www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Submission: On February 06 via api (February 6th 2023, 9:09:50 am UTC) from IN — Scanned from DE

Summary HTTP 230 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 67 IPs in 9 countries across 58 domains to perform 230 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com. The Cisco Umbrella rank of the primary domain is 171990.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on April 25th 2022. Valid for: a year.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	2a02:e980:107... 2a02:e980:107::cf	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:400d:80a::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400d:806::2008	15169 (GOOGLE) (GOOGLE)
7	104.16.96.80 104.16.96.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:1244	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.64.124.188 104.64.124.188	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:402... 2a00:1450:4025:401::9a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80d::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2001:4860:480... 2001:4860:4802:34::178	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	13.32.27.15 13.32.27.15	16509 (AMAZON-02) (AMAZON-02)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 6	54.229.65.185 54.229.65.185	16509 (AMAZON-02) (AMAZON-02)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2606:4700::68... 2606:4700::6812:1e49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:809::2013	15169 (GOOGLE) (GOOGLE)
65	143.204.215.12 143.204.215.12	16509 (AMAZON-02) (AMAZON-02)
1	51.11.20.152 51.11.20.152	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:c9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	95.101.176.89 95.101.176.89	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	37.252.171.84 37.252.171.84	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:211... 2600:9000:211e:d400:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	216.200.122.11 216.200.122.11	6461 (ZAYO-6461) (ZAYO-6461)
2 2	142.250.180.198 142.250.180.198	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	158.255.109.19 158.255.109.19	8218 (NEO-ASN l...) (NEO-ASN legacy Neotelecoms)
1	34.225.204.170 34.225.204.170	14618 (AMAZON-AES) (AMAZON-AES)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
2	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	13.32.27.54 13.32.27.54	16509 (AMAZON-02) (AMAZON-02)
4	2600:9000:206... 2600:9000:206f:6400:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
5 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
2 3	52.28.41.26 52.28.41.26	16509 (AMAZON-02) (AMAZON-02)
1	54.76.108.148 54.76.108.148	16509 (AMAZON-02) (AMAZON-02)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	104.111.216.120 104.111.216.120	16625 (AKAMAI-AS) (AKAMAI-AS)
1 7	2600:9000:211... 2600:9000:211e:a000:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
2 4	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
1	143.204.215.95 143.204.215.95	16509 (AMAZON-02) (AMAZON-02)
1	98.98.134.241 98.98.134.241	21859 (ZEN-ECN) (ZEN-ECN)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
12 15	2a05:d018:cc3... 2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8	16509 (AMAZON-02) (AMAZON-02)
1	69.192.161.152 69.192.161.152	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.240.211.162 34.240.211.162	16509 (AMAZON-02) (AMAZON-02)
1 1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1	64.202.112.223 64.202.112.223	23352 (SERVERCEN...) (SERVERCENTRAL)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:350... 2a02:26f0:3500:2aa::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
2	18.156.168.138 18.156.168.138	16509 (AMAZON-02) (AMAZON-02)
4	34.193.113.164 34.193.113.164	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.215.77 143.204.215.77	16509 (AMAZON-02) (AMAZON-02)
230	67

27 2a02:e980:107::cf (United States)

ASN19551 (INCAPSULA, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80a::200e (Ireland)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:806::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.16.96.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-abj.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1244 (United States)

ASN13335 (CLOUDFLARENET, US)

geoip-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.64.124.188 (Prague, Czech Republic)

ASN16625 (AKAMAI-AS, US)
PTR: a104-64-124-188.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4025:401::9a (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80d::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80e::2002 (Ireland)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-15.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.229.65.185 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-65-185.eu-west-1.compute.amazonaws.com

ads.avocet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:1e49 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

visitor.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

65 143.204.215.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-12.fra53.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.11.20.152 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.chip2gift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:c9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 95.101.176.89 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-176-89.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.171.84 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:d400:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.122.11 (Reno, United States) 1 redirects

ASN6461 (ZAYO-6461, US)
PTR: 216.200.122.11.IPYX-141870-ZYO.zip.zayo.com

gwmtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.180.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s33-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.255.109.19 (France)

ASN8218 (NEO-ASN legacy Neotelecoms, FR)

track.accountinsight.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.225.204.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-204-170.compute-1.amazonaws.com

data.adxcel-ec2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

309-rhv-619.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:206f:6400:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 5 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.28.41.26 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-41-26.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.108.148 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-108-148.eu-west-1.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.216.120 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-216-120.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:211e:a000:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

10487471.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4788165.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-95.fra53.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.241 (United States)

ASN21859 (ZEN-ECN, US)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8 (Dublin, Ireland) 12 redirects

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.161.152 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-161-152.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.240.211.162 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-211-162.eu-west-1.compute.amazonaws.com

ipv4.d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.223 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.215 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:2aa::1c91 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Lake Oswego, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.156.168.138 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-168-138.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.193.113.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-113-164.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-77.fra53.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	driftt.com js.driftt.com — Cisco Umbrella Rank: 5053	746 KB
27	proofpoint.com www.proofpoint.com — Cisco Umbrella Rank: 171990	6 MB
23	adroll.com 13 redirects s.adroll.com — Cisco Umbrella Rank: 2416 d.adroll.com — Cisco Umbrella Rank: 1473 ipv4.d.adroll.com — Cisco Umbrella Rank: 11010	36 KB
11	doubleclick.net 5 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 78 googleads.g.doubleclick.net — Cisco Umbrella Rank: 29 ad.doubleclick.net — Cisco Umbrella Rank: 184 10487471.fls.doubleclick.net — Cisco Umbrella Rank: 449712 4788165.fls.doubleclick.net — Cisco Umbrella Rank: 447539 cm.g.doubleclick.net — Cisco Umbrella Rank: 211	7 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 6471 c.6sc.co — Cisco Umbrella Rank: 9410 ipv6.6sc.co — Cisco Umbrella Rank: 6922 b.6sc.co — Cisco Umbrella Rank: 4703	14 KB
8	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 353 www.linkedin.com — Cisco Umbrella Rank: 575 px4.ads.linkedin.com — Cisco Umbrella Rank: 6074	5 KB
8	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4470 adservice.google.com — Cisco Umbrella Rank: 70 www.google.com — Cisco Umbrella Rank: 2	2 KB
7	marketo.com app-abj.marketo.com — Cisco Umbrella Rank: 493951	144 KB
5	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 314	10 KB
5	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8677	3 KB
4	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 5913 metrics.api.drift.com — Cisco Umbrella Rank: 5774	363 B
4	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 814	1 KB
4	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 409 ib.adnxs.com — Cisco Umbrella Rank: 203	4 KB
4	avct.cloud 2 redirects ads.avct.cloud — Cisco Umbrella Rank: 3490	2 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5986	689 B
3	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1596 m.addthis.com — Cisco Umbrella Rank: 1568	140 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	234 B
3	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 281	1015 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14526 ibc-flow.techtarget.com — Cisco Umbrella Rank: 18951	2 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	244 KB
3	reactful.com visitor.reactful.com — Cisco Umbrella Rank: 89146	105 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 620 script.hotjar.com — Cisco Umbrella Rank: 815 vars.hotjar.com — Cisco Umbrella Rank: 855	72 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 351	12 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 21	20 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	259 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 10463	576 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 524	2 KB
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 623	610 B
2	t.co t.co — Cisco Umbrella Rank: 531	605 B
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4474	2 KB
2	avocet.io 2 redirects ads.avocet.io — Cisco Umbrella Rank: 8780	280 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 707	10 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3037	6 KB
2	geoip-js.com geoip-js.com — Cisco Umbrella Rank: 12804	2 KB
1	company-target.com api.company-target.com — Cisco Umbrella Rank: 3420	514 B
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 208	528 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 329	140 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 919	90 B
1	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 274	125 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 872	494 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 720
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 417	273 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 308	239 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 428	1 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 975	550 B
1	sitescout.com pixel.sitescout.com — Cisco Umbrella Rank: 3433	267 B
1	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 986	428 B
1	mktoresp.com 309-rhv-619.mktoresp.com — Cisco Umbrella Rank: 390569	318 B
1	adxcel-ec2.com data.adxcel-ec2.com — Cisco Umbrella Rank: 3666	131 B
1	accountinsight.cloud track.accountinsight.cloud — Cisco Umbrella Rank: 182967	399 B
1	gwmtracking.com 1 redirects gwmtracking.com — Cisco Umbrella Rank: 18423	389 B
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 19592	234 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 16322	279 B
1	chip2gift.com secure.chip2gift.com — Cisco Umbrella Rank: 339313	304 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 625	15 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34	1 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 167	17 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 925	43 KB
230	58

	Domain	Requested by
65	js.driftt.com	www.proofpoint.com js.driftt.com
27	www.proofpoint.com	www.proofpoint.com
15	d.adroll.com	12 redirects s.adroll.com www.proofpoint.com
7	b.6sc.co
7	s.adroll.com	1 redirects www.googletagmanager.com s.adroll.com www.proofpoint.com d.adroll.com
7	app-abj.marketo.com	www.proofpoint.com app-abj.marketo.com
5	js-agent.newrelic.com	www.proofpoint.com
5	tracking.g2crowd.com	www.proofpoint.com
4	px.ads.linkedin.com	4 redirects
4	cdn.linkedin.oribi.io	snap.licdn.com
4	ads.avct.cloud	2 redirects www.proofpoint.com
4	www.google.de	www.proofpoint.com
3	www.facebook.com	www.proofpoint.com
3	x.bidswitch.net	2 redirects www.proofpoint.com
3	www.google.com	www.proofpoint.com
3	px4.ads.linkedin.com	www.proofpoint.com 4788165.fls.doubleclick.net 10487471.fls.doubleclick.net
3	adservice.google.com	www.proofpoint.com 10487471.fls.doubleclick.net 4788165.fls.doubleclick.net
3	secure.adnxs.com	2 redirects j.6sc.co
3	connect.facebook.net	www.proofpoint.com connect.facebook.net
3	visitor.reactful.com	www.proofpoint.com visitor.reactful.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.proofpoint.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.googletagmanager.com	www.proofpoint.com www.googleoptimize.com
2	metrics.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	epsilon.6sense.com	j.6sc.co
2	dsum-sec.casalemedia.com	1 redirects www.proofpoint.com
2	4788165.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	10487471.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	s7.addthis.com	www.proofpoint.com s7.addthis.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	analytics.twitter.com	www.proofpoint.com
2	t.co	www.proofpoint.com
2	ad.doubleclick.net	2 redirects
2	dev.visualwebsiteoptimizer.com	www.proofpoint.com
2	ads.avocet.io	2 redirects
2	snap.licdn.com	www.proofpoint.com 10487471.fls.doubleclick.net
2	googleads.g.doubleclick.net	www.googleadservices.com www.googletagmanager.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	geoip-js.com	www.proofpoint.com geoip-js.com
1	api.company-target.com	js.driftt.com
1	bam.nr-data.net	js-agent.newrelic.com
1	m.addthis.com	s7.addthis.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	ib.adnxs.com	www.proofpoint.com
1	eb2.3lift.com	www.proofpoint.com
1	sync.taboola.com	www.proofpoint.com
1	ups.analytics.yahoo.com	www.proofpoint.com
1	image2.pubmatic.com	www.proofpoint.com
1	sync.outbrain.com	www.proofpoint.com
1	us-u.openx.net	www.proofpoint.com
1	pixel.rubiconproject.com	www.proofpoint.com
1	cm.g.doubleclick.net	1 redirects
1	ipv4.d.adroll.com	www.proofpoint.com
1	z.moatads.com	s7.addthis.com
1	pixel.mathtag.com	4788165.fls.doubleclick.net
1	pixel.sitescout.com	10487471.fls.doubleclick.net
1	vars.hotjar.com	static.hotjar.com
1	jadserve.postrelease.com	www.proofpoint.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	309-rhv-619.mktoresp.com	munchkin.marketo.net
1	data.adxcel-ec2.com	www.proofpoint.com
1	track.accountinsight.cloud	www.proofpoint.com
1	gwmtracking.com	1 redirects
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	j.6sc.co	www.proofpoint.com
1	trk.techtarget.com	www.proofpoint.com
1	secure.chip2gift.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	fonts.googleapis.com	www.proofpoint.com
1	www.googleadservices.com	www.proofpoint.com
1	www.googleoptimize.com	www.proofpoint.com
230	78

This site contains links to these domains. Also see Links.

Domain
proofpointcommunities.force.com
digitalrisk.proofpoint.com
emaildefense.proofpoint.com
threatintel.proofpoint.com
us1.proofpointessentials.com
partners.proofpoint.com
go.proofpoint.com
v1.addthis.com
github.com
ipcheck.proofpoint.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
proofpoint.com Sectigo RSA Organization Validation Secure Server CA	`2022-04-25` - `2023-04-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
app-abj.marketo.com Cloudflare Inc ECC CA-3	`2022-05-05` - `2023-05-05`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-16` - `2023-06-16`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.hotjar.com Amazon	`2022-10-25` - `2023-11-23`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2022-07-04` - `2023-08-05`	a year	crt.sh
*.reactful.com Go Daddy Secure Certificate Authority - G2	`2022-05-11` - `2023-05-09`	a year	crt.sh
drift.com Amazon	`2022-08-24` - `2023-09-21`	a year	crt.sh
secure.norm0care.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-13` - `2023-06-13`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-15` - `2023-02-13`	3 months	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
*.accountinsight.cloud Sectigo RSA Domain Validation Secure Server CA	`2022-06-10` - `2023-06-26`	a year	crt.sh
adxcel-ec2.com Amazon	`2022-10-18` - `2023-11-16`	a year	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-02-05` - `2023-05-06`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
s.adroll.com Amazon	`2022-07-03` - `2023-08-01`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh
*.6sense.com Amazon	`2022-05-31` - `2023-06-29`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-09-16` - `2023-10-18`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Frame ID: E1E73904A174DDE5C836A48AA6B50EF4
Requests: 157 HTTP requests in this frame

Frame: https://10487471.fls.doubleclick.net/activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Frame ID: 640AF249EC3F4F8EE35854FBED05B510
Requests: 6 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582
Frame ID: 96098719FAEBFAFF36EBD217DD3C866C
Requests: 4 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html
Frame ID: F8D63084E16421CBD418B9CB73A13692
Requests: 1 HTTP requests in this frame

Frame: https://app-abj.marketo.com/index.php/form/XDFrame
Frame ID: 037B4780759B8923F0C066FD3E0B1F03
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Frame ID: EBB0AB789A73CEF38D8EFBE22A1C65D7
Requests: 32 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
Frame ID: F8ABE0255C1ABB807F493A6BCAF6092E
Requests: 34 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: F597D60002A450632C30277B8B2FC5D4
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 803DF8C42B939D900852FB6E89B67B58
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OneNote Documents Increasingly Used to Deliver Malware | Proofpoint USFacebookTwitterLinkedInEmail App

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

230
Requests

90 %
HTTPS

35 %
IPv6

58
Domains

78
Subdomains

67
IPs

9
Countries

7667 kB
Transfer

14613 kB
Size

64
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://proofpointcommunities.force.com/community/s/
Title: Support Log-in

Search URL Search Domain Scan URL

URL: https://digitalrisk.proofpoint.com/
Title: Digital Risk Portal

Search URL Search Domain Scan URL

URL: https://emaildefense.proofpoint.com/login.php
Title: Email Fraud Defense

Search URL Search Domain Scan URL

URL: https://threatintel.proofpoint.com/
Title: ET Intelligence

Search URL Search Domain Scan URL

URL: https://us1.proofpointessentials.com/app/login.php
Title: Proofpoint Essentials

Search URL Search Domain Scan URL

URL: https://proofpointcommunities.force.com/community
Title: Sendmail Support Log-in

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/
Title: Channel PartnersBecome a channel partner. Deliver Proofpoint solutions to your customers and grow your business.

