ca76d477"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-polished: origSize=3401
cf-ray: 68f03c88dff16969-FRA
access-control-allow-headers: SDK-Version
expires: Wed, 15 Sep 2021 08:45:36 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/8559fb5f-d020-41f3-b4af-073a54697ce8/ 54 KB
11 KB 22ms
21ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/8559fb5f-d020-41f3-b4af-073a54697ce8/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a164c7c15f8197903a11533e5fe6894fc3e75abf931897d86d039d0661e4bfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: g3u/cB4L4tfTQx7Hp+ONEQ==
age: 5722
vary: Accept-Encoding
content-length: 11065
x-ms-lease-status: unlocked
last-modified: Fri, 10 Sep 2021 19:25:24 GMT
server: cloudflare
etag: 0x8D97490BD2F4CA7
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 982fcc5f-b01e-0140-0179-a6b75d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 68f03c69cc15c290-FRA

GET
H/1.1 200
OK tv2track.php
collector-5527.tvsquared.com/ 42 B
276 B 34ms
33ms Image
image/gif 52.18.82.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector-5527.tvsquared.com/tv2track.php?action_name=Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne&idsite=TV-45457227-1&rec=1&r=452101&h=7&m=45&s=31&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&_id=7dcc73075613b127&_idts=1631691931&_idvc=0&_idn=1&_viewts=&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=410
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.82.210 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-18-82-210.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:31 GMT
Server: nginx
Connection: keep-alive
Request-Id: 81df42f9-7e74-4f42-92a3-a79002f9b91a
P3p: CP='OTI DSP COR NID STP UNI OTPa OUR'
Content-Length: 42
Content-Type: image/gif

GET
H2 401 78190 Show response
api.omappapi.com/v2/embed/ 165 B
614 B 5166ms
103ms XHR
application/json 13.249.10.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/78190?d=sentinelone.com
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.10.226 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-10-226.cdg53.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-user-agent: standard--
via: 1.1 a64d90720955c3d3de37aa0526d1a7a5.cloudfront.net (CloudFront)
x-cache-config: 0 0
server: Pagely Gateway/1.5.1
x-amz-cf-pop: CDG53-C1
date: Wed, 15 Sep 2021 07:45:36 GMT
vary: Accept-Encoding, User-Agent
x-cache: Error from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=120, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
content-length: 165
x-amz-cf-id: CzUt4_plzvGMQCHnETwQ7XbRV5qhqlXi6C_8Fm_BDhZYvpugykR-OQ==
expires: Wed, 15 Sep 2021 07:47:23 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 13 KB
3 KB 15ms
15ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: r7t3xbAZ3QK/7lQuu5X7ww==
age: 390006
vary: Accept-Encoding
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:51 GMT
server: cloudflare
etag: 0x8D96DBF68EC8D5B
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 5bc4ce7b-401e-005a-3d79-a6de67000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 68f03c6a2c5cc290-FRA
expires: Thu, 23 Sep 2021 07:45:31 GMT

GET
H2 200 otPcPanel.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ 47 KB
11 KB 16ms
16ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcPanel.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49f1fe168324ed0f76fbbab536b991c992296cd48da5ce9dd8bc8ea55e2ef946

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 57AUyP21eMxOiwzpGGh99A==
age: 390006
vary: Accept-Encoding
content-length: 11457
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:53 GMT
server: cloudflare
etag: 0x8D96DBF6A0C163B
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 7d6144fc-401e-003c-0f79-a66c3d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 68f03c6a2c5dc290-FRA
expires: Thu, 23 Sep 2021 07:45:31 GMT

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 20 KB
4 KB 18ms
18ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 390006
vary: Accept-Encoding
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: f3df9f84-101e-0164-0679-a62e13000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=691200
x-ms-version: 2009-09-19
cf-ray: 68f03c6a2c5ec290-FRA
expires: Thu, 23 Sep 2021 07:45:31 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 5097ms
24ms Script
text/javascript 2a00:1450:4007:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:812::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 3976
date: Wed, 15 Sep 2021 06:39:20 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Wed, 15 Sep 2021 08:39:20 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 5103ms
34ms Script
text/javascript 216.58.214.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.214.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

mad01s26-in-f162.1e100.net

Software

cafe /

Resource Hash

4c967c069f7a16252b2fa438ce43396ffaabb1479b5c6accab78f32604b8ade3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14042
x-xss-protection: 0
server: cafe
etag: 5157641309300231189
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 07:45:36 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 30 KB
9 KB 5072ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:35 GMT
content-encoding: gzip
last-modified: Wed, 28 Jul 2021 18:27:37 GMT
x-msedge-ref: Ref A: 9A68310002F44F759D1DB0BCE4BF9E2D Ref B: FRAEDGE1311 Ref C: 2021-09-15T07:45:36Z
etag: "80f2963dde83d71:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 9024

GET
H2 200 hotjar-268571.js Show response
static.hotjar.com/c/ 4 KB
2 KB 5094ms
32ms Script
application/javascript 143.204.228.129
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-268571.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.228.129 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-228-129.cdg3.r.cloudfront.net

Software

Resource Hash

17cb60a020f109cc40a23c9599471927ddb0bc7f64068b14218e3eed08f4e953

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:36 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: CDG3-C1
etag: W/67935231a6f3515853de8666e78fd256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-id: rInOW676QBr-6Kiw8xvi-HVKyRXACr3qJb9S5lY78bxGSpM_sRLnqA==
via: 1.1 62c6a277edda01c2d33f51898f38a9b5.cloudfront.net (CloudFront)

GET
H2

200

activityi;dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-... Show response
10466992.fls.doubleclick.net/ Frame 31B4
Redirect Chain

https://10466992.fls.doubleclick.net/activityi;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-se...
https://10466992.fls.doubleclick.net/activityi;dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.se...

728 B
629 B

30ms
30ms

Document
text/html

172.217.22.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10466992.fls.doubleclick.net/activityi;dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

par21s12-in-f6.1e100.net

Software

cafe /

Resource Hash

6ce37504b0bc4d2f7d6deaadde5e930c751805e16b55de1d5f47aa576e0c9105

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10466992.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sentinelone.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 15 Sep 2021 07:45:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 452
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 15-Sep-2021 08:00:36 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 15 Sep 2021 07:45:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10466992.fls.doubleclick.net/activityi;dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK 56a667965d8d21035d00000d.js Show response
tag.marinsm.com/serve/ 12 KB
4 KB 5079ms
16ms Script
text/javascript 151.101.0.65
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.marinsm.com/serve/56a667965d8d21035d00000d.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.65 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cowboy /

Resource Hash

f0dbd5ad7b0ead52f6375610e738f5727261715f392d0892047e160f50138f5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:36 GMT
Via: 1.1 vegur, 1.1 varnish
X-Content-Type-Options: nosniff
Age: 1485
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3894
X-Served-By: cache-cdg20739-CDG
Server: Cowboy
X-Timer: S1631691936.329492,VS0,VE0
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=1800
Accept-Ranges: bytes
X-Cache-Hits: 13

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
26 KB 5397ms
122ms Script
application/x-javascript 2a03:2880:f027:212:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f027:212:face:b00c:0:3 Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25999
x-xss-protection: 0
pragma: public
x-fb-debug: qRqdKuuvMhFG1OuYQO5Pv/HOdNxYRv1mGGIC3AiVCSEekcmzzTZulXx7R5OMGfvA2+BbBZsjfgFPQ/4VMqDEzw==
x-fb-trip-id: 1781455057
x-frame-options: DENY
date: Wed, 15 Sep 2021 07:45:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 5090ms
21ms Script
application/x-javascript 23.72.24.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.24.183 Paris, France, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-24-183.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:36 GMT
Content-Encoding: gzip
Last-Modified: Fri, 28 May 2021 01:40:41 GMT
Server: AkamaiNetStorage
ETag: "5379c4a40ff8ae9d2fc6484dd1c57349:1622166041.794746"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H/1.1 200
OK bf-munchkin.min.js Show response
munchkin.brightfunnel.com/js/build/ 20 KB
7 KB 5094ms
19ms Script
application/javascript 13.249.10.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.10.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-10-118.cdg53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 012743d9f8e3a8cb9fd4a9466aa2eb026a53d446d530d60440463e555ad0fc87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: null
Content-Encoding: gzip
ETag: W/"20317c42053d4a6e5ba388544778b12a"
Age: 57
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 16 Jun 2021 18:10:10 GMT
Server: AmazonS3
Date: Wed, 15 Sep 2021 07:44:40 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 6fa25eadb94abd73b5efc56a89b2d829.cloudfront.net (CloudFront)
Cache-Control: max-age=300
X-Amz-Cf-Pop: CDG53-C1
X-Amz-Cf-Id: z7DYnz1hXTj26olJ0Q5C7isMTpFSANuOZwGlExNvBoQjgCPNmmH_rA==

GET
H2 200 qevents.js Show response
a.quora.com/ 39 KB
14 KB 5050ms
7ms Script
text/plain 151.101.193.2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ef6de6beb1cf5bf809eccfe10f99aea0e0969c71d4eab5446410fef72695679f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: s3LlaOWABX1LUjiLldBNr49lVAylKDRo
content-encoding: gzip
etag: "f32ebb1e93a72c0a57add6d07f688510"
age: 634
x-cache: HIT, HIT
content-length: 13681
x-amz-id-2: GORX0Qx9YsobCn5sRaK1yIfLateQ9mx7LkT2dc6WqtBU5rCswIbeR4h0d2OZlV6VBDMD3QPkMuM=
x-served-by: cache-bwi5138-BWI, cache-hhn4038-HHN
last-modified: Fri, 25 Oct 2019 19:28:38 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1572031715/ctime:1572031714/gid:1000000/gname:employee/md5:f32ebb1e93a72c0a57add6d07f688510/mode:33188/mtime:1149709104/uid:1000332/uname:tzhou
x-timer: S1631691941.788740,VS0,VE0
date: Wed, 15 Sep 2021 07:45:40 GMT
vary: Accept-Encoding
x-amz-request-id: NE61P7FTDGABKQET
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=7200
accept-ranges: bytes
content-type: text/plain
x-cache-hits: 1, 234

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 6 KB
2 KB 5078ms
17ms Script
application/javascript 151.101.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.120.157 Paris, France, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7e8ee8f9d56ca7e35629a7c16b9f1c09fbb1e7d19fe922833a2f4edec48bfeea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:41 GMT
content-encoding: gzip
fastly-restarts: 1
last-modified: Wed, 25 Aug 2021 16:20:44 GMT
etag: "934b8997f9fc81b2d0e16fca4cd0b8bb+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-geo-cc_and_ra: DE-NW
cache-control: no-cache
x-cache: HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 2119
x-served-by: cache-cdg20764-CDG

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 22 KB
7 KB 5046ms
9ms Script
application/javascript 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 7125a66456daa35dd3e3e8cca4b9523e05caf0b4fa5bd5874676e7c6db40f3aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:41 GMT
via: 1.1 varnish, 1.1 varnish
last-modified: Wed, 14 Jul 2021 17:50:00 GMT
server: snooserv
etag: "912f60c72fda50b2f21068c65115175d"
vary: Accept-Encoding,Origin
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-encoding: gzip
content-length: 7018

GET
H2 200 client.js Show response
cdn.abrankings.com/js/ 35 KB
8 KB 5145ms
20ms Script
application/javascript 2600:9000:218d:400:11:8a36:7200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.abrankings.com/js/client.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218d:400:11:8a36:7200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.15.8 /
Resource Hash: 5b86af60d9f8678ab66ac440e146e40656a7baa94b846811ed99b7cf8fb80f44

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: public
date: Sun, 25 Jul 2021 15:40:28 GMT
content-encoding: gzip
last-modified: Mon, 19 Jul 2021 16:31:33 GMT
server: nginx/1.15.8
age: 4464313
etag: W/"60f5a8e5-8d26"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 7fbc1adfbf55c351343006ea853f668b.cloudfront.net (CloudFront)
cache-control: max-age=15552000, public
x-amz-cf-pop: CDG50-P2
x-amz-cf-id: 4anMrl9A_32WG5B2yz3XUqnWqBvYsz05NJ4r43QJTQ9-43qzWY9Hkg==
expires: Fri, 21 Jan 2022 15:40:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 36ms
35ms Script
application/javascript 2a00:1450:4007:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10604934

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:819::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

73146ee9ad929671914ab5b33a0ba26c878ca3a2db74f371ee267a87ff03aba0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:31 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37873
x-xss-protection: 0
last-modified: Wed, 15 Sep 2021 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 Sep 2021 07:45:31 GMT

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
693 B 5052ms
13ms XHR
application/json 37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 07:45:36 GMT
X-Proxy-Origin: 194.36.108.19; 194.36.108.19; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 7fb8ae99-9455-4f34-936e-63b172c7d2e5
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.sentinelone.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
375 B 5200ms
23ms XHR
text/plain 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-4-213-149.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9a770a9945c68d533876376b67a9d4fecd52e9746200716753ef761ead6b3d5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:36 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.sentinelone.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
693 B 5064ms
27ms XHR
application/json 37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 07:45:36 GMT
X-Proxy-Origin: 194.36.108.19; 194.36.108.19; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 86a0fc21-b88b-4136-96e3-0e9e48da1274
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.sentinelone.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
375 B 5199ms
23ms XHR
text/plain 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-4-213-149.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9a770a9945c68d533876376b67a9d4fecd52e9746200716753ef761ead6b3d5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:36 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.sentinelone.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 571 B
510 B 31ms
14ms XHR
application/json 3.67.149.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.67.149.147 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-149-147.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 81bb4a6380a5c92815f5b29c91bd54cf0afb7e589ff95f30b1531140beefc5ea

Request headers

Authorization: Token 8ba4c5a3fa178cfadac2b61291295db2874be830
Referer: https://www.sentinelone.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:36 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
content-length: 322

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 5050ms
8ms Preflight 3.67.149.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Server: 3.67.149.147 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-67-149-147.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 15 Sep 2021 07:45:36 GMT
server: nginx
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET
access-control-allow-headers: authorization

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 5427ms
337ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A31%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Mon, 07 Jun 2021 21:53:38 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60be9562-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 5278ms
194ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A32%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A31%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 5446ms
364ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A33%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A32%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222003%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 5274ms
195ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A33%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223004%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Mon, 07 Jun 2021 21:53:38 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60be9562-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 5255ms
181ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A34%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224005%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2225260%2C432890&time=1631691935744&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-s...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D2225260%252C432890%26time%3D1631691935744%26url%3Dhttps%253A%252F%252Fwww.sentine...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2225260%2C432890&time=1631691935744&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-s...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2225260%2C432890&time=1631691935744&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-...