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/prm/English/s/applicant
Title: Become a Channel Partner

Search URL Search Domain Scan URL

URL: https://go.proofpoint.com/New-Perimeters.html
Title: New Perimeters MagazineGet the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts.

Search URL Search Domain Scan URL

URL: https://go.proofpoint.com/cpe-credit-overview.html?utm_source=website
Title: Watch now to earn your CPE credits

Search URL Search Domain Scan URL

URL: https://v1.addthis.com/live/redirect/?url=mailto%3A%3Fbody%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fblog%252Fthreat-insight%252Fonenote-documents-increasingly-used-to-deliver-malware%2523.Y-DD2IYBIBA.mailto%26subject%3DOneNote%2520Documents%2520Increasingly%2520Used%2520to%2520Deliver%2520Malware%2520%2520%257C%2520Proofpoint%2520US&uid=63e0c3d8ec5d2583&pub=&rev=v8.28.8-wp&per=undefined&pco=tbx32-300
Title: Email App

Search URL Search Domain Scan URL

URL: https://github.com/MREXw?tab=repositories
Title: MREXw

Search URL Search Domain Scan URL

URL: https://ipcheck.proofpoint.com/
Title: IP Address Blocked?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/proofpoint
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/proofpoint
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/proofpoint
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j HTTP 307
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j HTTP 307
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

Request Chain 61

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j HTTP 307
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j HTTP 307
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

Request Chain 67

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=8129852076532443161

Request Chain 68

https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=763734785 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CI7C5qLGgP0CFUMqGAodXBINpA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CI7C5qLGgP0CFUMqGAodXBINpA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Request Chain 79

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1675674583125&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1675674583125%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fblog%252Fthreat-insight%252Fonenote-documents-increasingly-used-to-deliver-malware%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1675674583125&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1675674583125&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&liSync=true&e_ipv6=AQLgXMxyadg6xQAAAYYl_QL-soUfWxeV16Q26-aU1gROTpe7kc777KkNCHBOTbVQuqW6KClPXgwX_Ec0tY52oNbIcwQLqQ

Request Chain 94

https://x.bidswitch.net/sync?dsp_id=59&user_group=2&user_id=22d8e09a-1f93-43c3-bc94-833699a62d2a HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=59&user_group=2&user_id=22d8e09a-1f93-43c3-bc94-833699a62d2a HTTP 302
https://jadserve.postrelease.com/suid/1011?vk=bcd375df-a9f0-4d34-a8be-4ac0a97c1c61

Request Chain 108

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware HTTP 302
https://10487471.fls.doubleclick.net/activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware

Request Chain 109

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582 HTTP 302
https://4788165.fls.doubleclick.net/activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582

Request Chain 119

https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 124

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQKP897j7wUkpAAAAYYl_QS1Ohut0z-Tcp3rAsh5-Loal9rjBBY4RDBiPefbyyYXZ9hsbTy_FczA86S_759EjXrqShS8Kw

Request Chain 128

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1675674584202&url=https%3A%2F%2Fwww.proofpoint.com%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1675674584202&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQI8ZXBYTrfqpQAAAYYl_QTF187K5MsoeW2CFZgYbCMj7ktAiXP2cr_yxRPT-LyBeR1DtLr3lPenDn8isFrDWqHnZUUrAw

Request Chain 131

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

Request Chain 135

https://d.adroll.com/cm/b/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc

Request Chain 136

https://d.adroll.com/cm/g/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=Luepr6Uj2-3W1B13fI-4Zw HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 137

https://d.adroll.com/cm/index/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expiration=1707210584 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expiration=1707210584&C=1

Request Chain 139

https://d.adroll.com/cm/n/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expires=365

Request Chain 140

https://d.adroll.com/cm/o/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ee7a9afa523dbedd6d41d777c8fb867&gdpr=1&gdpr_consent=

Request Chain 141

https://d.adroll.com/cm/outbrain/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=

Request Chain 142

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 143

https://d.adroll.com/cm/r/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 144

https://d.adroll.com/cm/taboola/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc

Request Chain 145

https://d.adroll.com/cm/triplelift/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&dongle=c85e

Request Chain 146

https://d.adroll.com/cm/x/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc

230 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request onenote-documents-increasingly-used-to-deliver-malware Show response
www.proofpoint.com/us/blog/threat-insight/ 182 KB
33 KB 1568ms
750ms Document
text/html 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

f075862042ebde742aed537c14b94385831d14760eb33a8ae7e887a49fe340c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 62170
Cache-Control: max-age=86400, public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 32119
Content-Type: text/html; charset=UTF-8
Content-language: en
Date: Mon, 06 Feb 2023 09:09:41 GMT
ETag: "1675558390"
Expires: Mon, 06 Feb 2023 00:53:10 GMT
Feature-Policy: geolocation 'self'
Last-Modified: Sun, 05 Feb 2023 00:53:10 GMT
Link: <https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware>; rel="canonical", <https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware>; rel="shortlink"
Permissions-Policy: interest-cohort=()
Referrer-Policy: origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Cookie,Accept-Encoding
Via: varnish
X-AH-Environment: prod
X-CDN: Imperva
X-Cache: HIT
X-Cache-Hits: 422
X-Content-Type-Options: nosniff
X-Drupal-Cache: HIT
X-Drupal-Dynamic-Cache: HIT
X-Frame-Options: SAMEORIGIN
X-Generator: Drupal 9 (https://www.drupal.org)
X-Iinfo: 18-91592777-91592809 NNNY CT(293 587 0) RT(1675674580297 163) q(0 0 0 0) r(3 6) U2
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: v-3cd1cb2e-a56d-11ed-b8db-7be4d607842a
X-UA-Compatible: IE=edge

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 108 KB
43 KB 121ms
46ms Script
application/javascript 2a00:1450:400d:80a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a168e0f3762d6f18eeddb33559de8221e7b4478932895416260ccacff18f332a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 43210
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 06 Feb 2023 09:09:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 116ms
53ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce6274ec5a980cf17f8db07b971ad1626135b9af40f7a3ae55b167240e46fc22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79080
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 06 Feb 2023 09:09:41 GMT

GET
H/1.1 200
OK proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 18 KB
18 KB 164ms
160ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "01c16c31"
X-Iinfo: 18-91592778-0 0CNN RT(1675674580299 930) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=129739, public
Content-Length: 18296
Expires: Tue, 07 Feb 2023 21:12:00 GMT

GET
H/1.1 200
OK RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 478ms
160ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "39ed386e"
X-Iinfo: 18-91592966-0 0CNN RT(1675674581386 159) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=128738, public
Content-Length: 21036
Expires: Tue, 07 Feb 2023 20:55:19 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 20 KB
20 KB 478ms
160ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "3a88d25f"
X-Iinfo: 16-44537185-0 0CNN RT(1675674581387 158) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=128739, public
Content-Length: 19976
Expires: Tue, 07 Feb 2023 20:55:20 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 16 KB
17 KB 479ms
160ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "80852160"
X-Iinfo: 18-91592967-0 0CNN RT(1675674581387 160) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=129743, public
Content-Length: 16540
Expires: Tue, 07 Feb 2023 21:12:04 GMT

GET
H/1.1 200
OK RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 479ms
160ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "8df65834"
X-Iinfo: 6-4407426-0 0CNN RT(1675674581387 159) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=128740, public
Content-Length: 21384
Expires: Tue, 07 Feb 2023 20:55:21 GMT

GET
H/1.1 200
OK css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
www.proofpoint.com/sites/default/files/css/ 25 KB
5 KB 299ms
160ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Sat, 17 Dec 2022 00:11:13 GMT
X-CDN: Imperva
Etag: "032a9b05"
Content-Type: text/css
X-Iinfo: 18-91592777-0 0CNN RT(1675674580297 1070) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=131600, public
Content-Length: 4376
Expires: Tue, 07 Feb 2023 21:43:01 GMT

GET
H/1.1 200
OK css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css
www.proofpoint.com/sites/default/files/css/ 3 MB
1 MB 459ms
160ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

38a674c1fcaa31a7e02046bda9fbc303302a9c1735ef872094ec2cdc702da640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 01 Feb 2023 00:14:23 GMT
X-CDN: Imperva
Etag: "eaf34da6"
Content-Type: text/css
X-Iinfo: 18-91592777-0 0CNN RT(1675674580297 1230) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=761532, public
Content-Length: 1149569
Expires: Wed, 15 Feb 2023 04:41:53 GMT

GET
H/1.1 200
OK js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js Show response
www.proofpoint.com/sites/default/files/js/ 310 B
706 B 481ms
163ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:18:32 GMT
X-CDN: Imperva
Etag: "2c787c81"
Content-Type: text/javascript
X-Iinfo: 18-91592778-0 0CNN RT(1675674580299 1251) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=338555, public
Content-Length: 235
Expires: Fri, 10 Feb 2023 07:12:16 GMT

GET
H/1.1 200
OK modernizr.min.js Show response
www.proofpoint.com/modules/custom/pp_theme/js/ 5 KB
3 KB 651ms
169ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/modules/custom/pp_theme/js/modernizr.min.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

084390577243b6986d5564d152916a37a3124305e11b2817d0c2eabc863e081b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 03 Feb 2021 00:23:16 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 18-91592778-0 0CNN RT(1675674580299 1422) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=128739, public
Content-Length: 2533
Expires: Tue, 07 Feb 2023 20:55:20 GMT

GET
H/1.1 200
OK modernizr-additional-tests.js Show response
www.proofpoint.com/core/misc/ 652 B
870 B 792ms
159ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/misc/modernizr-additional-tests.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

9b7b5d56054f5bab6ea5dfd9472ceb900f406a8a35a3df5b17b606521a411a35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 28 Oct 2021 00:38:28 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 18-91592966-0 0CNN RT(1675674581386 476) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=128739, public
Content-Length: 411
Expires: Tue, 07 Feb 2023 20:55:20 GMT

GET
H/1.1 200
OK logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 162ms
160ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "13fdd2ef"
Content-Type: image/svg+xml
X-Iinfo: 6-4407426-0 0CNN RT(1675674581387 1100) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=129756, public
Content-Length: 1124
Expires: Tue, 07 Feb 2023 21:12:18 GMT

GET
H/1.1 200
OK pfpt-sb-nav-promo-696x708.png
www.proofpoint.com/sites/default/files/nav-promo-images/ 581 KB
582 KB 162ms
160ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/nav-promo-images/pfpt-sb-nav-promo-696x708.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

32dffddd1bfd33d7568ee8501d3a7dc111f7b8177bd78b41fa668328f0ed8dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Oct 2022 23:44:13 GMT
X-CDN: Imperva
Etag: "685ed7ba"
Content-Type: image/png
X-Iinfo: 18-91592967-0 0CNN RT(1675674581387 1101) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=128752, public
Content-Length: 595407
Expires: Tue, 07 Feb 2023 20:55:34 GMT

GET
H/1.1 200
OK home.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 784 B
946 B 161ms
159ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/home.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "4c25cdee"
Content-Type: image/svg+xml
X-Iinfo: 16-44537185-0 0CNN RT(1675674581387 1100) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=129762, public
Content-Length: 477
Expires: Tue, 07 Feb 2023 21:12:24 GMT

GET
H/1.1 200
OK whatismalware_featuredimg.webp
www.proofpoint.com/sites/default/files/styles/image_1920_400/public/ 39 KB
39 KB 160ms
160ms Image
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/image_1920_400/public/whatismalware_featuredimg.webp?itok=g0diaQMY

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

eee51d0715d2f5efd605e8c6020900a6aa8a1678867cac80e0bd43628f7e1bcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 03 Feb 2021 16:16:48 GMT
X-CDN: Imperva
X-Iinfo: 18-91592777-0 0CNN RT(1675674580297 2212) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1049178, public
Content-Length: 39712
Expires: Sat, 18 Feb 2023 12:36:00 GMT

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ 208 KB
69 KB 252ms
21ms Script
application/x-javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
cf-cache-status: HIT
age: 6560
etag: "142802-33e51-5f217594de500"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 7952bf9d8cac3662-FRA
expires: Mon, 06 Feb 2023 13:09:42 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 115ms
86ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

5aa93e7401f9a3344d1f891eacfb0cf698bf56cc5d7cb2586bfe0d82d1c8c4b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16813
x-xss-protection: 0
server: cafe
etag: 6388606791587927312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 06 Feb 2023 09:09:42 GMT

GET
H/1.1 200
OK js_Po_Mhz2aOZKh8cTfjB-3XB04XoxP00wI3ONJYGswOx0.js Show response
www.proofpoint.com/sites/default/files/js/ 171 KB
59 KB 159ms
159ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Po_Mhz2aOZKh8cTfjB-3XB04XoxP00wI3ONJYGswOx0.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3e8fcc873d9a3992a1f1c4df8c1fb75c1d385e8c4fd34c08dce349606b303b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 01 Feb 2023 00:14:24 GMT
X-CDN: Imperva
Etag: "5e2ce456"
Content-Type: text/javascript
X-Iinfo: 18-91592777-0 0CNN RT(1675674580297 2051) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=767183, public
Content-Length: 59661
Expires: Wed, 15 Feb 2023 06:16:05 GMT

GET
H2 200 geoip2.js Show response
geoip-js.com/js/apis/geoip2/v2.1/ 3 KB
2 KB 41ms
16ms Script
application/javascript 2606:4700::6812:1244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1244 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 02 Feb 2023 19:47:30 GMT
server: cloudflare
age: 1732
etag: W/"63dc1352-da4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=43200
cf-ray: 7952bf9f0eb5383d-FRA
expires: Mon, 06 Feb 2023 21:09:42 GMT

GET
H/1.1 200
OK js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js Show response
www.proofpoint.com/sites/default/files/js/ 9 KB
3 KB 159ms
159ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 03 Jan 2023 23:08:29 GMT
X-CDN: Imperva
Etag: "6e3ea0aa"
Content-Type: text/javascript
X-Iinfo: 18-91592966-0 0CNN RT(1675674581386 1099) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=128746, public
Content-Length: 2188
Expires: Tue, 07 Feb 2023 20:55:28 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 103ms
33ms Script
application/x-javascript 104.64.124.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.124.188 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-124-188.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 728

GET
H/1.1 200
OK js_rsv29SIUErlb_Dpmf8AIKeuDGazx7SL8hoB7SiW866U.js Show response
www.proofpoint.com/sites/default/files/js/ 1 MB
441 KB 160ms
158ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_rsv29SIUErlb_Dpmf8AIKeuDGazx7SL8hoB7SiW866U.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aecbf6f5221412b95bfc3a667fc00829eb8319acf1ed22fc86807b4a25bceba5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 01 Feb 2023 00:14:25 GMT
X-CDN: Imperva
Etag: "03c61f50"
Content-Type: text/javascript
X-Iinfo: 18-91592778-0 0CNN RT(1675674580299 2188) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=767193, public
Content-Length: 451119
Expires: Wed, 15 Feb 2023 06:16:15 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 442 KB
104 KB 64ms
63ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

937a01cb3fdcc15351b7d2a375e177c5d4bce93c3dfc148c2787b70ed4279e00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 106164
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 06 Feb 2023 09:09:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
77 KB 53ms
52ms Script
application/javascript 2a00:1450:400d:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL&l=dataLayer&cx=c

Requested by

Host: www.googleoptimize.com
URL: https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ac26fc0398d551aa08b0c47dc122714f69add40a4b04f02f69efe4822dd428d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79018
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 06 Feb 2023 09:09:42 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 288ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je3210&_p=850797443&_gaz=1&cid=1492665486.1675674582&ul=en-us&sr=1600x1200&uaW=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1675674581&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&dt=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 60ms
17ms Ping
text/plain 2a00:1450:4025:401::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B1V8SZE3GL&cid=1492665486.1675674582&gtm=45je3210&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4025:401::9a Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 55ms
32ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B1V8SZE3GL&cid=1492665486.1675674582&gtm=45je3210&aip=1&z=72261596