0
0

GET
H2 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 20ms
18ms Stylesheet
text/css 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151507
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:36 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1645
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=259200
cf-ray: 68f03c8928f46969-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Sat, 18 Sep 2021 07:45:36 GMT

GET
H2 200 icon Show response
onesignal.com/api/v1/apps/acaf2329-c613-4dbe-a651-1ed5a45c3762/ 184 B
713 B 325ms
306ms Fetch
application/json 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/acaf2329-c613-4dbe-a651-1ed5a45c3762/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151507

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger(R) 6.0.8

Resource Hash

886abc149c92bbdebfc7755494a79d63b1725b53157259a0e9777df45f9b1d33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:36 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: Phusion Passenger(R) 6.0.8
status: 200 OK
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: be1052f8-13a6-4c53-97cb-4bf0fb406caf
x-runtime: 0.006638
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"886abc149c92bbdebfc7755494a79d63"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7200
cf-ray: 68f03c8988d40ea7-FRA
access-control-allow-headers: SDK-Version
expires: Wed, 15 Sep 2021 09:45:36 GMT

GET
H2 204 25019324.js Show response
bat.bing.com/p/action/ 0
110 B 32ms
31ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/p/action/25019324.js
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 15 Sep 2021 07:45:35 GMT
cache-control: private,max-age=86400
x-msedge-ref: Ref A: 876D397F4161412F8C5DD0FEB5DD91FF Ref B: FRAEDGE1311 Ref C: 2021-09-15T07:45:36Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
149 B 29ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=25019324&tm=gtm002&Ver=2&mid=48a6de5e-2322-4c94-8299-b592b160f027&sid=e9fb777015f811ec9a5a7b7b004ecf23&vid=e9fb8bf015f811ecbefc67e794fb16f4&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne&p=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&r=&lt=11779&evt=pageLoad&msclkid=N&sv=1&rn=203325
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 15 Sep 2021 07:45:35 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 596164227B0748428F4C64DFDCF43002 Ref B: FRAEDGE1311 Ref C: 2021-09-15T07:45:36Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tagjs Show response
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/tagjs?a_id=56252&source=js_tag
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag

125 B
454 B

32ms
32ms

Script
text/javascript

34.246.96.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.96.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-96-178.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 770edb1c919d611cb3ac06fd50af41a539e577496d259093192e811cfb4b1122

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 125
Content-Type: text/javascript

Redirect headers

Location: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 200 modules.5fe2f4f38cf4833026a9.js Show response
script.hotjar.com/ 221 KB
59 KB 5091ms
23ms Script
application/javascript 52.222.158.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.5fe2f4f38cf4833026a9.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-268571.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.158.24 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-158-24.cdg52.r.cloudfront.net

Software

Resource Hash

33d18bfaad19367135cba7d9096fba55164cd67b8e5819617c6d6b34bd43454b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 07:15:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 520241
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59626
access-control-allow-origin: *
last-modified: Thu, 09 Sep 2021 07:14:26 GMT
etag: "e8c5ca8d148a212696c04c37e713b2a1"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 c554699ee704a19f7545cb8005037199.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: CDG52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: DPGgwCaRBsd3RRK1b8Ve3sVIGo-jUjQ1s6hpE__Stbc5QxgNPcvAFg==

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/160/ 11 KB
5 KB 34ms
33ms Script
application/x-javascript 23.72.24.183
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/160/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.72.24.183 Paris, France, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-72-24-183.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
Content-Encoding: gzip
Last-Modified: Fri, 19 Feb 2021 02:54:38 GMT
Server: AkamaiNetStorage
ETag: "19a9335fd71267d56e65bc19390f3100:1613703278.138281"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4811
Expires: Fri, 24 Dec 2021 07:45:41 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/ 2 KB
2 KB 5106ms
34ms Script
text/javascript 2a00:1450:4007:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/?random=1631691936354&cv=9&fst=1631691936354&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9d0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&tiba=Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:813::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f6d041d1e10a9bb261aa940f9b6b3ca78b4ee8127998fabbe268d865a604c2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 07:45:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1113
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK sd Show response
api.brightfunnel.com/v1/ 4 B
523 B 5660ms
552ms XHR
application/json 52.222.174.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.brightfunnel.com/v1/sd
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.174.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-174-116.cdg50.r.cloudfront.net
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept: application/json
Referer: https://www.sentinelone.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
Via: 1.1 819cd2dd67161d301a9388e0baebb3e5.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P2
x-amzn-RequestId: afb90b78-24bc-4d67-8ba8-66cd46c8f3bf
X-Cache: Miss from cloudfront
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Amzn-Trace-Id: Root=1-6141a4a5-2e99b5b839c2483e1007a2de;Sampled=0
Connection: keep-alive
x-amz-apigw-id: Fsap5FX6IAMFW8g=
Content-Length: 4
X-Amz-Cf-Id: BKznkAz7jLr_WLcclYGwYlbtq6zyRtjx0Xzg1599ov4wVr47nkHkSA==

POST
H/1.1 200
OK sd Show response
api.brightfunnel.com/v1/ 4 B
523 B 5638ms
532ms XHR
application/json 52.222.174.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.brightfunnel.com/v1/sd
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.174.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-174-116.cdg50.r.cloudfront.net
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept: application/json
Referer: https://www.sentinelone.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
Via: 1.1 a5d054ec657be0f6c3a94aea7a055e24.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG50-P2
x-amzn-RequestId: 77e65b4d-d4b4-47ae-b5a1-3efd24871a98
X-Cache: Miss from cloudfront
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Amzn-Trace-Id: Root=1-6141a4a5-2e6869523af4f51d51b73e77;Sampled=0
Connection: keep-alive
x-amz-apigw-id: Fsap5HQHIAMFurw=
Content-Length: 4
X-Amz-Cf-Id: Kzk4P5D9MrtWzoHGmi1qbJ10jgy9b1GZLDgabKk6y8xBOew8QhVReg==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
210 B 30ms
29ms XHR
text/plain 2a00:1450:4007:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=636628111&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&ul=en-us&de=UTF-8&dt=Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEADQAAAAC~&jid=1376166434&gjid=649201058&cid=174382688.1631691936&tid=UA-38175129-1&_gid=1746637845.1631691936&_r=1&gtm=2wg9d0KGGXSJ&z=1876060040

Requested by

Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:812::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 07:45:36 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 101 KB
40 KB 33ms
33ms Script
application/javascript 2a00:1450:4007:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-K9ZDGR4&t=gtm7&cid=174382688.1631691936