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 105ms
44ms Stylesheet
text/css 2a00:1450:400d:80d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ba95ed077caa1b5b8b0938c45e2223e486f179f659a64bcc4d6ea3d240235734

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 06 Feb 2023 09:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 06 Feb 2023 09:09:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 06 Feb 2023 09:09:42 GMT

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK ransomware-bg-img.png
www.proofpoint.com/sites/default/files/nav-promo-images/ 14 KB
14 KB 260ms
164ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/nav-promo-images/ransomware-bg-img.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6907f421de451fd5e7f962c48d39191bd7d86390df35df8b416d3ca0eb558436

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 22 Jan 2022 06:00:50 GMT
X-CDN: Imperva
Etag: "ebf7b974"
Content-Type: image/png
X-Iinfo: 18-91592966-0 0CNN RT(1675674581386 1259) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=128772, public
Content-Length: 13846
Expires: Tue, 07 Feb 2023 20:55:54 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 914ae362937120d900bb5c5d95c70f3957fa2270c308925e4a72ad56446911cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cea918e6af14ac3645e0e33b30cb802820aed3e549defbd618be220c31546625

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK Screen%20Shot%202023-02-01%20at%208.09.59%20AM.png
www.proofpoint.com/sites/default/files/inline-images/ 159 KB
159 KB 161ms
161ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-02-01%20at%208.09.59%20AM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

29cd59aa3bf14290910ab2f5ec1b4ff80185d6eca5b167544d60bf184168b7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 01 Feb 2023 15:10:14 GMT
X-CDN: Imperva
Etag: "270f3463"
Content-Type: image/png
X-Iinfo: 6-4407426-0 0CNN RT(1675674581387 1262) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=799818, public
Content-Length: 162365
Expires: Wed, 15 Feb 2023 15:20:00 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-01-31%20at%206.12.37%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 783 KB
784 KB 162ms
161ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-01-31%20at%206.12.37%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

dd526f2495b939b744a150e0a07435e928817393f7f947987b09b79fedcd653b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 01 Feb 2023 01:15:01 GMT
X-CDN: Imperva
Etag: "0c6f0c61"
Content-Type: image/png
X-Iinfo: 16-44537185-0 0CNN RT(1675674581387 1262) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=799834, public
Content-Length: 802120
Expires: Wed, 15 Feb 2023 15:20:16 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-01-31%20at%206.12.57%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 1 MB
1 MB 159ms
159ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-01-31%20at%206.12.57%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

13f8638e932bd9b91fc68c0baf723fc0dc801548ce4a1ff4ee8251afd82a29a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 01 Feb 2023 01:15:35 GMT
X-CDN: Imperva
Etag: "bc13337d"
Content-Type: image/png
X-Iinfo: 18-91592777-0 0CNN RT(1675674580297 2376) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=799862, public
Content-Length: 1105133
Expires: Wed, 15 Feb 2023 15:20:44 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-01-31%20at%206.13.21%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 1 MB
1 MB 166ms
164ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-01-31%20at%206.13.21%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b3eef75decadc91e863f376b960ade61991801ed72b6003681abc350493482cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:42 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 01 Feb 2023 01:16:14 GMT
X-CDN: Imperva
Etag: "ab825f4b"
Content-Type: image/png
X-Iinfo: 18-91592966-0 0CNN RT(1675674581386 1450) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=800435, public
Content-Length: 1350474
Expires: Wed, 15 Feb 2023 15:30:17 GMT

GET
DATA 200
OK truncated
/ 45 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 32ms
31ms Script
application/x-javascript 104.64.124.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.64.124.188 Prague, Czech Republic, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-64-124-188.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:43 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4677
Expires: Wed, 17 May 2023 09:09:43 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
2 KB 109ms
47ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1675674583005&cv=9&fst=1675674583005&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

81ddc254dc771374be4de8a66290843b57ae545c52f3863d7298f29b6286e9dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1012
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 29ms
7ms Script
text/javascript 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 06 Feb 2023 08:13:15 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 3388
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Mon, 06 Feb 2023 10:13:15 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
1 KB 114ms
80ms Script
text/javascript 2a00:1450:400d:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1675674583034&cv=11&fst=1675674583034&bg=ffffff&guid=ON&async=1&gtm=45He3210&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&auid=417867878.1675674583&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7de12e2dc8f1140baf513360f096e8b25b97a15ddb4ddb46323d2e10bd2a23e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 942
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 52ms
31ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 06 Feb 2023 09:09:43 GMT
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4F0BADFBDEA24B3E9AC60D8DA50ECEB7 Ref B: FRAEDGE1718 Ref C: 2023-02-06T09:09:43Z
etag: "076bc30652fd91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11563

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 35ms
6ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-hhn-etou8220025-HHN

GET
H2 200 hotjar-1456002.js Show response
static.hotjar.com/c/ 8 KB
4 KB 48ms
11ms Script
application/javascript 13.32.27.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.15 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-15.fra56.r.cloudfront.net

Software

Resource Hash

c2b237efcb68e6fc63be94223a1bc1d7c2b2ef122c939dcd09e08cfce9b359e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 06 Feb 2023 09:09:43 GMT
via: 1.1 a23dafbbb9a61c77bda1d66d97f24e2e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 8
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/3ea4515cd3997de63ee0deb4eb7b734c
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: HcAN6_k9RiPZo3_QuIgD6miWZ0crtpEpnb8vEXRw_CPKMrZca1U91Q==

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 51ms
14ms Script
application/x-javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=79343
accept-ranges: bytes
content-length: 4777

GET
H2

200

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

0
336 B

32ms
31ms

Script
application/javascript

54.229.65.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 54.229.65.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-65-185.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 06 Feb 2023 09:09:43 GMT
content-length: 0
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
date: Mon, 06 Feb 2023 09:09:43 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 100
content-type: text/html; charset=utf-8

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 31ms
9ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=359897&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&r=0.9490973465785295
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 737642f3d69953b6bba3641d8b61f4b30dba68f538711d2f57d057c399cd2f8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 1594.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 146ms
113ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: fcea4be8-237a-4e6f-8ef4-0f8dfb2f0189
x-runtime: 0.004116
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7952bfa08920922c-FRA

GET
H2 200 1644.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
418 B 144ms
116ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: bd4e7f15-f15a-4c1d-8a21-ebc3be1c14b1
x-runtime: 0.002221
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7952bfa08922922c-FRA

GET
H2 200 1645.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
419 B 156ms
128ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: d2db8fc2-2b32-46f4-9716-b8a545076cc2
x-runtime: 0.005159
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7952bfa08923922c-FRA

GET
H2 200 1646.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
419 B 122ms
119ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 40c2d38d-3156-4ce1-a268-1a66bc860001
x-runtime: 0.004172
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7952bfa08924922c-FRA

GET
H2 200 1647.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
420 B 121ms
120ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: ea07b87e-92b5-4c94-9f25-b667869c36d4
x-runtime: 0.004038
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7952bfa08926922c-FRA

GET
H2 200 main.rtfl.js Show response
visitor.reactful.com/dist/ 271 KB
105 KB 75ms
21ms Script
application/javascript 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/dist/main.rtfl.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f2ea684e3b845732d5688c534995dded4f2b5639e4b51b23540b00424f2736ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 21:28:49 GMT
content-encoding: gzip
server: Google Frontend
age: 214854
etag: "6u5RTA"
content-type: application/javascript; charset=UTF-8
x-cloud-trace-context: 413a865a813e8de362d51de01a8df76b
cache-control: public,public, max-age=432000
content-length: 106771
expires: Wed, 08 Feb 2023 21:28:49 GMT

GET
H2

200

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

123 B
479 B

32ms
32ms

Script
application/javascript

54.229.65.185
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 54.229.65.185 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-65-185.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: bdc11f3dcb2320159c0adec9109d55267f2b670d0d5ef4fa45d7eccda937b404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 06 Feb 2023 09:09:43 GMT
content-length: 123
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
date: Mon, 06 Feb 2023 09:09:43 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 100
content-type: text/html; charset=utf-8

GET
H2 200 5dfsgn7m2kst.js Show response
js.driftt.com/include/1675674600000/ 212 KB
60 KB 162ms
125ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1675674600000/5dfsgn7m2kst.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c1f22198f612a3b0cb9bb29f17b4d3887c8c5256295c92a027c571721acdf5ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: 3xWqR5DkgEuy6guPZHaBH8EtWU71frWm
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Mon, 06 Feb 2023 09:09:43 GMT
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Thu, 02 Feb 2023 17:47:11 GMT
server: istio-envoy
etag: W/"8ead115aa6b8dd4cf82dbba47b818130"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ok2x3JFxSAhPvJpp4e_ZPjugxE9o3BH_ZcE1FH7T0ry2-M-i8uKNPw==

GET
H/1.1 200
OK 206034.js Show response
secure.chip2gift.com/js/ 16 B
304 B 105ms
25ms Script
text/javascript 51.11.20.152
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.chip2gift.com/js/206034.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e9b3c1ef5622bc620a5c1d364aa9fbec2c9d6230bb5f6ab825825db09dd71f6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Date: Mon, 06 Feb 2023 09:09:43 GMT
Server: Kestrel
Content-Type: text/javascript
Cache-Control: no-store, must-revalidate
Connection: keep-alive
Content-Length: 16
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 24ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 06 Feb 2023 09:09:43 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: H0oKBvjaNgDktX8taxEZz8C37XmIkxvHNkrGv+Z4q0yPHciDlDzEEoZ3uc2daI4a6laSSPn/OT24BYHsEnfTfA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 56ms
21ms Script
text/javascript 2606:4700::6812:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 430
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
cf-ray: 7952bfa19c9f2ba4-FRA
expires: Mon, 06 Feb 2023 09:12:33 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 31 KB
10 KB 40ms
8ms Script
application/javascript 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-176-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

eea93734d5f0032479fa252394415d53cbcd4e7bd6d54764543eaa8b7c9fd10c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 01 Dec 2022 20:20:43 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63890c9b-7ad6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10143
expires: Mon, 06 Feb 2023 09:09:43 GMT

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=8129852076532443161

0
234 B

396ms
369ms

Image
application/json

2600:9000:211e:d400:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=8129852076532443161
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 2600:9000:211e:d400:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
via: 1.1 08b9c2fd11813ffdb8fa03129d0a465c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: kDGMI0MA2mPhigaoSjbPYu-WwdcpzcUC3aIN85Ld3jrXRxhT9v-ZWw==
content-length: 0
apigw-requestid: f6OJximboAMESbQ=

Redirect headers

Date: Mon, 06 Feb 2023 09:09:43 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a8dec291-1501-4f30-9b4e-4155cf6e8e23
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://attr.ml-api.io/?domain=proofpoint.com&pId=8129852076532443161
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

src=8909468;dc_pre=CI7C5qLGgP0CFUMqGAodXBINpA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=763734785
https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CI7C5qLGgP0CFUMqGAodXBINpA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CI7C5qLGgP0CFUMqGAodXBINpA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

42 B
107 B

44ms
43ms

Image
image/gif

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CI7C5qLGgP0CFUMqGAodXBINpA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CI7C5qLGgP0CFUMqGAodXBINpA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 122
track.accountinsight.cloud/track/ 399 B
399 B 210ms
39ms Image
text/javascript 158.255.109.19
NEO-ASN legacy Ne...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.accountinsight.cloud/track/122
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 158.255.109.19 , France, ASN8218 (NEO-ASN legacy Neotelecoms, FR),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Feb 2023 09:09:43 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: no-cache
Access-Control-Allow-Headers: Content-Type
Expires: -1

GET
H/1.1 200
OK /
data.adxcel-ec2.com/pixel/ 43 B
131 B 420ms
105ms Image
image/gif 34.225.204.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=content&content_id=%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pixid=93500acd-fb24-4d4c-b771-2b769752ab62
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.225.204.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-204-170.compute-1.amazonaws.com
Software: /
Resource Hash: 693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H/1.1 200
OK visitWebPage
309-rhv-619.mktoresp.com/webevents/ 2 B
318 B 437ms
93ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1675674583090&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1675674583088-11177&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:43 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: cfe6d103-eb9c-4c46-9623-ca9877fe74d0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 17ms
16ms XHR
text/plain 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=850797443&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&ul=en-us&de=UTF-8&dt=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAEK~&jid=1046513372&gjid=1055870882&cid=1492665486.1675674582&tid=UA-2257074-1&_gid=1435890943.1675674583&_r=1&_slc=1&gtm=45He3210n81MGR7P8X&cd19=1492665486.1675674582&z=1762654928

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
378 B 159ms
124ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=b3fad636-e48c-4d2a-8039-ae84eedd0589&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=2ffedc06-ae58-4cff-83de-64b2ee66764f&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nyk4d&type=javascript&version=2.3.29

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-response-time: 112
date: Mon, 06 Feb 2023 09:09:43 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 9a675f16ea88cbc0
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: ae9eb55b72ae87bbb19bfb8be4bb150475f4b7affb74094b88f5e6c2223c3d1c
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
216 B 165ms
126ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=b3fad636-e48c-4d2a-8039-ae84eedd0589&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=2ffedc06-ae58-4cff-83de-64b2ee66764f&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nyk4d&type=javascript&version=2.3.29

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-response-time: 113
date: Mon, 06 Feb 2023 09:09:43 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 74d3c12b71af570f
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 632bf61fd58bd7cd141e90ce2c371e0fad806c27d93c83f3e15a384ddddac4e8
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
227 B 120ms
119ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=db469980-99a8-407c-9410-a6834559f018&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=2ffedc06-ae58-4cff-83de-64b2ee66764f&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o73l9&type=javascript&version=2.3.29

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-response-time: 107
date: Mon, 06 Feb 2023 09:09:42 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 9231a7699ba656a9
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: ae9eb55b72ae87bbb19bfb8be4bb150475f4b7affb74094b88f5e6c2223c3d1c
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
394 B 141ms
121ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=db469980-99a8-407c-9410-a6834559f018&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=2ffedc06-ae58-4cff-83de-64b2ee66764f&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o73l9&type=javascript&version=2.3.29

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-response-time: 107
date: Mon, 06 Feb 2023 09:09:43 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: b9b2b5cae1e74477
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 632bf61fd58bd7cd141e90ce2c371e0fad806c27d93c83f3e15a384ddddac4e8
content-length: 43

GET
H2 200 modules.bca0d1c28285412bb689.js Show response
script.hotjar.com/ 260 KB
67 KB 43ms
8ms Script
application/javascript 13.32.27.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.bca0d1c28285412bb689.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-54.fra56.r.cloudfront.net

Software

Resource Hash

8a2eec716594a088e751fb0238d964df99bbab6d347cd0ad8f61316ae4caa0b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 03 Feb 2023 13:10:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 a7631312afe99e40229aa0da70662112.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 244777
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 67924
last-modified: Fri, 03 Feb 2023 13:09:45 GMT
etag: "e923aa360dc485b9df86355bd040c998"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: HHlNeblrp8CEwEAjsg58smRaH_aFBl4dQ65bA-3Vl09NJ6yMSOVjRw==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
378 B 24ms
7ms XHR
application/json 2600:9000:206f:6400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 00:08:36 GMT
content-encoding: gzip
via: 1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 32467
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=39565
x-amz-cf-id: PnGpWUwcsrmawgc7pq8PCR6IHPeYFNUWHOzTenEZ8YQpzmDy4T0blA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1675674583125&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-u...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1675674583125%26url%3Dhttps%253A%252F%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1675674583125&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-u...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1675674583125&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-...

0
265 B

125ms
102ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1675674583125&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&liSync=true&e_ipv6=AQLgXMxyadg6xQAAAYYl_QL-soUfWxeV16Q26-aU1gROTpe7kc777KkNCHBOTbVQuqW6KClPXgwX_Ec0tY52oNbIcwQLqQ
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: BAC68D36DF524501B8039DA4DA4997B9 Ref B: FRAEDGE1719 Ref C: 2023-02-06T09:09:43Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0BGRW8tGcVz2+E/TyZw==

Redirect headers

date: Mon, 06 Feb 2023 09:09:43 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F4571FB82A9D49CE8F6DA3800F31EED6 Ref B: FRAEDGE1118 Ref C: 2023-02-06T09:09:43Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1675674583125&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&liSync=true&e_ipv6=AQLgXMxyadg6xQAAAYYl_QL-soUfWxeV16Q26-aU1gROTpe7kc777KkNCHBOTbVQuqW6KClPXgwX_Ec0tY52oNbIcwQLqQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0BGRTlo/Bpg9DKhrlyg==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
377 B 24ms
9ms XHR
application/json 2600:9000:206f:6400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 00:08:36 GMT
content-encoding: gzip
via: 1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 32467
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=39565
x-amz-cf-id: vHYC36IJhtsnceuEKhDamcKvjwhkQTMe7XkHvHORaNsHjsI2oX2xeQ==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
378 B 22ms
8ms XHR
application/json 2600:9000:206f:6400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 00:08:36 GMT
content-encoding: gzip
via: 1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 32467
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=39565
x-amz-cf-id: xJKbRRR87C7s7ABSwzlajMCskcmlGqccytZBZMH2nJX5FYTNxSdsHQ==

GET
H2 204 17087961.js Show response
bat.bing.com/p/action/ 0
116 B 130ms
124ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17087961.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 06 Feb 2023 09:09:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DBEB3AABE0234B96B39318EC82580AA0 Ref B: FRAEDGE1718 Ref C: 2023-02-06T09:09:43Z
x-cache: CONFIG_NOCACHE

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 23ms
17ms XHR
text/plain 2a00:1450:4025:401::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-2257074-1&cid=1492665486.1675674582&jid=1046513372&gjid=1055870882&_gid=1435890943.1675674583&_u=YADAAEAAAAAAACAEK~&z=1081944193

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:401::9a Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 06 Feb 2023 09:09:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
455 B 39ms
18ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1675674583005&cv=9&fst=1675674000000&num=1&guid=ON&eid=375603260%2C466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=1735926541&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
154 B 42ms
38ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1675674583005&cv=9&fst=1675674000000&num=1&guid=ON&eid=375603260%2C466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=1735926541&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
214 B 100ms
98ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=359897&d=proofpoint.com&u=D904FE331ACC4AA1F79DA22D3E5911181&h=aef21c7815de9780ae100453cbc1fad5&t=false&r=0.4154244562847824

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:42 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 136ms
135ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2257074-1&cid=1492665486.1675674582&jid=1046513372&_u=YADAAEAAAAAAACAEK~&z=548157884

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 40ms
40ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2257074-1&cid=1492665486.1675674582&jid=1046513372&_u=YADAAEAAAAAAACAEK~&z=548157884

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
108 B 21ms
20ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1675674583034&cv=11&fst=1675674000000&bg=ffffff&guid=ON&async=1&gtm=45He3210&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=2270900308&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
64 B 23ms
22ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1675674583034&cv=11&fst=1675674000000&bg=ffffff&guid=ON&async=1&gtm=45He3210&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=2270900308&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
visitor.reactful.com/config/879986/ 0
128 B 147ms
147ms XHR
text/javascript 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&hash=&referer=&user_id=&hshkgid=8d00f3c4-ba1f-432f-bd27-f6fbc478cda4&cb_rtfl=_rtfl_jsonp_0
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
Url-Params-Data: e30=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
server: Google Frontend
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.proofpoint.com
x-cloud-trace-context: 6eee56a909ade4ef5b21dd4669e61e14
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length: 0

OPTIONS
H2 200 /
visitor.reactful.com/config/879986/ Frame 0
0 227ms
193ms Preflight
text/javascript 2a00:1450:4001:809::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&hash=&referer=&user_id=&hshkgid=8d00f3c4-ba1f-432f-bd27-f6fbc478cda4&cb_rtfl=_rtfl_jsonp_0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: url-params-data
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
access-control-allow-methods: GET
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache
content-length: 0
content-type: text/javascript
date: Mon, 06 Feb 2023 09:09:43 GMT
expires: Mon, 06 Feb 2023 09:09:43 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
server: Google Frontend
x-cloud-trace-context: 954ea28a555e23164784fbea3fac6ef1

GET
H2 200 143852102935619 Show response
connect.facebook.net/signals/config/ 378 KB
108 KB 52ms
52ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/143852102935619?v=2.9.95&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6a9f4a7fdaed340429c448b9132181f72a59635ec28a42beb2b180b176c006ef

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 06 Feb 2023 09:09:43 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: V6Jczc8PDCAujLDTYaZKM2OgF+OYFZQmyiBWo8KtPXoX7ZTogrbTra+nZh1UY12Eaz8Pt7SdQ6z/IEE2FIsk9g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

1011
jadserve.postrelease.com/suid/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=59&user_group=2&user_id=22d8e09a-1f93-43c3-bc94-833699a62d2a
https://x.bidswitch.net/ul_cb/sync?dsp_id=59&user_group=2&user_id=22d8e09a-1f93-43c3-bc94-833699a62d2a
https://jadserve.postrelease.com/suid/1011?vk=bcd375df-a9f0-4d34-a8be-4ac0a97c1c61

43 B
428 B

114ms
31ms

Image
image/gif

54.76.108.148
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/1011?vk=bcd375df-a9f0-4d34-a8be-4ac0a97c1c61
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 54.76.108.148 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-108-148.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.2 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:43 GMT
server: nginx/1.12.2
content-type: image/gif
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

Redirect headers

location: //jadserve.postrelease.com/suid/1011?vk=bcd375df-a9f0-4d34-a8be-4ac0a97c1c61
date: Mon, 06 Feb 2023 09:09:43 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
484 B 114ms
113ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1675674583312&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1268939
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdum9OkU9-bs6seFZ1Zj1_mIn6VmcHWhyY_lzQGOE6kGfViNepsTsVx55m5ouwqFedqaQTAf1_7-xEx6F_hha53NVQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: X-Goog-Allowed-Resources, Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Mon, 06 Feb 2023 10:09:43 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 130ms
106ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1675674583312&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 06 Feb 2023 09:09:43 GMT
expires: Mon, 06 Feb 2023 09:09:43 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdvprgdOhQs9BvexAU6d280PUQsixpLOOxrvO84EsOCJyWonDZHbs0G8ChlYYiMeWPWxSxHmAzcIEIplnJd0ZJYa7CFeKUgT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 26ms
9ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=143852102935619&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&rl=&if=false&ts=1675674583366&sw=1600&sh=1200&v=2.9.95&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1675674583365.1470234278&it=1675674583283&coo=false&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 06 Feb 2023 09:09:43 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
BLOB 200
OK e319235b-79aa-4017-9f03-db05463818a0
https://www.proofpoint.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.proofpoint.com/e319235b-79aa-4017-9f03-db05463818a0
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
BLOB 200
OK 24d2a6e5-5966-4647-b769-2afa4411a185 Show response
https://www.proofpoint.com/ 0
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.proofpoint.com/24d2a6e5-5966-4647-b769-2afa4411a185
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 7ms
7ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=143852102935619&ev=Microdata&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&rl=&if=false&ts=1675674583954&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Proofpoint%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware%22%2C%22og%3Atitle%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%2C%22og%3Adescription%22%3A%22%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.proofpoint.com%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fmetatag%2Fpublic%2Fwhatismalware_featuredimg.jpg%3Fitok%3DHLwHKEKw%22%2C%22og%3Aimage%3Aurl%22%3A%22https%3A%2F%2Fwww.proofpoint.com%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fmetatag%2Fpublic%2Fwhatismalware_featuredimg.jpg%3Fitok%3DHLwHKEKw%22%2C%22og%3Aimage%3Asecure_url%22%3A%22https%3A%2F%2Fwww.proofpoint.com%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fmetatag%2Fpublic%2Fwhatismalware_featuredimg.jpg%3Fitok%3DHLwHKEKw%22%2C%22article%3Apublished_time%22%3A%222023-01-31T13%3A47%3A53-08%3A00%22%2C%22article%3Amodified_time%22%3A%222023-02-01T07%3A10%3A23-08%3A00%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.95&r=stable&ec=1&o=30&fbp=fb.1.1675674583365.1470234278&it=1675674583283&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 06 Feb 2023 09:09:43 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 me Show response
geoip-js.com/geoip/v2.1/country/ 757 B
957 B 60ms
45ms XHR
application/vnd.maxmind.com-country+json 2606:4700::6812:1244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com

Requested by

Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1244 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5343875add664847054760190ee3c05b8f65851de52991bebdba1a29cfb5d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 7952bfa5ebf33a91-FRA
content-length: 757

GET
H/1.1 200
OK header-email.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 951 B
965 B 160ms
160ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-email.svg?5dd8f7254d23339c87d236dd5ed71ca0=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:17:28 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 16-44537185-0 0CNN RT(1675674581387 2208) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=348466, public
Content-Length: 514
Expires: Fri, 10 Feb 2023 09:57:29 GMT

GET
H/1.1 200
OK header-shield.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 298 B
655 B 161ms
160ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-shield.svg?846ea5f31dbef4de45aaa03516f7b708=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:17:58 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 18-91592778-0 0CNN RT(1675674580299 3296) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=348466, public
Content-Length: 204
Expires: Fri, 10 Feb 2023 09:57:29 GMT

GET
H/1.1 200
OK header-security.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 934 B
885 B 161ms
160ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-security.svg?09afb7a95c693b3a41940d4e34bd70d3=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:43 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:17:58 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 6-4407426-0 0CNN RT(1675674581387 2208) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=348466, public
Content-Length: 436
Expires: Fri, 10 Feb 2023 09:57:29 GMT

GET
H2 200 getForm Show response
app-abj.marketo.com/index.php/form/ 6 KB
2 KB 63ms
62ms Script
application/javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app-abj.marketo.com/index.php/form/getForm?munchkinId=309-RHV-619&form=10895&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&callback=jQuery112406740451760114734_1675674582905&_=1675674582906
Requested by: Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: faab326e699f5c5e1123da40e450eff737d1e4babb824ef83ebacc514fba6ae5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7952bfa60e233662-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 145ms
30ms Script
application/javascript 104.111.216.120
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js?_=1675674583017

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Po_Mhz2aOZKh8cTfjB-3XB04XoxP00wI3ONJYGswOx0.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.216.120 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-216-120.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Mon, 06 Feb 2023 09:09:44 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
x-host: s7.addthis.com
content-length: 116325

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 57 KB
19 KB 43ms
8ms Script
text/javascript 2600:9000:211e:a000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 628d6315130cd4de61ea584cd8dc091a22f3fe455afbf7228b43b99ca44db25e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

X-Amz-Version-Id: NwsfeSQdu7qaTe6tGVib5bHAlZ1WnBa6
Content-Encoding: gzip
Via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
Date: Mon, 06 Feb 2023 08:55:33 GMT
Age: 852
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 01 Feb 2023 14:43:35 GMT
Server: AmazonS3
Etag: W/"3980429e4470aea3a07be4951d0c262b"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Fyqvkl8u7VzkJ-cQkwvxQHJ_baQrCynEyZHG3Rx63_XjpCCph-gf5w==

GET
H2

200

activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthrea... Show response
10487471.fls.doubleclick.net/ Frame 640A
Redirect Chain

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fth...
https://10487471.fls.doubleclick.net/activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fw...

1 KB
936 B

50ms
49ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10487471.fls.doubleclick.net/activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

918ac9ed724198d1a97c2b2f35d73bed4276d70d45a3eb39419377ef286de806

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 597
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 09:09:44 GMT
expires: Mon, 06 Feb 2023 09:09:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 09:09:44 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10487471.fls.doubleclick.net/activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582 Show response
4788165.fls.doubleclick.net/ Frame 9609
Redirect Chain

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582?
https://4788165.fls.doubleclick.net/activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582?

688 B
713 B

50ms
49ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4788165.fls.doubleclick.net/activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

5b2317d255abcd45c5ef83037cf4b054d1224f822ee9ec4db9d564834927f556

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 375
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 09:09:44 GMT
expires: Mon, 06 Feb 2023 09:09:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 06 Feb 2023 09:09:44 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://4788165.fls.doubleclick.net/activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 0
bat.bing.com/action/ 0
285 B 37ms
36ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17087961&tm=gtm002&Ver=2&mid=34ce2b2b-8d56-44bc-ab02-d6b43a330b4e&sid=feebc600a5fd11edacd1eb1991577b24&vid=feebddc0a5fd11edbcf51fbdd71ae848&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&r=&lt=3982&evt=pageLoad&sv=1&rn=422408

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 06 Feb 2023 09:09:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1A14B60EDEEE436F914BA5CB472B52D6 Ref B: FRAEDGE1718 Ref C: 2023-02-06T09:09:44Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK DE.png
www.proofpoint.com/modules/custom/pp_i18n/images/ 3 KB
4 KB 159ms
159ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/modules/custom/pp_i18n/images/DE.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "cc0c264c"
Content-Type: image/png
X-Iinfo: 18-91592777-0 0CNN RT(1675674580297 3377) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=130264, public
Content-Length: 3329
Expires: Tue, 07 Feb 2023 21:20:47 GMT

GET
DATA 200
OK truncated
/ 129 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 box-e031119f9e9e307a08fa610f85dbfb52.html Show response
vars.hotjar.com/ Frame F8D6 2 KB
1 KB 38ms
6ms Document
text/html 143.204.215.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.95 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-95.fra53.r.cloudfront.net

Software

Resource Hash

f92333a45b532bdb5248178674b041b1c35edfd33a55df48192256f0bfe49e4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 244778
cache-control: max-age=31536000
content-encoding: br
content-length: 1034
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:10:06 GMT
etag: "112fdf47cdb80b9ce3d033ed09717460"
last-modified: Fri, 03 Feb 2023 13:09:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b073c20359d711b751afd124dda34076.cloudfront.net (CloudFront)
x-amz-cf-id: 38vKQW11PGz06-Na38KHev5viaqUuFuFAGw9kOsGYqXffZ240rXmyQ==
x-amz-cf-pop: FRA53-C1
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H2 200 forms2.css
app-abj.marketo.com/js/forms2/css/ 13 KB
3 KB 22ms
20ms Stylesheet
text/css 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
age: 5394
etag: "2c115b-3437-5f217594de500"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7952bfa69ecf3662-FRA
content-length: 2623
expires: Mon, 06 Feb 2023 13:09:44 GMT

GET
H2 200 forms2-theme-plain.css
app-abj.marketo.com/js/forms2/css/ 828 B
331 B 22ms
21ms Stylesheet
text/css 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
age: 5394
etag: "1214f0-33c-5f217594de500"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7952bfa69ed13662-FRA
content-length: 246
expires: Mon, 06 Feb 2023 13:09:44 GMT

GET
H2 200 getKnownLead Show response
app-abj.marketo.com/index.php/form/ 49 B
257 B 465ms
465ms Script
application/javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/getKnownLead?form=10895&lpId=&munchkinId=309-RHV-619&filledFields=true&_mkt_trk=id%3A309-RHV-619%26token%3A_mch-proofpoint.com-1675674583088-11177&callback=jQuery112406740451760114734_1675674582905&_=1675674582907