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:812::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c72ed1d5c1a1291b8005d4f17f33dcd5c9db30464a95d3eaa813d0da07b0284a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:36 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40467
x-xss-protection: 0
expires: Wed, 15 Sep 2021 07:45:36 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 233ms
183ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A35%20GMT%22%2C%22timeSpent%22%3A%221016%22%2C%22totalTimeSpent%22%3A%225021%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 box-dfc01efbdc94bb0936d9a35a502b0b64.html Show response
vars.hotjar.com/ Frame 8DAF 2 KB
1 KB 5132ms
22ms Document
text/html 52.222.149.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-dfc01efbdc94bb0936d9a35a502b0b64.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-268571.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.149.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-149-2.cdg52.r.cloudfront.net
Software: /
Resource Hash: 88ca677c14d4217c2f6b8c8964a1d172027974c4c0839e4d531ad7d3d6de1987

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-dfc01efbdc94bb0936d9a35a502b0b64.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sentinelone.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/

Response headers

content-type: text/html
content-length: 1044
date: Tue, 20 Jul 2021 13:05:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "10714b84569172431728622d7c8098e4"
last-modified: Tue, 20 Jul 2021 13:04:43 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f2d6260772a832e76c8c1c6e49903138.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG52-P1
x-amz-cf-id: V-q7HdkpmKYYneBe6vvpn3clYGYdBBr2lDpfTsxXQebvJCt4SnCWWA==
age: 4905636

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
466 B 5124ms
24ms XHR
text/plain 2a00:1450:400c:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-38175129-1&cid=174382688.1631691936&jid=1376166434&gjid=649201058&_gid=1746637845.1631691936&_u=YEBAAEACQAAAAC~&z=515316436

Requested by

Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 15 Sep 2021 07:45:41 GMT
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloade... Show response
adservice.google.com/ddm/fls/i/ Frame 1FAC 727 B
942 B 5128ms
34ms Document
text/html 2a00:1450:4007:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F

Requested by

Host: 10466992.fls.doubleclick.net
URL: https://10466992.fls.doubleclick.net/activityi;dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80d::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2adc67978c435eb89b4d25b051802b5ca0cacb0bb92f9ee95783034d4ae269c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.com
:scheme: https
:path: /ddm/fls/i/dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://10466992.fls.doubleclick.net/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://10466992.fls.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 15 Sep 2021 07:45:41 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 452
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 77b6f85e-9da4-4d45-86d9-51617adb8f2d
img.onesignal.com/permanent/ 4 KB
4 KB 5034ms
14ms Image
image/png 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.onesignal.com/permanent/77b6f85e-9da4-4d45-86d9-51617adb8f2d
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23600677937c4e800aa1a50a451c6d196032d4b9a0e2e5f92f840af3ab3aef58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:41 GMT
cf-cache-status: HIT
age: 510
x-amz-meta-cache-control: public, maxage=604800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3768
x-amz-id-2: tD5QGNC1q1mTNa3q7HYlNJbbtYK4+MIwPm7VkvNk1e9J5EuZj/NDrzMZm3m8F0GBtNMAwwM1Ubk=
last-modified: Mon, 04 Jan 2021 23:21:42 GMT
server: cloudflare
etag: "9b97702edc961ca0af6f17ac34b36c16"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: MHQ2MJPTY3ZHBGHC
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 68f03caaf8726969-FRA
expires: Sat, 16 Oct 2021 07:45:41 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
130 B 25ms
24ms Image
image/gif 2a00:1450:4007:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j93&a=636628111&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&ul=en-us&de=UTF-8&dt=Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aGDAAEADQAAAAC~&jid=&gjid=&cid=174382688.1631691936&tid=UA-38175129-1&_gid=1746637845.1631691936&gtm=2wg9d0KGGXSJ&cd1=&cd2=iswex.com&cd3=&cd4=Germany&cd5=&z=362733978

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:812::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Sep 2021 23:12:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 30808
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 300800713594069 Show response
connect.facebook.net/signals/config/ 306 KB
88 KB 177ms
176ms Script
application/x-javascript 2a03:2880:f027:212:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/300800713594069?v=2.9.45&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f027:212:face:b00c:0:3 Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d00f764e4b4da43a138f23475584df139e8fbb08f0b9f64b1950ee2be3ed8608

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: zLikV1KAdGDbhF15wYdVYPMbYTvCfsSvfPiDDWNRTDzQIUNib/wEwrVGqEiNEpt0SRcxkH6n41cjIfSiKYJLOg==
x-fb-trip-id: 1781455057
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 15 Sep 2021 07:45:36 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 307303873637462 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 171ms
171ms Script
application/x-javascript 2a03:2880:f027:212:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/307303873637462?v=2.9.45&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f027:212:face:b00c:0:3 Chicago, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

fcc906e0aa2005fcd474ad9442624932482f06f373691ca3b48f2e127a1a073b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 4G4U0UUYhA87oFakfFoTcm7jdZJXcSfFX3Gf71JTixlBsVI6yDxR7r2jNK3Lu4qlWltMpvxvj5IfG0iOuaeMmg==
x-fb-trip-id: 1781455057
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 15 Sep 2021 07:45:37 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
159 B 1251ms
25ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=300800713594069&ev=PageView&dl=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&rl=&if=false&ts=1631691937268&sw=1600&sh=1200&v=2.9.45&r=stable&ec=0&o=30&fbp=fb.1.1631691937267.1593306762&it=1631691936683&coo=false&exp=p1&rqm=GET

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 15 Sep 2021 07:45:42 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
101 B 1238ms
25ms Image
image/gif 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=307303873637462&ev=PageView&dl=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&rl=&if=false&ts=1631691937272&sw=1600&sh=1200&v=2.9.45&r=stable&ec=0&o=30&fbp=fb.1.1631691937267.1593306762&it=1631691936683&coo=false&exp=p1&rqm=GET

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:42 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 15 Sep 2021 07:45:42 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 218ms
217ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=6e330760633200009ba44161e8000000e2052100&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A36%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226022%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8&an_uid=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame AAA6 0
241 B 5074ms
16ms Document
text/plain 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 5646
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://www.sentinelone.com
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sentinelone.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: https://www.sentinelone.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
date: Wed, 15 Sep 2021 07:45:42 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 60EA 0
31 B 5074ms
25ms Document
text/plain 2a03:2880:f130:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f130:83:face:b00c:0:25de , France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 5646
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
origin: https://www.sentinelone.com
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.sentinelone.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Origin: https://www.sentinelone.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
date: Wed, 15 Sep 2021 07:45:42 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 202ms
202ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=6e330760633200009ba44161e8000000e2052100&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227023%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8&an_uid=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 183ms
182ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=6e330760633200009ba44161e8000000e2052100&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A38%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%228025%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8&an_uid=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Mon, 07 Jun 2021 21:53:38 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60be9562-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 198ms
198ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=6e330760633200009ba44161e8000000e2052100&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A39%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%229026%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8&an_uid=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:41 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/ea333f827b114f8cb49ce787666ea90b/ 43 B
421 B 5438ms
103ms Image
image/gif 3.224.194.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/ea333f827b114f8cb49ce787666ea90b/pixel?j=1&u=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&tag=ViewContent&ts=1631691940800