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3939195d41be69e3a9afbf116ad6df3ab2f8bbdb1057078c383ed45d3f2f298

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
server: cloudflare
content-type: application/javascript; charset=utf-8
cf-ray: 7952bfa69ed33662-FRA

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/ 42 B
835 B 12ms
12ms Script
text/javascript 2600:9000:211e:a000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f51a75f2ede4c5e0457f05d60bfa39290b59348a71cdae4cc701236e6f552ad9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

X-Amz-Version-Id: YpLV8gffck5D.rMdZ0xQXtTLU4RzR.kz
Date: Mon, 06 Feb 2023 09:09:44 GMT
Via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
Age: 142
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 42
Last-Modified: Thu, 05 Jan 2023 13:22:33 GMT
Server: AmazonS3
Etag: "2ff5e20519778d0385c77e7f6e12de10"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: EkLw2E1wHtNmojZIABtW00kvnwX7MhY3aHsK7II-44-oMG37CDHl8Q==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

8ms
7ms

Script
application/javascript

2600:9000:211e:a000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 2600:9000:211e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Sun, 05 Feb 2023 10:14:29 GMT
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
Age: 82525
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: eKFW7e4SOj7t9wlyR9BF7R84sUmBRoFu17EggYgBBwfN1dsCjjHdxw==

Redirect headers

Date: Mon, 06 Feb 2023 04:44:34 GMT
Via: 1.1 e6959f77d21557f69683da8f0cd5578a.cloudfront.net (CloudFront)
Age: 15909
X-Amz-Cf-Pop: FRA56-C2
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: TtqS746FIJ0pEeX-Pmd_JdqJkO_X0htVNVq5vTpQWTlKCaB6xPy_aQ==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/ 0
809 B 24ms
9ms Script
text/javascript 2600:9000:211e:a000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

X-Amz-Version-Id: 6aJp.fucXrTOJpbCUd14cYsD7c1feQYH
Date: Mon, 06 Feb 2023 08:46:13 GMT
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
Age: 3067
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Fri, 03 Feb 2023 02:45:31 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: hxD06pkFYRbRbhjndqg6yDX8stQDQrAeS6qyoVKPx-yAQOKIKkbyBA==

GET
H2 200 d7557a63ab8c88be
pixel.sitescout.com/up/ Frame 640A 43 B
267 B 49ms
13ms Image
image/gif 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/d7557a63ab8c88be?url=retargeting&cntr_revenue=&cntr_transactionId=6169373632755&u1=&u2=&u3=&u4=&u5=&cntr_url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Requested by: Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=*;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents...
adservice.google.com/ddm/fls/z/ Frame 640A 42 B
107 B 84ms
44ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=*;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware

Requested by

Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 640A 13 KB
5 KB 16ms
14ms Script
application/x-javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=79342
accept-ranges: bytes
content-length: 4777

GET
H2

200

collect
px4.ads.linkedin.com/ Frame 9609
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQKP897j7wUkpAAAAYYl_QS1Ohut0z-Tcp3rAsh5-Loal9rjBBY4RDBiPefbyyYXZ9hsbTy_FczA86S_759EjXrqShS8Kw

43 B
246 B

105ms
105ms

Image
image/gif

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQKP897j7wUkpAAAAYYl_QS1Ohut0z-Tcp3rAsh5-Loal9rjBBY4RDBiPefbyyYXZ9hsbTy_FczA86S_759EjXrqShS8Kw
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582?
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 250C110ECF4C47C8B81DBD9D346F9FD7 Ref B: FRAEDGE1719 Ref C: 2023-02-06T09:09:44Z
linkedin-action: 1
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
content-type: image/gif
x-li-proto: http/2
content-length: 65
x-li-uuid: AAX0BGRb3qBDiLiML3rA/g==

Redirect headers

date: Mon, 06 Feb 2023 09:09:43 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 7F6B4770007B4BC99159B8DFB4AB4A68 Ref B: FRAEDGE1118 Ref C: 2023-02-06T09:09:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQKP897j7wUkpAAAAYYl_QS1Ohut0z-Tcp3rAsh5-Loal9rjBBY4RDBiPefbyyYXZ9hsbTy_FczA86S_759EjXrqShS8Kw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0BGRaTyMJu++FNq3+OA==

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 9609 43 B
550 B 413ms
42ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1442966&mt_adid=226348&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=&ord=1786326230
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 441 9053ffc master cdg-pixel-x15 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:44 GMT
Server: MT3 441 9053ffc master cdg-pixel-x15 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Mon, 06 Feb 2023 09:09:43 GMT

GET
H2 200 dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582
adservice.google.com/ddm/fls/z/ Frame 9609 42 B
401 B 74ms
43ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582

Requested by

Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CMOM4aLGgP0CFbpEHgIdxOcDyw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=9615176414335.582?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/2782676/domain/10487471.fls.doubleclick.net/ Frame 640A 36 B
377 B 8ms
6ms XHR
application/json 2600:9000:206f:6400:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2782676/domain/10487471.fls.doubleclick.net/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:6400:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://10487471.fls.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 00:56:56 GMT
content-encoding: gzip
via: 1.1 7e513424eee237ee26467e8fd5656ec0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 29568
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=35470
x-amz-cf-id: dZRI11wPyi_TmPH02kxPXO6jvtdOp0oZlC73KK8zoYz9H6F_ooUTlg==

GET
H2

200

collect
px4.ads.linkedin.com/ Frame 640A
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1675674584202&url=https%3A%2F%2Fwww.proofpoint.com%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1675674584202&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQI8ZXBYTrfqpQAAAYYl_QTF187K5MsoeW2CFZgYbCMj7ktAiXP2cr_yxRPT-LyBeR1DtLr...

0
142 B

103ms
102ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1675674584202&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQI8ZXBYTrfqpQAAAYYl_QTF187K5MsoeW2CFZgYbCMj7ktAiXP2cr_yxRPT-LyBeR1DtLr3lPenDn8isFrDWqHnZUUrAw
Requested by: Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=COK94KLGgP0CFRLVGQodyhQDcQ;src=10487471;type=retar0;cat=retar0;ord=6169373632755;gtm=45He3210;auiddc=417867878.1675674583;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:43 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 7B728E2A3FEE4E2588A37373916B7153 Ref B: FRAEDGE1719 Ref C: 2023-02-06T09:09:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0BGRcFlQ1ZZjLro2ilA==

Redirect headers

date: Mon, 06 Feb 2023 09:09:43 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 7182360025A44B37BC9FB884039F9080 Ref B: FRAEDGE1118 Ref C: 2023-02-06T09:09:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1675674584202&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQI8ZXBYTrfqpQAAAYYl_QTF187K5MsoeW2CFZgYbCMj7ktAiXP2cr_yxRPT-LyBeR1DtLr3lPenDn8isFrDWqHnZUUrAw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX0BGRafkzF6Hu6YKZKKQ==

GET
H2 200 7YJ7XZCLMRHSVCXIHB5HIT Show response
d.adroll.com/consent/check/ 462 B
949 B 106ms
32ms Script
application/javascript 2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT?pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&_s=133e3c6713040ceec7f598c310fc4abd&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 310e33ce5ebd0aaa68fac582770b63715a3b5b58e1358adf878f35fa184baf9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: application/javascript
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 462
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 81ms
21ms Script
application/x-javascript 69.192.161.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1675674583017
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.192.161.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-161-152.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=24100
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H/1.1

200
OK

T47Y2VPPABDUBJXFROMZZM.js Show response
s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/
Redirect Chain

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%...
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

4 KB
2 KB

9ms
9ms

Script
text/javascript

2600:9000:211e:a000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 2600:9000:211e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea0a66087c5669d9c516399640336a37d06d722e1ef0ada8047db1869af0de96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

X-Amz-Version-Id: eY2T11Jsv3Zn8_XUkedB..UFmyuYffin
Content-Encoding: gzip
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
Date: Mon, 06 Feb 2023 08:46:14 GMT
Age: 1981
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 14:52:47 GMT
Server: AmazonS3
Etag: W/"7f84d82d1aa6399333730db224ff6e4c"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: LCpdvHKkl_hpJS4SeOdxD5_DAXxKfOOS798vE3BPtHO_hYXVMZN7rQ==

Redirect headers

date: Mon, 06 Feb 2023 09:09:44 GMT
x-segment-display-name: Visitors to Unsegmented Pages
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
x-rule-type: p
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.22.1
x-rule: *
x-segment-eid: T47Y2VPPABDUBJXFROMZZM
location: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: YV5KYXXEJZATZCT37YRTMK
x-segment-name: *
x-advertisable-eid: 7YJ7XZCLMRHSVCXIHB5HIT
x-conversion-currency

GET
H2 200 YV5KYXXEJZATZCT37YRTMK
ipv4.d.adroll.com/px4/7YJ7XZCLMRHSVCXIHB5HIT/ 42 B
519 B 128ms
35ms Image
image/gif 34.240.211.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ipv4.d.adroll.com/px4/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&cookie=&adroll_s_ref=&keyw=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.240.211.162 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-211-162.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 8 KB
3 KB 7ms
7ms Script
application/javascript 2600:9000:211e:a000:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&cookie=&adroll_s_ref=&keyw=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:a000:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e5cf82e4a17e79c80c6f17c3fff873756de944e1301fa01c1d03aba1e359669

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

X-Amz-Version-Id: wG3UJevK_dyyBSOJeVU2_V1xC3jx_aLw
Content-Encoding: gzip
Via: 1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
Date: Sun, 05 Feb 2023 12:26:24 GMT
Age: 74758
X-Amz-Cf-Pop: FRA56-C2
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 21:48:50 GMT
Server: AmazonS3
Etag: W/"9f2aa6ae991d93164d9512029d813cad"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: ZBuPWLb5KxDXYcpzLsXl2Y4my3VDFjeahWr99IvGbHUcsGr_9oor1A==

GET
H3 200 389545881899618 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 75ms
75ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/389545881899618?v=2.9.95&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1b1ab7879aa2fd8b15125ad858143c427b9ae8c805f1f1ddaece7ecb336b34df

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 06 Feb 2023 09:09:44 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: MLjwB/Y66Z1A3FLK+5ecGzeTww9YwxlaiHmqVlBUj6XZnNTO46jAjiTWeSpLTWfOe6y7tIIW4cVfAMJl0TZHkw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents...
https://x.bidswitch.net/sync?dsp_id=44&user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc

43 B
145 B

8ms
8ms

Image
image/gif

52.28.41.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 52.28.41.26 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-41-26.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/sync?dsp_id=44&user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 96
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=Luepr6Uj2-3W1B13fI-4Zw
https://d.adroll.com/cm/g/in

42 B
554 B

31ms
31ms

Image
image/gif

2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
server: nginx/1.22.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://d.adroll.com/cm/g/in
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-docum...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expiration=1707210584
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expiration=1707210584&C=1

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expiration=1707210584&C=1
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Feb 2023 09:09:44 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 06 Feb 2023 09:09:44 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=105&external_user_id=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expiration=1707210584&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 33ms
31ms Image
image/gif 2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.22.1
content-length: 42
vary: Cookie
content-type: image/gif

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expires=365

0
239 B

72ms
10ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expires=365
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&expires=365
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ee7a9afa523dbedd6d41d777c8fb867&gdpr=1&gdpr_consent=

43 B
273 B

40ms
17ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ee7a9afa523dbedd6d41d777c8fb867&gdpr=1&gdpr_consent=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537103138&val=2ee7a9afa523dbedd6d41d777c8fb867&gdpr=1&gdpr_consent=
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 108
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-do...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=

0
0

387ms
96ms

Image
application/json

64.202.112.223
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 64.202.112.223 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 121
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-do...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...

42 B
494 B

81ms
21ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 212
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents...
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
125 B

56ms
10ms

Image
text/plain

18.156.0.31
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Server

18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 169
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-doc...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc

0
90 B

72ms
15ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 13623

Redirect headers

location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-...
https://eb2.3lift.com/xuid?mid=4714&xuid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&dongle=c85e

37 B
140 B

34ms
7ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=4714&xuid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&dongle=c85e
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

location: https://eb2.3lift.com/xuid?mid=4714&xuid=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&dongle=c85e
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 102
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=fbfe290257510cec45afda06fcc94d0c-1675674584314&pv=562011816.9244126&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents...
https://ib.adnxs.com/setuid?entity=172&code=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc

43 B
1 KB

24ms
7ms

Image
image/gif

37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Feb 2023 09:09:44 GMT
AN-X-Request-Uuid: 240bc04b-cbf7-4352-9c5a-b6b12568ef45
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/setuid?entity=172&code=MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc
pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 8ms
8ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=389545881899618&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&rl=&if=false&ts=1675674584484&cd[segment_eid]=T47Y2VPPABDUBJXFROMZZM&sw=1600&sh=1200&v=2.9.95&r=stable&ec=0&o=29&cs_est=true&fbp=fb.1.1675674583365.1470234278&it=1675674583283&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 06 Feb 2023 09:09:44 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 XDFrame Show response
app-abj.marketo.com/index.php/form/ Frame 037B 2 KB
858 B 120ms
120ms Document
text/html 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/XDFrame

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 7952bfa9da483662-FRA
content-encoding: gzip
content-length: 650
content-type: text/html; charset=utf-8
date: Mon, 06 Feb 2023 09:09:44 GMT
server: cloudflare
strict-transport-security: max-age=63113904
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ Frame 037B 208 KB
69 KB 17ms
17ms Script
application/x-javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app-abj.marketo.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
cf-cache-status: HIT
age: 6562
etag: "142802-33e51-5f217594de500"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 7952bfaa9b6d3662-FRA
expires: Mon, 06 Feb 2023 13:09:44 GMT

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 29 B
992 B 52ms
51ms XHR
application/json 37.252.171.84
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.84 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

db19cb09c2f10a72da9475973ba416b345973e81aa3fb1ad906db2cd586d1eb4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 06 Feb 2023 09:09:44 GMT
AN-X-Request-Uuid: 8ad0a1cc-9a23-409e-8163-229548530aab
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.proofpoint.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.64.151.7; 217.64.151.7; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 29
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
204 B 65ms
56ms XHR
text/html 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-176-89.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:44 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
284 B 65ms
14ms XHR
text/html 2a02:26f0:3500:2aa::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:2aa::1c91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a2628f7a0920ea4910575e20b9d35ea6acf06b26cc38a6441cf503f7ffb47d26

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:44 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:20:3c00:1012:103d:d2b6:c8ec
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 36
expires: Mon, 06 Feb 2023 09:09:44 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame EBB0 2 KB
1 KB 111ms
110ms Document
text/html 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1675674600000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f7374d4ad8ceaaa6a35a0cd36fa303a0154e20a9ef85db32bb832f9d43b3ce27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 06 Feb 2023 09:09:44 GMT
etag: W/"789d9907e240b6db9fb8c05f182d898c"
last-modified: Thu, 02 Feb 2023 17:46:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-id: GcWees6dp-CorhzO48QsddbZjfDOtL33IHrMfscGlhn4KMAxNxlfrA==
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: 1BX2KgD7Sb1DxvdgoYFGKuaH2zyxYg4V
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 12

GET
H2 200 chat Show response
js.driftt.com/core/ Frame F8AB 2 KB
1 KB 112ms
111ms Document
text/html 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1675674600000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f7374d4ad8ceaaa6a35a0cd36fa303a0154e20a9ef85db32bb832f9d43b3ce27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 06 Feb 2023 09:09:44 GMT
etag: W/"789d9907e240b6db9fb8c05f182d898c"
last-modified: Thu, 02 Feb 2023 17:46:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-id: ElCHrFpqIdc-qWP02vRb5cE2OzXkLvT3sRFZ7s37ClDNHwHJwWgnlg==
x-amz-cf-pop: FRA53-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: 1BX2KgD7Sb1DxvdgoYFGKuaH2zyxYg4V
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 11

GET
H2 200 692.215647de-1223.js Show response
js-agent.newrelic.com/ 2 KB
1 KB 29ms
7ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/692.215647de-1223.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a757f891e9f4a002a7aecb7fcf4e1d74e3e43cc2dc74c3a1fe3812fe7c9a3545

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: I.n_PBR7fU5g2cmlAwgMlzr4Oik5bP_f
content-encoding: gzip
via: 1.1 varnish
date: Mon, 06 Feb 2023 09:09:44 GMT
x-amz-request-id: JWQRWPTWFQTBVE63
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1087
x-amz-id-2: TFxJY3g2BNvW0+h3snSqRJ78VqyviLqrYjsgDJfga3RpaFjmwAAEntq0mKIg/RdWvFFaggo6uWc=
x-served-by: cache-hhn-etou8220056-HHN
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
server: AmazonS3
x-timer: S1675674585.843325,VS0,VE0
etag: "2a9c8457fef96067bf92a4ec54fb10b8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1022

GET
H2 200 779.215647de-1223.js Show response
js-agent.newrelic.com/ 8 KB
4 KB 29ms
7ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/779.215647de-1223.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 226b38d4dd6197b2d2989ef529f69e83ee3ff816b601033ee5ad3ba07fa76307

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: d0hMUd3mWD9ItciiSIXCSy8OWToOTtsf
content-encoding: gzip
via: 1.1 varnish
date: Mon, 06 Feb 2023 09:09:44 GMT
x-amz-request-id: PJQVE2SANNV0CKB7
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3516
x-amz-id-2: hEapgtqQyNMW5lxoLEUAGZ5YQwX3OOSDRs+S/p1wy5ZURGBDpqS+8PXzdDsoXiaPBO1QrCfmfpg=
x-served-by: cache-hhn-etou8220056-HHN
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
server: AmazonS3
x-timer: S1675674585.843327,VS0,VE0
etag: "1f9dc6167676d6db728e844d20a97ad5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1025

GET
H2 200 823.215647de-1223.js Show response
js-agent.newrelic.com/ 3 KB
2 KB 28ms
6ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/823.215647de-1223.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cf2b7b8c9c5756454079e4eb012128b38f569bcc9d32a5b895df5396ae5052b2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: W2tA0gkaWp6JlPnYeFhc2plzNBl_myPN
content-encoding: gzip
via: 1.1 varnish
date: Mon, 06 Feb 2023 09:09:44 GMT
x-amz-request-id: JWQY2YFAVQP3V4KV
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1365
x-amz-id-2: wgIjfzxQvFKrwT6t3cNQbsXGER1qt6NYKLgJn9wCmyWHg/n78NsBzC63exSAdsvnu0WKYo3tYK0=
x-served-by: cache-hhn-etou8220056-HHN
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
server: AmazonS3
x-timer: S1675674585.843325,VS0,VE0
etag: "ce7762cf4b6665f79c15503dbccd6c68"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1022

GET
H2 200 785.215647de-1223.js Show response
js-agent.newrelic.com/ 5 KB
2 KB 28ms
7ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/785.215647de-1223.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e87e201d3ac066d6522dc7a17d02df52163ae9e47173244f017d23476f9e1eda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: 24gfKeCbKAAA6djjTUpWk6gRfGGq6MlZ
content-encoding: gzip
via: 1.1 varnish
date: Mon, 06 Feb 2023 09:09:44 GMT
x-amz-request-id: JWQSXS3XRYHAWNT1
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2103
x-amz-id-2: mznAU7fdQzGKE5yOd7gdc8UbJAYFJKMjFoXL8t+kNaCVqrrLRGUeF9zPkx2FnGjk0K74DD8fLaM=
x-served-by: cache-hhn-etou8220056-HHN
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
server: AmazonS3
x-timer: S1675674585.843350,VS0,VE0
etag: "85340359c90104ea511047eb2b57ebb5"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1722

GET
H2 200 325.215647de-1223.js Show response
js-agent.newrelic.com/ 1 KB
970 B 30ms
9ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/325.215647de-1223.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b1ffa703af97cbc8af57a71d2ba52caf7f68d6d34b50190aa9b7d0cb53233e9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: TZXfN40R6cv9QsF3fTfxRxppzwQ_LugL
content-encoding: gzip
via: 1.1 varnish
date: Mon, 06 Feb 2023 09:09:44 GMT
x-amz-request-id: JWQRACDTXEQ6CHSR
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 560
x-amz-id-2: QqQ/hEYT9d3WSlxe8kiulGVy83u/+USYX+4qRxlPjhyGBjgMKtfQa8Wpd7nR8x79V8vFmGs5Bxw=
x-served-by: cache-hhn-etou8220056-HHN
last-modified: Fri, 27 Jan 2023 21:42:05 GMT
server: AmazonS3
x-timer: S1675674585.843700,VS0,VE0
etag: "8bfb1318203f2143642fa7f2620e90b9"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1731

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 216ms
196ms Script
application/javascript 104.111.216.120
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=63e0c3d83f83f633&bkl=0&bl=1&pdt=3979&sid=63e0c3d83f83f633&pub=&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.proofpoint.com&fp=us%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=0&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1675674584831&jsl=8193&uvs=63e0c3d87fb41fc6000&skipb=1&callback=addthis.cbs.jsonp__25991548891943530
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1675674583017
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.216.120 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-216-120.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6b22ce383218fba0cf96dcb87ea53886594d11f48b42c0a7f88d887eeb9320ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:45 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame F597 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 803D 71 KB
26 KB 27ms
27ms Document
text/html 104.111.216.120
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1675674583017

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.216.120 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-216-120.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Mon, 06 Feb 2023 09:09:44 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H/1.1 200
OK 0ae22ad83e Show response
bam.nr-data.net/1/ 49 B
528 B 264ms
232ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/0ae22ad83e?a=573869349&v=1223.PROD&to=bgQBYERQXBBWVBFbDldOIldCWF0NGEcEVQRmAgJXXlQ%3D&rst=4820&ck=0&s=1fd8696770d5b125&ref=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&ap=121&be=1748&fe=3036&dc=2184&perf=%7B%22timing%22:%7B%22of%22:1675674580034,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:500,%22c%22:500,%22s%22:657,%22ce%22:818,%22rq%22:818,%22rp%22:1568,%22rpe%22:1726,%22dl%22:1579,%22di%22:3932,%22ds%22:3932,%22de%22:3982,%22dc%22:4771,%22l%22:4783,%22le%22:4802%7D,%22navigation%22:%7B%7D%7D&fp=2856&fcp=3051&at=QkMCFgxKTx4%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/692.215647de-1223.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Lake Oswego, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 06 Feb 2023 09:09:45 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
CF-Ray: 7952bfab8af130f4-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 207ms
199ms Image
image/gif 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=4994f9aa-9038-41d4-8560-2cf6154df87b&session=bb04dc9a-9407-4ca4-8a80-397c1a22f62a&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A43%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=a84871e6-1e2c-4a70-8915-38eec48ca66c&an_uid=8129852076532443161

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-176-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 191ms
191ms Image
image/gif 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=4994f9aa-9038-41d4-8560-2cf6154df87b&session=bb04dc9a-9407-4ca4-8a80-397c1a22f62a&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A20%3A3c00%3A1012%3A103d%3Ad2b6%3Ac8ec%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=a84871e6-1e2c-4a70-8915-38eec48ca66c&an_uid=8129852076532443161

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-176-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 726 B
576 B 41ms
15ms XHR
application/json 18.156.168.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.156.168.138 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-168-138.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9caa51975dc97351ceb4e544fab746be9aee637db3095652a84b8dc68241e6ec

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
Authorization: Token cf897ce61a58c53c1861f742ebebc2622f6b0fcf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:45 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
content-length: 389

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 65ms
10ms Preflight 18.156.168.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.156.168.138 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-168-138.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.proofpoint.com
access-control-max-age: 1800
date: Mon, 06 Feb 2023 09:09:45 GMT
server: nginx

GET
H2 200 runtime~main.ac7930e9.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 6 KB
3 KB 8ms
7ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3609708bba6a09acae69fc95a092dcd998e1ae0f4bbe4a0abe56904db52a2724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 17:46:52 GMT
x-amz-version-id: gZ4iNeidu6mtzfJmtz05qciPWxrK7fSQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 314573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 02 Feb 2023 17:19:21 GMT
server: istio-envoy
etag: W/"c066ff097c75e52735ab581248399374"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zU7jSocQv6IMr4QPXWqP485h-q96Q31KWkehVDQ6KxKHLEmaSGWutg==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 35 KB
13 KB 9ms
8ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n4RxY8DzoyNS_hSx6lvATyHGsJrEjgqmhDHZX5hMIdJAV3DEStdlpg==

GET
H2 200 main~493df0b3.bfaa8bf7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 7 KB
3 KB 10ms
9ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.bfaa8bf7.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

93f03d420b0d30047cbe6183aa29f0975177995357f422e233e70841a5ba221d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: tVIOQ5knB_pnUIzARn2A1QNlFnrQ08ww
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"f380dbfcbb0e3e9e079d70231be1cff3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nJkkmRQSO-zptOTzSKv_C1QR9xodMRpVCoL_c8cyUxDHPMk9xBcqrA==

GET
H2 200 runtime~main.ac7930e9.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 6 KB
3 KB 8ms
7ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3609708bba6a09acae69fc95a092dcd998e1ae0f4bbe4a0abe56904db52a2724

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 17:46:52 GMT
x-amz-version-id: gZ4iNeidu6mtzfJmtz05qciPWxrK7fSQ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 314573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 02 Feb 2023 17:19:21 GMT
server: istio-envoy
etag: W/"c066ff097c75e52735ab581248399374"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: m6S5KHgTh85P6AS6x9ImkcfpFCRdwagWKjdVmXKhROjN4KAxtLeq0g==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 35 KB
13 KB 8ms
8ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qSBD4f3oEhzjxRknsVqCPuZAcVy9PQLqJBx-m1OJe4tDtAfhr4UZ8Q==

GET
H2 200 main~493df0b3.bfaa8bf7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 7 KB
3 KB 9ms
9ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.bfaa8bf7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

93f03d420b0d30047cbe6183aa29f0975177995357f422e233e70841a5ba221d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: tVIOQ5knB_pnUIzARn2A1QNlFnrQ08ww
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"f380dbfcbb0e3e9e079d70231be1cff3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CjIBloMTxgEuhVhNPQ70zQ3RIDITRZYPGGJ9zw5qDQuCJ1uXEyQd-A==

GET
H2 200 52.b1edaf4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 23 KB
8 KB 9ms
6ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: TtzAkuiFg5ajpar.KJembGW97mIyyYtK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"cd29b9bc973e48a7fcd0ee7153bdf03b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6aeqJWCWcL2-9Y4jx1PCvpGthzxnzYgJyTRICWb_xYYmMsJU4vwcBQ==

GET
H2 200 36.b49bf23f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 36 KB
10 KB 15ms
9ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: SWSsVLzyOcOhQhmvR.pbvKyQeo7W0A10
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"4ae92c53ef226eb2a201fc855ccb7835"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Mf8XAu-lbQ7B6A6q2ebwikt4RjmN5IsUhzFXuf7MEM6VxQpdR6JNoA==

GET
H2 200 25.22647a55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 32 KB
11 KB 18ms
11ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.22647a55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 3Dq5XEj76miHFBtzwx_L1gh4_UbdDQYk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"2ce6c446f71a395ff41647c9ba4b9c19"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: p91xyOkvaBdA3zj57gwnzD8Fx1sQJ_HbXmm_jPnrq8q-Ku1WUURhDA==

GET
H2 200 20.2ffef383.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 17 KB
6 KB 19ms
12ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: Sl_LzJMe7m6MkWEK9Fxqk3gRf.6SeAYu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"ec6e94b6cea3a27506634867a8009ded"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MWzKBAQ1eHlEgu0MlnU0ZmoTZasdDmLu1YsO5cIk1ORQmfO7XQyifQ==

GET
H2 200 43.7ac85d58.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 25 KB
8 KB 20ms
14ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/43.7ac85d58.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

63c035e2f43180086b19ec08f35c8deee82b2b804ddfcf92f7f0e6d835957bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: nlt9wYKKCayMlGWQHqpz8g8qDzXbqs5K
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"48be1563378f7c36bdadc0f2eb616856"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XiE9eaDhS8mcSNg0MXdMod1QWho-Vr8103F8aZToKoV_3rKnqJN5nA==

GET
H2 200 22.7161d1f7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 74 KB
23 KB 21ms
15ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.7161d1f7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

0525fa75941bbfc7387fbb49257d925d67da3505235331b5aa27c6be8a72c1b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 5ZSPqOH.m7nwO1FPZhNLZC8oV8HN.hri
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"52c4ba62e758f95005aa326a7c67a335"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3kIfcB0obtp5SMzfnebmJK8Z-BFWyI1PpXD1AXpzMs-s9VH079aprw==

GET
H2 200 27.f44ab9c1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 59 KB
19 KB 24ms
18ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.f44ab9c1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a04ca4a38cfded547daa7993112f5dcc2fbdf13f93b968d676e1313e8d8e98f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: wrgwLo8Ut7GsYvCwhzW617Km3EuBTw6K
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"768714622a8a2db20ece85777ba47642"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Bvfeh1o22oIFBfiIQXC-LpYuM3CuMel00dKBJ_p4GcmHr1Mx9zPQng==

GET
H2 200 15.699b0dc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 91 KB
28 KB 25ms
20ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: jUF4GGgcG34JdLv0MHXRHyWvmwH3OQeO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"43d1442a9d30453da9eaeb12b9daafff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AQx_7DGHCNbnT-CsH1hU21tlGiZjvlt8XtOt5bEqfiuCz08dRlw4YQ==

GET
H2 200 12.d33926cb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 23 KB
7 KB 27ms
22ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: KyS4g55V4uBz7fjaZ0R1pHyOHsEBkZV6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"bdcb035523ec144399213aa65a8430ff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RAWq9kW90Ydxhk_yXkZr2fN2UeielKidXKDV0TzsxaD_Zw71z7_ViQ==

GET
H2 200 19.8e79a39a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 62 KB
20 KB 28ms
23ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: uwUNfVtyHdRKYycXgamRNBkk5aCRrwjq
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"c478a5bb4d7885e2b9250c6beeb4fd6d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9Rkn_NC04JND7DMB-7z7e4MlOP7eXA4VU4vEgay3KKgPMLbJi37Vrw==

GET
H2 200 50.de3b5864.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 105 KB
34 KB 35ms
30ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 1DnDsXjV5U2x4yjXf3GCnDIDPlyIffBu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"114785899ceb423273fcc17aaad202e9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XDiz9qtnnmg-bVukmIyQlj5a88CqNpWYbNVk_Ija3naCtj6PQEVqtw==

GET
H2 200 41.a1867ad4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 12 KB
4 KB 37ms
33ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: X151O2if9SUzZhsBRIHlOqKUakbFDRo_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"299dd262bf32831c99dc78a9c5b5ca43"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MZeKkMVYI0XDJuckANasadbbmIEWWWeZnaMS48KguhBi0PN7X46enA==

GET
H2 200 30.57dfb56c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 13 KB
6 KB 38ms
34ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: PRu.RNHym52TA_hlIcQB1Vv5VUA1vVKS
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"b8addee34a5cd2241740a2e3094039b3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: N3vrxWpydt-VOKv9BTQMnY6Rpj9_OGZLUpiRWXA492pwqMG-o6uK3w==