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.224.194.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-224-194-150.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:47 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Q-Stat: ,948ebe44a786d99b66c935ee1ecc44aa,10.0.0.64,26110,194.36.108.19,,114833355397,1,1631691947.235,0.001,,.,0,0,0.000,0.004,-,0,0,197,135,67,10,26847,,,,,,-,
Content-Type: image/gif

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
336 B 5158ms
116ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.3&p_id=Twitter&p_user_id=0&txn_id=nv1yw&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 15 Sep 2021 07:45:47 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 44af8bfcc223afe45f948f29dfa97a74b71c43d63619c48f1b8153fb09926d8d
x-transaction: a7289d249d66040c
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
454 B 5160ms
112ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.3&p_id=Twitter&p_user_id=0&txn_id=nv1yw&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 15 Sep 2021 07:45:47 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: ab054fa5d0329e6cea3f83261c1845c05afe071c0ef3c2a9e80988717186037d
x-transaction: dbab616cf20f0bdc
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
125 B 5172ms
114ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1631691941371&id=t2_49y2da7g&event=PageVisit&m.itemCount=&m.value=&m.currency=&m.transactionId=&m.customEventName=&uuid=bf51ac3f-dd75-4ffb-a626-1a33735ba92f&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_a797b96e
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:47 GMT
via: 1.1 varnish
server: Varnish
accept-ranges: bytes
content-length: 42
retry-after: 0
content-type: image/gif

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 205ms
205ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=6e330760633200009ba44161e8000000e2052100&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A40%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%2210027%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8&an_uid=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:43 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST visitWebPage
327-mnm-087.mktoresp.com/webevents/ 0
0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 5104ms
32ms Image
image/gif 2a00:1450:4007:80c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-38175129-1&cid=174382688.1631691936&jid=1376166434&_u=YEBAAEACQAAAAC~&z=726010662

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80c::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 07:45:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
522 B 5109ms
32ms Image
image/gif 2a00:1450:4007:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-38175129-1&cid=174382688.1631691936&jid=1376166434&_u=YEBAAEACQAAAAC~&z=726010662

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:818::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 07:45:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloade... Show response
adservice.google.de/ddm/fls/i/ Frame A075 194 B
931 B 5098ms
31ms Document
text/html 2a00:1450:4007:818::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:818::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: adservice.google.de
:scheme: https
:path: /ddm/fls/i/dc_pre=CMuagJK-gPMCFTER0wodzWgBAA;src=10466992;type=sitew0;cat=sitew0;ord=2281407331344;gtm=2wg9d0;auiddc=297247889.1631691931;u1=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F;~oref=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://adservice.google.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://adservice.google.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 15 Sep 2021 07:45:46 GMT
expires: Wed, 15 Sep 2021 07:45:46 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 177
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 233ms
233ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=6e330760633200009ba44161e8000000e2052100&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A41%20GMT%22%2C%22timeSpent%22%3A%223002%22%2C%22totalTimeSpent%22%3A%2213029%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8&an_uid=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:46 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2

200

adsct
analytics.twitter.com/i/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=twtr
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_AGK2LBvnVHNVIsXl3

43 B
581 B

823ms
114ms

Image
image/gif

104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_AGK2LBvnVHNVIsXl3

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 15 Sep 2021 07:45:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
pragma: no-cache
last-modified: Wed, 15 Sep 2021 07:45:47 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 44af8bfcc223afe45f948f29dfa97a74b71c43d63619c48f1b8153fb09926d8d
x-transaction: c30c16f14c561fe1
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

Location: https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_AGK2LBvnVHNVIsXl3
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET

v1
ads.yahoo.com/cms/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=yah
https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_AGK2LBvnVHNVIsXl3&sigv=1&esig=2~68cc99a110daac54696115b47ed5da43caad664d

0
0

GET

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=opx
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_AGK2LBvnVHNVIsXl3

0
0

GET

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=rbcn
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_AGK2LBvnVHNVIsXl3

0
0

GET

pixel
cm.g.doubleclick.net/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=goo
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfQUdLMkxCdm5WSE5WSXNYbDM

0
0

GET
H/1.1 200
OK /
pixel-geo.prfct.co/seg/ 43 B
365 B 135ms
107ms Image
image/gif 34.246.96.178
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/seg/?add=4530935&source=js_tag&a_id=56252
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.246.96.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-246-96-178.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?t=2&add=4530935
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

43 B
1020 B

9ms
8ms

Image
image/gif

37.252.173.62
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.62 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 07:45:47 GMT
X-Proxy-Origin: 194.36.108.19; 194.36.108.19; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: ffd7cb97-26a4-4df1-8c39-84eee375fec7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 15 Sep 2021 07:45:47 GMT
X-Proxy-Origin: 194.36.108.19; 194.36.108.19; 535.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: f102bdeb-902e-4d62-be62-078079af5ae6
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET 268571
vc.hotjar.io/sessions/ 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/970186784/ 42 B
154 B 771ms
33ms Image
image/gif 2a00:1450:4007:80c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970186784/?random=1631691936354&cv=9&fst=1631689200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9d0&sendb=1&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&tiba=Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne&async=1&fmt=3&is_vtc=1&random=2553479563&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:80c::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 07:45:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/970186784/ 42 B
154 B 947ms
46ms Image
image/gif 2a00:1450:4007:818::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/970186784/?random=1631691936354&cv=9&fst=1631689200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg9d0&sendb=1&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&tiba=Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne&async=1&fmt=3&is_vtc=1&random=2553479563&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4007:818::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Sep 2021 07:45:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 193ms
193ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=6e330760633200009ba44161e8000000e2052100&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A44%20GMT%22%2C%22timeSpent%22%3A%223001%22%2C%22totalTimeSpent%22%3A%2216030%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8&an_uid=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:48 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Mon, 07 Jun 2021 21:53:38 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60be9562-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET ga.js
ga.clearbit.com/v1/ 0
0

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 178ms
178ms Image
image/gif 23.4.213.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=6e330760633200009ba44161e8000000e2052100&session=e5db222c-58be-483c-8e7f-b18bc0589312&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2015%20Sep%202021%2007%3A45%3A47%20GMT%22%2C%22timeSpent%22%3A%223001%22%2C%22totalTimeSpent%22%3A%2219031%22%7D&isIframe=false&m=%7B%22description%22%3A%22A%20new%20ZLoader%20campaign%20abuses%20Google%20Ads%20to%20target%20European%20banking%20institutions%20with%20signed%20MSI%20payloads%20and%20more%20than%20300%20domains.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Hide%20and%20Seek%20%7C%20New%20Zloader%20Infection%20Chain%20Comes%20With%20Improved%20Stealth%20and%20Evasion%20Mechanisms%20-%20SentinelOne%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&pageViewId=ed3a1080-1079-448b-8f5c-0dbcc20d4ff8&an_uid=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.4.213.149 London, United Kingdom, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-4-213-149.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Wed, 15 Sep 2021 07:45:50 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Mon, 07 Jun 2021 21:53:38 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60be9562-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: px4.ads.linkedin.com
URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2225260%2C432890&time=1631691935744&url=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&liSync=true&e_ipv6=AQJknloxuLTcDQAAAXvoazzpEMZsOaSPPq5ela827Dvdz9MN68qf1D1gyBIinrnv_zwm2oXN