GET
H2 200 23.80529f14.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 17 KB
7 KB 39ms
35ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.80529f14.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2e916865e5811dc30c297c5d94b30565b68fb05acce5c92851c0c38f3eb2415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: f7GnPSzVZVNA1fDLl2EjAyXSbixH0oiD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"97c3ca9aaa6fb76a1426ad11ca2061f7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7YolBeowMqtDbhqg2HzsoF36cK33WfFqMp55GCRzn_qdwJtyTDJcVw==

GET
H2 200 10.18bfca70.chunk.css
js.driftt.com/core/assets/css/ Frame EBB0 14 KB
3 KB 38ms
36ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/10.18bfca70.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: W.Ed7skdAN0dSG59eVgsVvIsNBx.BMsL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"dd670379de64b0621ee84574f3b8e73d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1-OipAXqxG52qVch3-DcXDtRsYoCs24Z0Zqhfw2OcJ7JctFInZz1JQ==

GET
H2 200 10.4b732e6a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 79 KB
25 KB 40ms
38ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.4b732e6a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1e03d00462477cbfe7c7878fad99a3557ed2f344fb0bbc9088fbe2ddfb3c7fba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: 6IO_iuOmrg_MhTuR.qaW7MVxfukyk3VL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:19 GMT
server: istio-envoy
etag: W/"fc993533bc5bb380c865a5164f1a76c0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8CmqZ1AsMzVycI0OmdxfodQvADQQL00Ef1DyoUlZpo0gwEvKZHwamw==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame EBB0 24 B
696 B 39ms
37ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 20:13:51 GMT
x-amz-version-id: eR0JFDWwyA3gsnd_XajqmmtDUbC85CBL
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA53-C1
age: 910554
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 24
last-modified: Tue, 11 Oct 2022 19:09:27 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: glzvOmONc7SdiIOPeP99p_EFsa_zHr_NieFx4VlDsK9YShsxKyQKRA==

GET
H2 200 17.87ab68ae.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 84 KB
21 KB 42ms
40ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.87ab68ae.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

107d9050613a4124c4636cb54de4492b7b1342eab68693db896a52f4590f6dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: cPiu7YYbRPUjAv2cw_41I39g00KKNZYL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"7224903e471d8c7e76d036a17509bef9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0a46F1yvjG2Y7hrpZ0zft65TwI6uJ7GucQv9y5uuXZ38Ut4J3qqp1g==

GET
H2 200 26.8ad2c789.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 49 KB
13 KB 43ms
41ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.8ad2c789.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

45a52827db382bfd27514536bb4e5bc52cb32ca4c5cc1d2d689697f3b51a5ab8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 17:46:52 GMT
x-amz-version-id: vGS0ZgOIjR2BAgr6fsq7fNINKxSECxxa
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 314573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 02 Feb 2023 17:19:18 GMT
server: istio-envoy
etag: W/"75661712253ed1de462ddd525108c2b7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GojsQ9UpJ3IZ1QNWDtnhTvbQmYqUx-qLrAZ83ACMUuzbkOkt9VOFRg==

GET
H2 200 18.23ab9329.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 39 KB
13 KB 49ms
48ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.23ab9329.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1eb6e26a6de3e52515f6ce3ecf77d55b332251005bbd8d6ec1d528a022acefe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 17:46:52 GMT
x-amz-version-id: 84PxqgWeCTvPhPQAusuUUy1eUfAH93E0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 314573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Thu, 02 Feb 2023 17:19:18 GMT
server: istio-envoy
etag: W/"03eb8461a2d4811082f9963a7c1ead90"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qDAi-CfQheUyeNTxEqJ0USd06ZCP_WD8T6PCHo0ctM_zAaPMR8rHsA==

GET
H2 200 52.b1edaf4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 23 KB
8 KB 32ms
4ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: TtzAkuiFg5ajpar.KJembGW97mIyyYtK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"cd29b9bc973e48a7fcd0ee7153bdf03b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HrlarBcm1d1tvOeBFegJSbW__m5pDtjXgBupovagOhXYU0chUFzXSw==

GET
H2 200 36.b49bf23f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 36 KB
10 KB 33ms
6ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: SWSsVLzyOcOhQhmvR.pbvKyQeo7W0A10
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"4ae92c53ef226eb2a201fc855ccb7835"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nWtYDtuHfo0XCGg7Ca7rVIVeAahVv8zK60eK_6fCtpcUy_0MaGbmmg==

GET
H2 200 25.22647a55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 32 KB
11 KB 35ms
8ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.22647a55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 3Dq5XEj76miHFBtzwx_L1gh4_UbdDQYk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"2ce6c446f71a395ff41647c9ba4b9c19"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gRN7MGQpyfVCBeZlcXBEx4rkItwVn7Zhs89KJceXe-qFb5HCRtjXzw==

GET
H2 200 20.2ffef383.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 17 KB
6 KB 37ms
10ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: Sl_LzJMe7m6MkWEK9Fxqk3gRf.6SeAYu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"ec6e94b6cea3a27506634867a8009ded"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: S5r5iN4l-XeBbwAy8J0erV4XKaVOPIJmxeYeIwNKmQNbTPueLGSyfg==

GET
H2 200 43.7ac85d58.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 25 KB
8 KB 39ms
12ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/43.7ac85d58.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

63c035e2f43180086b19ec08f35c8deee82b2b804ddfcf92f7f0e6d835957bfe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: nlt9wYKKCayMlGWQHqpz8g8qDzXbqs5K
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"48be1563378f7c36bdadc0f2eb616856"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VxaW1Zjmbb19YFji07So-wWNgm_OzbtXGMRFVkEVaOYkOey4klGfRg==

GET
H2 200 22.7161d1f7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 74 KB
23 KB 40ms
13ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.7161d1f7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

0525fa75941bbfc7387fbb49257d925d67da3505235331b5aa27c6be8a72c1b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 5ZSPqOH.m7nwO1FPZhNLZC8oV8HN.hri
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"52c4ba62e758f95005aa326a7c67a335"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Z_OgocnNPdsMKzVtx1GsqWJoe_TV1cRE2Etz-X7rBl1fEUI0CRBawg==

GET
H2 200 27.f44ab9c1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 59 KB
19 KB 41ms
14ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.f44ab9c1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a04ca4a38cfded547daa7993112f5dcc2fbdf13f93b968d676e1313e8d8e98f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: wrgwLo8Ut7GsYvCwhzW617Km3EuBTw6K
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"768714622a8a2db20ece85777ba47642"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ek7Ul7sJ-YxN3hSv1wnKUskBoyBxWsiRt8ETPkcLegODj1sFwsNCoQ==

GET
H2 200 15.699b0dc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 91 KB
28 KB 43ms
17ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: jUF4GGgcG34JdLv0MHXRHyWvmwH3OQeO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"43d1442a9d30453da9eaeb12b9daafff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MCf39ut4xHMzp7TKXjV6NZx9_hQkezA7J6wzMKOOCDioU8Vthev81A==

GET
H2 200 12.d33926cb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 23 KB
7 KB 45ms
19ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: KyS4g55V4uBz7fjaZ0R1pHyOHsEBkZV6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"bdcb035523ec144399213aa65a8430ff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L9ZygiFwfa14R4QyoUQJ0t7TKvlXX4qEY6ibaU1JSFHJgrBhUj3eQg==

GET
H2 200 19.8e79a39a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 62 KB
20 KB 46ms
20ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: uwUNfVtyHdRKYycXgamRNBkk5aCRrwjq
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"c478a5bb4d7885e2b9250c6beeb4fd6d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Th-zmHarFvTHhT5WLj1Iay3a5snSZ64vZTrmI6wTtopPXzze8afcQg==

GET
H2 200 50.de3b5864.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 105 KB
34 KB 47ms
22ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 1DnDsXjV5U2x4yjXf3GCnDIDPlyIffBu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"114785899ceb423273fcc17aaad202e9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VDSo-4BkT1V9g4P-EquO3UyG1qMMKWMLBKeTvRfZ3uTd3JkbKHWk0A==

GET
H2 200 41.a1867ad4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 12 KB
4 KB 50ms
25ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: X151O2if9SUzZhsBRIHlOqKUakbFDRo_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"299dd262bf32831c99dc78a9c5b5ca43"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: immsJ2tedT0NSsukivevAZs0zGNBUKFNsistR_8RSTMZY1DwHKvEzA==

GET
H2 200 30.57dfb56c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 13 KB
6 KB 50ms
26ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: PRu.RNHym52TA_hlIcQB1Vv5VUA1vVKS
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"b8addee34a5cd2241740a2e3094039b3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: s79Jujn6b2pMwawDx0Yh0PTl-vIsJyFt39s4mUNxAsjVi8dP3vHAIw==

GET
H2 200 23.80529f14.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 17 KB
7 KB 52ms
28ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.80529f14.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2e916865e5811dc30c297c5d94b30565b68fb05acce5c92851c0c38f3eb2415

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: f7GnPSzVZVNA1fDLl2EjAyXSbixH0oiD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"97c3ca9aaa6fb76a1426ad11ca2061f7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JtUDiS9uHwXH4ztrjD9fq9p6V3_qbkDrFdzmpgUQ0ycg25czZt903w==

GET
H2 200 10.18bfca70.chunk.css
js.driftt.com/core/assets/css/ Frame F8AB 14 KB
3 KB 26ms
3ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/10.18bfca70.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: W.Ed7skdAN0dSG59eVgsVvIsNBx.BMsL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"dd670379de64b0621ee84574f3b8e73d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Wus7vB9fcJHBLe9ySvheAvBPRlxw3SDCjO7jn7wlfmfnlTgW3PPkGA==

GET
H2 200 10.4b732e6a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 79 KB
25 KB 53ms
30ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.4b732e6a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1e03d00462477cbfe7c7878fad99a3557ed2f344fb0bbc9088fbe2ddfb3c7fba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: 6IO_iuOmrg_MhTuR.qaW7MVxfukyk3VL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:19 GMT
server: istio-envoy
etag: W/"fc993533bc5bb380c865a5164f1a76c0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VLQS8kiHVi5wBG2YDO1_UbPjfi_M1QjdmG2Or6Gk57aKtMnKlTHiiA==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame F8AB 24 B
697 B 26ms
4ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 20:13:51 GMT
x-amz-version-id: eR0JFDWwyA3gsnd_XajqmmtDUbC85CBL
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA53-C1
age: 910554
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 24
last-modified: Tue, 11 Oct 2022 19:09:27 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pd63P76PbCDRZkZdRU0S5bJu1sPQV4YV7gYT6CXSj3FPVeB0qSdFKA==

GET
H2 200 17.87ab68ae.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 84 KB
21 KB 55ms
32ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.87ab68ae.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

107d9050613a4124c4636cb54de4492b7b1342eab68693db896a52f4590f6dc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: cPiu7YYbRPUjAv2cw_41I39g00KKNZYL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834289
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"7224903e471d8c7e76d036a17509bef9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: IUH6HtERDFNJ4du3qanw-VUwU8sVJ8Knb6r4q4k5PtfWYV3fruHdMQ==

GET
H2 200 26.8ad2c789.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 49 KB
13 KB 57ms
34ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.8ad2c789.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

45a52827db382bfd27514536bb4e5bc52cb32ca4c5cc1d2d689697f3b51a5ab8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 17:46:52 GMT
x-amz-version-id: vGS0ZgOIjR2BAgr6fsq7fNINKxSECxxa
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 314573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 02 Feb 2023 17:19:18 GMT
server: istio-envoy
etag: W/"75661712253ed1de462ddd525108c2b7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vNqn9R45Mg9watvXFZayY8RywCwkOfRmkd5QblNVz7irARF5lfe4lQ==

GET
H2 200 18.23ab9329.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 39 KB
13 KB 58ms
35ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.23ab9329.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

1eb6e26a6de3e52515f6ce3ecf77d55b332251005bbd8d6ec1d528a022acefe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 17:46:52 GMT
x-amz-version-id: 84PxqgWeCTvPhPQAusuUUy1eUfAH93E0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 314573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 25
last-modified: Thu, 02 Feb 2023 17:19:18 GMT
server: istio-envoy
etag: W/"03eb8461a2d4811082f9963a7c1ead90"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: clW2dXZxkzHQWjIByT_a9pbzTb8T4CRnIjdFw5Px4FgUM-nA3ZLpiQ==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
7ms Image
image/gif 2001:4860:4802:34::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=850797443&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&ul=en-us&de=UTF-8&dt=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABAAAAACAEK~&jid=&gjid=&cid=1492665486.1675674582&tid=UA-2257074-1&_gid=1435890943.1675674583&gtm=45He3210n81MGR7P8X&cd19=1492665486.1675674582&cd2=&cd3=&cd5=&cd6=&cd10=Giessen&cd11=Hesse&cd12=Germany&cd17=&z=1127304005

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 05 Feb 2023 14:06:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 68617
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 9 KB
3 KB 8ms
7ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 03:20:43 GMT
x-amz-version-id: bxbBo6tiShmSVkJPl3yRp.s0jVilttxU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 798542
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Fri, 27 Jan 2023 17:00:19 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -5_pWJzY2AT-86akh6fDoOPPVePeEjl-F4qBtRYrhn4HCKCSy8LsIg==

GET
H2 200 28.01a0fe87.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 35 KB
10 KB 10ms
8ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.01a0fe87.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: oCx9yWccW.dlty4hHqWiey7h_DwTeEBh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"0ad089f0617a0fa8014a23c2afa90ddd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: F7cKrPWEZPdj2ExCiZwVWUa35EsvHCic9p1PiGd4RTigKy7iPSMK-A==

GET
H2 200 29.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame EBB0 8 KB
2 KB 9ms
7ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/29.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: qzro7282BXz7SnLdWr3hLeI1pZAqJ2A1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oOYz84p3VR_eXXFhWy4q0GoNVNeoA-po04CzW8eA6B9M_Oc9tukd9Q==

GET
H2 200 29.43f0ec90.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 14 KB
6 KB 11ms
9ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.43f0ec90.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8ca0c189d4911ebe4c2a57e80bf61583cbd9af58bb33de61a739ddf49d2d39ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: YttOPnMbgeCzGpP2GWR5vyLPUID5po5b
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"bbca5d42d17f354ba709da59e093f2e7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yvcEr2mV23LxgPArDuy9i8yrIN-GybdCW6PX6kyV7HnpIAgVwoN87g==

GET
H2 200 21.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame EBB0 365 B
1 KB 9ms
9ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/21.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: ObwTjzJ4TT60JlQVwXz0_ax56DSZu27m
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
content-length: 365
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DcCNKLn73B06raylINH2A4NW2PY5Ug7sv7pn-6mfEbGvINFZgWJjLA==

GET
H2 200 21.c23b692e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame EBB0 92 KB
26 KB 11ms
10ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.c23b692e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b827a1026b75dea08dd707dc362c5b3758c05b39270abe0d9d36dc540f4afe49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=e6f52986-e044-4154-872c-fbd320a7a909&sessionStarted=1675674584.809&campaignRefreshToken=c6d81b96-7474-4524-a186-52cdfde9467c&hideController=false&pageLoadStartTime=1675674581760&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 15:28:31 GMT
x-amz-version-id: XqjOCH3NjgjAB.zZCKjlzE2bMkfOpM8A
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 322874
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 02 Feb 2023 14:58:17 GMT
server: istio-envoy
etag: W/"dc64e7379eb05c9d8db26b3fa8001306"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 4S3g30IJjBOgB2q3x0pXyo3CHrYNTmlIZ4GiVY9WyOsT0a8HUbbfaQ==

GET
H2 200 38.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame F8AB 3 KB
1 KB 8ms
7ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/38.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: hzHYKpyiaZmITNnBC_LqpsxusmNF7FFl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bRbKBKuxfmB0YUUmZiuqpprse3xxaAKyLoyb9ppurIUWAh9v4MQe5w==

GET
H2 200 38.627f88e6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 3 KB
2 KB 9ms
8ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/38.627f88e6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