Domain: 327-mnm-087.mktoresp.com
URL: https://327-mnm-087.mktoresp.com/webevents/visitWebPage?_mchNc=1631691941405&_mchCn=&_mchId=327-MNM-087&_mchTk=_mch-sentinelone.com-1631691941404-24398&_mchHo=www.sentinelone.com&_mchPo=&_mchRu=%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&_mchPc=https%3A&_mchVr=160&_mchEcid=&_mchHa=&_mchRe=&_mchQp=

Domain: ads.yahoo.com
URL: https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_AGK2LBvnVHNVIsXl3&sigv=1&esig=2~68cc99a110daac54696115b47ed5da43caad664d

Domain: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_AGK2LBvnVHNVIsXl3

Domain: pixel.rubiconproject.com
URL: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_AGK2LBvnVHNVIsXl3

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfQUdLMkxCdm5WSE5WSXNYbDM

Domain: vc.hotjar.io
URL: https://vc.hotjar.io/sessions/268571?s=0.25&r=0.15669004044169288

Domain: ga.clearbit.com
URL: https://ga.clearbit.com/v1/ga.js?authorization=pk_ed7b4bbadb390cf24ef37a1223019246

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sentinelone.com/	1969-12-31 23:59:59	Name: __cfredirector_sm Value: DE
.go.sentinelone.com/	1970-01-19 21:14:53	Name: __cf_bm Value: 18zlbOYuJ1R6YiMQXPg4iWHJKx9r3WtAg5AFWCnsySY-1631691925-0-AQ4s8Ho7VoYgjBjJxzsnC+PuUIlxeCXwbU/E5uZZzV1J0M9L1a5TFTsO9KDmP80s903Y8Z/m9VmEr/NY6oQJLdU=
go.sentinelone.com/	1969-12-31 23:59:59	Name: BIGipServerab14web-nginx-app_https Value: !yfShgXf1ZwOWcU/w/jjXoMq3bOgvMiYZfv6QoIXFjCIv8Efjnn4FztOGH5yX9CLbi5axW9Rfeg0jNkI=
www.sentinelone.com/	1970-01-20 14:46:03	Name: _tq_id.TV-45457227-1.802f Value: 7dcc73075613b127.1631691931.0.1631691931..
www.sentinelone.com/	1970-01-23 21:13:25	Name: _omappvp Value: EhofD1BgfbWVRpaydAucEfKKjjzul5JkcACv0Ygbhzh7r5O7FVPB3NqZPDn5cDrN3yd6jLEUztsScJvp0KL6NCMFawCCYSTx
www.sentinelone.com/	1970-01-19 21:14:53	Name: _omappvs Value: 1631691931193
.sentinelone.com/	1970-01-19 23:24:27	Name: _gcl_au Value: 1.1.297247889.1631691931
.6sc.co/	1970-01-20 14:46:03	Name: 6suuid Value: 6e330760633200009ba44161e8000000e2052100
.sentinelone.com/	1970-01-20 06:00:27	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Sep+15+2021+07%3A45%3A31+GMT%2B0000+(GMT)&version=6.23.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.sentinelone.com%2Flabs%2Fhide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms%2F&groups=C0003%3A0%2CC0001%3A1%2CC0002%3A0%2CC0004%3A0
www.sentinelone.com/	1970-01-20 14:46:03	Name: _gd_visitor Value: 7cb989bd-5419-41b5-8256-14d02c7ec518
www.sentinelone.com/	1970-01-19 21:15:06	Name: _gd_session Value: e5db222c-58be-483c-8e7f-b18bc0589312
.bing.com/	1970-01-20 06:36:27	Name: MUID Value: 33CFC1DF330E677517A2D16C32DC6692
.sentinelone.com/	1970-01-19 21:16:18	Name: _uetsid Value: e9fb777015f811ec9a5a7b7b004ecf23
.sentinelone.com/	1970-01-20 06:36:27	Name: _uetvid Value: e9fb8bf015f811ecbefc67e794fb16f4
.sentinelone.com/	1970-01-20 05:53:15	Name: bf_lead Value: 21i262j7pvb000
.sentinelone.com/	1970-01-20 14:46:03	Name: _ga Value: GA1.2.174382688.1631691936
.sentinelone.com/	1970-01-19 21:16:18	Name: _gid Value: GA1.2.1746637845.1631691936
.sentinelone.com/	1970-01-19 21:14:51	Name: _gat_UA-38175129-1 Value: 1
www.sentinelone.com/	1970-01-19 21:24:56	Name: _an_uid Value: 0
www.sentinelone.com/	1970-01-20 14:46:03	Name: _gd_svisitor Value: 6e330760633200009ba44161e8000000e2052100
.sentinelone.com/	1970-01-19 23:24:27	Name: _fbp Value: fb.1.1631691937267.1593306762
.sentinelone.com/	1970-01-19 23:24:27	Name: _rdt_uuid Value: 1631691941371.bf51ac3f-dd75-4ffb-a626-1a33735ba92f
.sentinelone.com/	1970-01-20 14:46:03	Name: _mkto_trk Value: id:327-MNM-087&token:_mch-sentinelone.com-1631691941404-24398
.linkedin.com/	1970-01-19 21:58:03	Name: UserMatchHistory Value: AQLzjJvSwhikkQAAAXvoayhJerhICO6E-Jyp31tVl2XHO5oZTVqOMnou9aUM7wLCTWJlu3Sd2gjCNQ
.linkedin.com/	1970-01-19 21:58:03	Name: AnalyticsSyncHistory Value: AQIfgqoy5wrS2wAAAXvoayhJEvh9XT5gLfGeSvKEab403-AMFxmm7CgWDV7E427Xqd7wlkWlEpqGdIi3B9berQ
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 14:46:45	Name: bcookie Value: "v=2&d5417bf2-155b-4f21-899e-1790fa1ebb9f"
.linkedin.com/	1970-01-19 21:16:18	Name: lidc Value: "b=VGST02:s=V:r=V:a=V:p=V:g=2433:u=1:x=1:i=1631691941:t=1631778341:v=2:sig=AQGhR_s1SwqHokz_tpcGTE4RGcGb_YRT"
.prfct.co/	1970-01-20 14:46:03	Name: pa_uid Value: pa_AGK2LBvnVHNVIsXl3
.prfct.co/	1970-01-20 14:46:03	Name: pa_twitter_ts Value: 1631691946238
.sentinelone.com/	1970-01-20 06:00:27	Name: _hjid Value: 26401524-515f-473e-af22-45c7d5187d0a
.sentinelone.com/	1970-01-19 21:14:53	Name: _hjFirstSeen Value: 1
.sentinelone.com/	1970-01-19 21:14:53	Name: _hjAbsoluteSessionInProgress Value: 1
.prfct.co/	1970-01-20 14:46:03	Name: pa_yahoo_ts Value: 1631691946371
.doubleclick.net/	1970-01-20 06:36:27	Name: IDE Value: AHWqTUkT4TyjsHL6xL9_7PDgN5a9fyQUKUyIiedFlEmcmvsw7NvGecsTgCIMZ2iq
.prfct.co/	1970-01-20 14:46:03	Name: pa_openx_ts Value: 1631691946523
.twitter.com/	1970-01-20 14:46:03	Name: personalization_id Value: "v1_2j/vSfEb+urR/8CEmH7vmg=="
.prfct.co/	1970-01-20 14:46:03	Name: pa_rubicon_ts Value: 1631691947095
.prfct.co/	1970-01-20 14:46:03	Name: pa_google_ts Value: 1631691947127
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 14:46:45	Name: bscookie Value: "v=1&202109150745478e615172-ee1b-46d7-8756-f9757208ff0bAQFCXrq5A-py64byyrQC8BiBhpllJjZe"
.linkedin.com/	1970-01-20 14:39:40	Name: li_gc Value: MTswOzE2MzE2OTE5NDc7MjswMjF5rSOKBYFjZOOJ65OT5VqJYKxqBBIoOb3JFg2uIs6G5A==
.adnxs.com/	1970-01-19 23:24:27	Name: uuid2 Value: 369990070829385881
.adnxs.com/	1970-01-19 23:24:27	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E>>?]^?D!@wnf-Te9(>wL5L!!'+X$QO1]

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.sentinelone.com/wp-json/wordpress-popular-posts/v1/popular-posts Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rebrandly.com/v1/links Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://api.omappapi.com/v2/embed/78190?d=sentinelone.com Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost;
Strict-Transport-Security	max-age=15768000;, max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM SAMEORIGIN, sentinelone.pathfactory.com, sentinelone.lookbookhq.com, assets.pathfactory.com, go.sentinelone.com, www.sentinelone.com, app.scalyr.com, app.eu.scalyr.com, localhost
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10466992.fls.doubleclick.net
327-mnm-087.mktoresp.com
899029.smushcdn.com
a.omappapi.com
a.quora.com
ads.yahoo.com
adservice.google.com
adservice.google.de
alb.reddit.com
analytics.twitter.com
api.brightfunnel.com
api.omappapi.com
api.rebrandly.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.abrankings.com
cdn.cookielaw.org
cdn.onesignal.com
cloud.typography.com
cm.g.doubleclick.net
collector-5527.tvsquared.com
connect.facebook.net
de.sentinelone.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
ga.clearbit.com
geolocation.onetrust.com
go.sentinelone.com
googleads.g.doubleclick.net
img.onesignal.com
j.6sc.co
munchkin.brightfunnel.com
munchkin.marketo.net
onesignal.com
pixel-geo.prfct.co
pixel.rubiconproject.com
px4.ads.linkedin.com
q.quora.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag.marinsm.com
us-u.openx.net
vars.hotjar.com
vc.hotjar.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.redditstatic.com
www.sentinelone.com
327-mnm-087.mktoresp.com
ads.yahoo.com
cm.g.doubleclick.net
ga.clearbit.com
pixel.rubiconproject.com
px4.ads.linkedin.com
us-u.openx.net
vc.hotjar.io
104.17.73.206
104.244.42.3
104.244.42.5
104.26.3.18
13.249.10.118
13.249.10.226
143.204.228.129
151.101.0.65
151.101.1.140
151.101.120.157
151.101.193.140
151.101.193.2
151.139.242.10
172.217.22.134
173.223.105.25
185.93.2.242
216.58.214.162
23.4.213.149
23.72.24.183
2600:9000:218d:400:11:8a36:7200:93a1
2606:4700:10::6814:b844
2606:4700::6810:9440
2606:4700::6812:e134
2606:4700::6812:e234
2620:12a:8000::2
2620:1ec:c11::200
2a00:1450:4007:807::200a
2a00:1450:4007:80c::2004
2a00:1450:4007:80d::2002
2a00:1450:4007:812::200e
2a00:1450:4007:813::2002
2a00:1450:4007:818::2002
2a00:1450:4007:818::2003
2a00:1450:4007:819::2003
2a00:1450:4007:819::2008
2a00:1450:400c:c09::9c
2a02:26f0:2b00:98b::25ea
2a03:2880:f027:212:face:b00c:0:3
2a03:2880:f130:83:face:b00c:0:25de
3.215.119.159
3.224.194.150
3.67.149.147
34.246.96.178
37.252.173.62
52.18.82.210
52.222.149.2
52.222.158.24
52.222.174.116
012743d9f8e3a8cb9fd4a9466aa2eb026a53d446d530d60440463e555ad0fc87
026c5db877da222d2316bf1197b8947a96c7623d51a4d462c91bf927dece3429
03f94ea8844e57c376e7fa137ca45fedfd4282be27aaa3d3ce25afe79dd7e375
04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0b7c52530d952eb5e5477810a259173f9bcef0432a2f1bde3e5183414278062a
0cfc74f37470c666d6ac10d4d7a933b923c13b29879134c0866c7de7dcee0310
0e45f3b0dad8aa0528790a6dd6dd2831bb8547129bd1320c10fd120118f44616
0fbee1118e2f0183e4f02ad8968e1758861d8872550d2ced4eba3bd43b239118
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1435fba8341a99fde5901812c625e465fb91316c9b208c69473b3986c2e1e414
145287b36883dd3061ca7aa9229a8fa9ace2cccd50e0382b4b6201f3916b57c5
15c2bee93924ba227132e2a5a601190bf7b1d10798c471a46b63a731ec1dc63e
167200bacd757a9680c326e9e32b5afdd72dfe4e86a139c1193e3016ce8b962a
17cb60a020f109cc40a23c9599471927ddb0bc7f64068b14218e3eed08f4e953
1f4513a435d6a3047d20a50c1e7d4263de42146c74be227f774b5e82e6357e75
23600677937c4e800aa1a50a451c6d196032d4b9a0e2e5f92f840af3ab3aef58
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689a0237a95cfd8135f8da3ac79c430e903f3c542f8b862f68141c84c348c43
2e635c4abcee1ef2c27859eb6193d67bc52dd21c6645e250c4c8fa1b1ce8231f
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
3109fef8b2a9ab71fca698483d2bae36d8fed772517c259dacce872e739bb690
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
335b59e615135313a66319e641cdad6ac3489a600e04d4181c859699bed4babe
33d18bfaad19367135cba7d9096fba55164cd67b8e5819617c6d6b34bd43454b
382a3f866bd3a0e4428c592fbe0f61ed62c34a19dba07cf24208b793e3b42d6a
392f196c197758bafbfb4a917625b5a20a84cd7977433a134140f9c6f745058f
3f6d041d1e10a9bb261aa940f9b6b3ca78b4ee8127998fabbe268d865a604c2b
444c83e95470e69f7355fcdb3a370c872025ae298b139090ff9f194ce28dea5b
49f1fe168324ed0f76fbbab536b991c992296cd48da5ce9dd8bc8ea55e2ef946
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c967c069f7a16252b2fa438ce43396ffaabb1479b5c6accab78f32604b8ade3
516cbc569d4e8f15ac7917f186a911d85fd0aaca2d0ca074a6583e95486af856
52df282a939bf914f841bc194e18f4748268363014ac33278a15d6352c53dfb2
534047d152df49b3ea66735a76a84aeaa993e3d193e8dff1daf39aff2d5fa43c
5466092ef0deb16007dc2e8e61eb345b380ab6663bd3ef41808ffb7360abd61a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5a164c7c15f8197903a11533e5fe6894fc3e75abf931897d86d039d0661e4bfc
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
5a4934fe889bc2f975cd69f0c35adc72107079ef0d36a139fa141b5219e0e6b0
5b86af60d9f8678ab66ac440e146e40656a7baa94b846811ed99b7cf8fb80f44
5c1282fb121104f5a505ecbfd7194e64c98db6b830684450dcfc478021d05257
62f3f809487194fcc55a3ebd88811a604ae496027bb425d4ebd15d9ae1921945
64d117a5cdaf7b8aa3bc5ff1abeec0e1d98b834782d49f34260c4e1ecc7ec4c2
653e8898152effb6bcfd48c02d16a24f19c2ce14464a739f0d46baea5b410f6a
6ce37504b0bc4d2f7d6deaadde5e930c751805e16b55de1d5f47aa576e0c9105
7125a66456daa35dd3e3e8cca4b9523e05caf0b4fa5bd5874676e7c6db40f3aa
717f6bb5f6cc69c444f54376a72dee0ca7968b2a12e7c9475247ec85c0e75a53
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
73146ee9ad929671914ab5b33a0ba26c878ca3a2db74f371ee267a87ff03aba0
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
770edb1c919d611cb3ac06fd50af41a539e577496d259093192e811cfb4b1122
7a0926a86f6e887b558ec7e581804ab926a2f14b55b554e46d8b8cdd7c5a10e0
7a5d0f939c5224a8efb5b96759dd0509360b5d071774bb702f788f37a00a8426
7e8ee8f9d56ca7e35629a7c16b9f1c09fbb1e7d19fe922833a2f4edec48bfeea
81bb4a6380a5c92815f5b29c91bd54cf0afb7e589ff95f30b1531140beefc5ea
831c52a6d641ff0145d3df87596c2c6cba356f8f5b65c82f826a273ec2db6a70
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
886abc149c92bbdebfc7755494a79d63b1725b53157259a0e9777df45f9b1d33
88ca677c14d4217c2f6b8c8964a1d172027974c4c0839e4d531ad7d3d6de1987
9551336c47f8a2d07a6805394faaf2d009c8e558dd6b2c236fd63594651db770
95f35e1959ce4156ff0c8342109ccbf64e6bbe029221053fed01d0e54e66be92
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
99fa5a280296b5fc7b63433ee121a359fc68c4a37f04a87d363e751164b96ff1
9a770a9945c68d533876376b67a9d4fecd52e9746200716753ef761ead6b3d5c
9bcdb94ad74931ea092ec31ed6aa7b1d7addd5cf819e8d374cd57883db25204a
9ec1002988b30be58344be55afcc9b1075519b3e2a96380b35ad343922e0d7ec
9ef6ab87d09a104298aa6fb0698c52559901475a3e22c31705ac53360dfe6dee
9fc5cafcc9a380057930c57fbf1005def9daf6a09bd8d906c068dd47a44ed32c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a463aa6666ce0abcabf8033013cfe881fdbfb570389aff471d400a45b3a496d4
aafb0b853e6f14505e98b62ae49d7009bbe60bc9027fb2fe2daa41725ac235d3
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace4208545fb0ff5ea87fbe1470d3bf0af8e73d7d52fea869966c4b9d8c78a60
adc0e2dacc10d6d2acec5ffc5b5346f30a3424ea0bfccff7b902b6a594878a18
adedd0befd73ee02e5480f500d1c8518bc6ab5ec39f4f06024102f53e8c0a683
afe6f624a4f930498de50d6dfee8f702aa462f00101ec703a29607242b459dd5
b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c
b70aa192cf670ffbccd24885ff71e159e03c809b890abe15e74cce9f497dd8e5
b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe
ba0429c39149c85d1a9b6d03e40a59de57367d1fd22bbab68bee7e0b17c05f2d
c254279147099e0b696b281d62b436b8aed42fb0f3abf1ba17abc398ca6c90e2
c66c8be72f0f2c0a85d3693ebd2e5a480c5b1d4e705c065cd7117dddfe3f6957
c72ed1d5c1a1291b8005d4f17f33dcd5c9db30464a95d3eaa813d0da07b0284a
ca8e60ba9a281ae41f019d64c681ba7b523d7b9c839db4d41eb042dcbaad8b7a
cecd66b40825f009ded6693a91e1b0922bb5d130c048cd65ec3e2d1d7c8c6b40
d00f764e4b4da43a138f23475584df139e8fbb08f0b9f64b1950ee2be3ed8608
d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393
d11abf7d6f4725555bfd3493838bae4afe645ac11b8a4a62ef92daf760b03b56
d692a67352a3dfa80010c86a62761cfff05c0b1086618106a8576cc45a6a8115
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dc380695af9f92a38f1570106049fb6d12f0a0aa3a2fe0ac1fb04801eeabfa0d
dc899f9f8942979010cca601dee6f3f0c6f5b755babd44b629627fee02a71743
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd7ec90bdddc830689a2a4e0b9d3864cd99aa688309ce12c36c625bb5c154398
de02e745c51299417a1126c3707d033de02baef0f9be8fed07185c1a6b74eac1
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de51ba53b38ba54ff68c8d8446802ae1a917d5c456494d88e3bb9d488dc605b9
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dffb8445d323b773f33e3b74ac0299023ce55d0447ed937cef0509e2fb0b152a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae2c34014a512a5bebe4a87261c00c87807d4d185dfe1bc0cc09eae0592e6ae
eb14baeac955bb11e33cd7fd3fd2f698cf20db1b450325f45ea843b6cdc82366
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6de6beb1cf5bf809eccfe10f99aea0e0969c71d4eab5446410fef72695679f
f0c71e3da5b3fcab3c66af1cf0cdbf262c97b9330b7b37116f1ae2ab18bdc660
f0dbd5ad7b0ead52f6375610e738f5727261715f392d0892047e160f50138f5d
f11788b74e8b93c09600deff2acb0dcb49ff7c091b6ed5e40ea88fa341f22fdd
f2adc67978c435eb89b4d25b051802b5ca0cacb0bb92f9ee95783034d4ae269c
f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70
f7c3506f6898931ea944281f196458adbe9fa7d6580913ee3d606fc022e4338a
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fb0ccd0e560efc5118401105d0d9d26940ddc759fd534f465339466d575cde02
fc3419dfcbb807a6b5eef174b856019cdab3110f22cd3f48e41403a509238399
fcc906e0aa2005fcd474ad9442624932482f06f373691ca3b48f2e127a1a073b
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

www.sentinelone.com Open in urlscan Pro 104.26.3.18 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

146 Requests

95 %HTTPS

42 %IPv6

43 Domains

59 Subdomains

48 IPs

7 Countries

2759 kBTransfer

5904 kBSize

44 Cookies

39 Outgoing links

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

www.sentinelone.com Open in urlscan Pro
104.26.3.18 Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

95 %
HTTPS

42 %
IPv6

43
Domains

59
Subdomains

48
IPs

7
Countries

2759 kB
Transfer

5904 kB
Size

44
Cookies

146 HTTP transactions
12 data transactions