43580e037fc59487c315cc0a33e1167f17c8430dd41aa375e21f4d6d325e8f28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: VrL4qVVdcSDrKVxDzMDZ1ibCwb1LgkQ.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"d03d4e13d59e06f8ec44e39d9d85fa54"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ZqWU3Xws2OLCoAard6zcq1slXGUH7FWmgr9gV1YmR__4EJm9Cz5IpA==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 9 KB
3 KB 10ms
8ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 03:20:43 GMT
x-amz-version-id: bxbBo6tiShmSVkJPl3yRp.s0jVilttxU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 798542
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Fri, 27 Jan 2023 17:00:19 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9FF6Wxq4Au6JAR9NKCda6_IV0jGxlCL0CFgk3E6UYba_fSreitQ7aA==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame F8AB 7 KB
2 KB 9ms
7ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 05 Jan 2023 03:03:55 GMT
x-amz-version-id: cLzhtaoyHBY3wArkFjIQo58tr5JO.o0k
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 2786750
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 47
last-modified: Thu, 29 Dec 2022 16:49:54 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Dia8_vmXWw7zDRSy35CpuQaqksVO-kjhYbN3rOQkiuw6KT67zbEpfw==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 54 KB
15 KB 11ms
9ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 02:22:28 GMT
x-amz-version-id: XjyDJs7tJQ_66vN6EdQbFkXQ4j4BABRH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 1925237
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Wed, 11 Jan 2023 18:48:21 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: akOBTl9bt21B9bAZ0mLlsDj0bsq7ee96a3JKrPppoA2zdPyhvL4fCw==

GET
H2 200 1.5b69d480.chunk.css
js.driftt.com/core/assets/css/ Frame F8AB 44 KB
7 KB 12ms
10ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.5b69d480.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

504ff3efe64294cb4fd8b982dadb288136e511a05d4b068356c371dc6057865f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 15:28:31 GMT
x-amz-version-id: yFEFrbt3Vox_ceR8jg0L9VJqKO7sanHh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 322874
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 47
last-modified: Thu, 02 Feb 2023 14:58:15 GMT
server: istio-envoy
etag: W/"3237f71ac06bcb0447f60fe4b1d5948e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8Ox44E0JKqtE-rngPgG6-AqLovpFRqB-dlW7uUaEAD14iTUCxEjlRg==

GET
H2 200 1.265b75ef.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 53 KB
18 KB 13ms
12ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.265b75ef.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

87db80c1251e057889cee3b35187e79d7365d3d9b54214fd1c5c06a8386cc48e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 17:46:52 GMT
x-amz-version-id: 8do_y6BUzEDK4wKLC1KX_I84gLfTQ19C
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 314573
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 02 Feb 2023 17:19:17 GMT
server: istio-envoy
etag: W/"c249e8ef1d80c855b65eb6946146dcdf"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dmh6NkZEYlFu_0pJu6D-1D4RLPvMHhuLwQcRk73P935Cp6FCVG2TNw==

GET
H2 200 4.aabe6f97.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 23 KB
10 KB 14ms
13ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.aabe6f97.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

07aa00aa3aa0d7f661d70680b81bb38d1af1160d7b8d391b1812a51070620535

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: Fche0x0i51jw_419Uc2.RDHKx4no9Px_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"9e6f90256eeae9f2d8530b147e4694e7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: R3p9Qz8YOQ3-mPFUl61ZJmTkcMyvQpCuULt8QM8T2iKt-erPkgrWkA==

GET
H2 200 35.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame F8AB 14 KB
3 KB 12ms
11ms Stylesheet
text/css 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/35.a3318c5e.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: zduXhdkhoojuHNWfrJL3OG7UtCFvJe6h
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"b06e02b360914b25e58305b1b9b954dc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 31M8n-yVjx4goyNEw9tQgNblVvFoerLvQ6dV7hWMlhdf9L6bTPpY-Q==

GET
H2 200 35.2db13da8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame F8AB 12 KB
5 KB 15ms
14ms Script
application/javascript 143.204.215.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.2db13da8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.ac7930e9.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-12.fra53.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7e05c4fabf6d02fa4c14937ca467cc7d4ebbb02f295e3cff6ba999e6369fc663

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1675674581760
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: cZsJMbphr0g_Rs503LmupKJPT7bBS_rp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 834288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"b335cb429753b2c3dabe45686f46aee9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 688nsGaPIrUdnXQt5me85d9L-XyyHUZKthmzeXPV05vgOHxO04nTGA==

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame EBB0 177 B
274 B 104ms
104ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

fa8c32e4cf3d3e6a515ed02bcb7c24c87a1371ff8b888ca12332e4da8e4c5e65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 06 Feb 2023 09:09:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: a68c935d1f1026e0
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 177

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 329ms
105ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 06 Feb 2023 09:09:45 GMT
requestid: drift3d4b143494aacf0ce495cd6e4f5
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

GET
H2 401 ip.json Show response
api.company-target.com/api/v2/ 12 B
514 B 65ms
38ms Fetch
text/plain 143.204.215.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v2/ip.json?key=79a80d0e3f65c8809c2d2c9dda90c2b5&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&page_title=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&referrer=

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1675674600000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-77.fra53.r.cloudfront.net

Software

nginx /

Resource Hash

d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:45 GMT
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
www-authenticate: DemandBase API v2
x-content-type-options: nosniff
x-amz-cf-pop: FRA53-C1
x-cache: Error from cloudfront
request-id: bf1cd781-01dd-4a05-8f96-a538163fae6b
content-length: 12
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://www.proofpoint.com
access-control-expose-headers
vary: Origin
access-control-allow-credentials: true
x-amz-cf-id: BsWNAwV-o34QOQGwqkqw5XYY7_Zz91nrQ-pkRjbMunJy6BopzK0Cdw==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 185ms
184ms Image
image/gif 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=4994f9aa-9038-41d4-8560-2cf6154df87b&session=bb04dc9a-9407-4ca4-8a80-397c1a22f62a&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A43%20GMT%22%2C%22timeSpent%22%3A%222493%22%2C%22totalTimeSpent%22%3A%222493%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=a84871e6-1e2c-4a70-8915-38eec48ca66c&an_uid=8129852076532443161

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-176-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:45 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 218ms
218ms Image
image/gif 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=4994f9aa-9038-41d4-8560-2cf6154df87b&session=bb04dc9a-9407-4ca4-8a80-397c1a22f62a&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A45%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223494%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=a84871e6-1e2c-4a70-8915-38eec48ca66c&an_uid=8129852076532443161

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-176-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:47 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 16ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je3210&_p=850797443&cid=1492665486.1675674582&ul=en-us&sr=1600x1200&uaW=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1675674581&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&dt=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 06 Feb 2023 09:09:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 190ms
190ms Image
image/gif 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=4994f9aa-9038-41d4-8560-2cf6154df87b&session=bb04dc9a-9407-4ca4-8a80-397c1a22f62a&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A46%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224495%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=a84871e6-1e2c-4a70-8915-38eec48ca66c&an_uid=8129852076532443161

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-176-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:47 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame EBB0 25 B
89 B 116ms
116ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 06 Feb 2023 09:09:48 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 343153095766379b
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 209ms
103ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 06 Feb 2023 09:09:48 GMT
requestid: driftb1cd1214132876c8abd7d1b0497
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 190ms
190ms Image
image/gif 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=4994f9aa-9038-41d4-8560-2cf6154df87b&session=bb04dc9a-9407-4ca4-8a80-397c1a22f62a&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225496%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=a84871e6-1e2c-4a70-8915-38eec48ca66c&an_uid=8129852076532443161

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-176-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:48 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 187ms
187ms Image
image/gif 95.101.176.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=4994f9aa-9038-41d4-8560-2cf6154df87b&session=bb04dc9a-9407-4ca4-8a80-397c1a22f62a&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2006%20Feb%202023%2009%3A09%3A48%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226497%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=a84871e6-1e2c-4a70-8915-38eec48ca66c&an_uid=8129852076532443161

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.176.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-176-89.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 06 Feb 2023 09:09:49 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

217 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

64 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.proofpoint.com/us/blog/threat-insight	1969-12-31 23:59:59	Name: hide_lang_switcher Value: 1
www.proofpoint.com/us/blog/threat-insight	1969-12-31 23:59:59	Name: pp_user_country Value: de
.proofpoint.com/	1970-01-20 18:12:40	Name: visid_incap_177663 Value: NVH93N6fSqS5KUsXPk8NJtTD4GMAAAAAQUIPAAAAAABmF9IfsZIXCQ3zKbX+ZM8h
.proofpoint.com/	1969-12-31 23:59:59	Name: incap_ses_6553_177663 Value: cAl+ZuOH3GMIITfQ8e7wWtXD4GMAAAAATsH+xbu8IRVZLZtcKQNv7g==
.app-abj.marketo.com/	1970-01-20 09:27:56	Name: __cf_bm Value: VWn3AB5igiIA5hfgO6IWt6xqsqN1QVAUThLuMqZoL3M-1675674582-0-AWxQbQuF5d/6opZKrZtNoXFIWjwe9RGAkY3Ifhnrh7ldwn3dECQ/OA6hoWseCTU49nyxDVL3deeJ3RuETgZz0G4=
.proofpoint.com/	1970-01-20 11:37:30	Name: _gcl_au Value: 1.1.417867878.1675674583
.proofpoint.com/	1970-01-20 19:03:54	Name: _ga_B1V8SZE3GL Value: GS1.1.1675674581.1.1.1675674583.58.0.0
.proofpoint.com/	1970-01-20 19:03:54	Name: _mkto_trk Value: id:309-RHV-619&token:_mch-proofpoint.com-1675674583088-11177
.proofpoint.com/	1970-01-20 19:03:54	Name: _ga Value: GA1.2.1492665486.1675674582
.proofpoint.com/	1970-01-20 09:29:20	Name: _gid Value: GA1.2.1435890943.1675674583
.proofpoint.com/	1970-01-20 09:27:54	Name: _gat_UA-2257074-1 Value: 1
.proofpoint.com/	1970-01-20 18:14:56	Name: _vwo_uuid_v2 Value: D904FE331ACC4AA1F79DA22D3E5911181\|aef21c7815de9780ae100453cbc1fad5
www.proofpoint.com/	1970-01-20 09:29:20	Name: ln_or Value: eyIxNjkyNTAsMzk1NTkzNywzOTc2MjEyIjoiZCJ9
ads.avct.cloud/	1970-01-20 18:13:30	Name: uuid Value: 22d8e09a-1f93-43c3-bc94-833699a62d2a
tracking.g2crowd.com/	1970-01-20 09:48:04	Name: _session_id Value: e64b6e8a602565ac552daa8a330daed6
.g2crowd.com/	1970-01-20 09:27:56	Name: __cf_bm Value: ARyhtC96VVHhlR_uC_1oZOgi7JMSPupVlQ6RCL4js9E-1675674583-0-AVJyO8X9cU/Ge5d+3rgGJ0mjGrTuBSc1uKoiRrfJpgQwfxjQtP500jjWYm6GSn4WFzKituf+cSaoq/t254ohh9Q=
.www.proofpoint.com/	1970-01-20 19:03:54	Name: _rtfl_s_handshake_guid Value: 8d00f3c4-ba1f-432f-bd27-f6fbc478cda4
.techtarget.com/	1970-01-20 09:27:56	Name: __cf_bm Value: e8BcDBIyT_rIt0rwNVQaAnFgHkPowCvUjH6_vZMbErA-1675674583-0-AazrCSaImuyCTU+Z7mPwNkG0qa3H805I04Zom18lkX0oPEfuc0MWxjC4WZaJfzspvTPAdntIsrEhhUDYdttt/z8=
.proofpoint.com/	1970-01-20 11:37:30	Name: _fbp Value: fb.1.1675674583365.1470234278
.t.co/	1970-01-20 19:03:54	Name: muc_ads Value: 30ff3521-c908-49ff-bf7c-cfc47a6898d7
.twitter.com/	1970-01-20 19:03:54	Name: personalization_id Value: "v1_G3kdGwS//ITLTS/GJw5dDQ=="
.bidswitch.net/	1970-01-20 18:13:30	Name: tuuid Value: bcd375df-a9f0-4d34-a8be-4ac0a97c1c61
.bidswitch.net/	1970-01-20 18:13:30	Name: c Value: 1675674583
.bidswitch.net/	1970-01-20 18:13:30	Name: tuuid_lu Value: 1675674583
.linkedin.com/	1970-01-20 10:11:06	Name: UserMatchHistory Value: AQIWW7qTe5XJDQAAAYYl_QIoHQ3fTNDCNSSADcPnj3WWAuFxVJGYMY0iX1-nDZHxOBKnidQCO_ZaYg
.linkedin.com/	1970-01-20 10:11:06	Name: AnalyticsSyncHistory Value: AQJ-jBkPhwu1NAAAAYYl_QIo0OF4FA2I42o20bJybQPmaHyHlsLjOOK3MH0pzybepfbpLzzFY3O0Ogj0eHtbCw
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 18:13:30	Name: bcookie Value: "v=2&60c1df16-3b86-40c8-8c0f-3e7599d7a354"
.linkedin.com/	1970-01-20 09:29:20	Name: lidc Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2481:u=1:x=1:i=1675674583:t=1675760983:v=2:sig=AQFgRYwl7z10Cu6jjThE2Nomf0adDqSX"
.adnxs.com/	1970-01-20 11:37:30	Name: uuid2 Value: 8129852076532443161
.postrelease.com/	1970-01-20 18:13:30	Name: opt_out Value: 1
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 18:13:30	Name: bscookie Value: "v=1&202302060909434407222c-184d-44f1-82a3-2e642b34be02AQFlqOSTBsextlbGck_z9donLBKWtdsc"
.linkedin.com/	1970-01-20 13:47:06	Name: li_gc Value: MTswOzE2NzU2NzQ1ODM7MjswMjGpwH24LPn7V5oFhsAHjUWGEfP9mNYKBmVttwd+2FIPIQ==
.proofpoint.com/	1970-01-20 09:29:20	Name: _uetsid Value: feebc600a5fd11edacd1eb1991577b24
.proofpoint.com/	1970-01-20 18:49:30	Name: _uetvid Value: feebddc0a5fd11edbcf51fbdd71ae848
gwmtracking.com/	1970-01-20 19:03:54	Name: kwsu Value: 63e0c3d8c37c5e764853b9e8
.bing.com/	1970-01-20 18:49:30	Name: MUID Value: 112E875BB042605B1D2D95EBB14261FA
.proofpoint.com/	1970-01-20 18:13:30	Name: _hjSessionUser_1456002 Value: eyJpZCI6IjIwYjMxNGQ3LWFlZTItNTE1OS05M2M3LTRhNTU2YWRjMmI3NCIsImNyZWF0ZWQiOjE2NzU2NzQ1ODM1OTUsImV4aXN0aW5nIjpmYWxzZX0=
.proofpoint.com/	1970-01-20 09:27:56	Name: _hjFirstSeen Value: 1
www.proofpoint.com/	1970-01-20 09:27:54	Name: _hjIncludedInSessionSample Value: 0
.proofpoint.com/	1970-01-20 09:27:56	Name: _hjSession_1456002 Value: eyJpZCI6ImQ1ZTNkNTMyLTAwYTAtNGRhZC04MGIwLTVmOTI1MDEwMGNkOCIsImNyZWF0ZWQiOjE2NzU2NzQ1ODQxMzgsImluU2FtcGxlIjpmYWxzZX0=
.proofpoint.com/	1970-01-20 09:27:56	Name: _hjAbsoluteSessionInProgress Value: 0
.doubleclick.net/	1970-01-20 18:49:30	Name: IDE Value: AHWqTUlGm5DnZfd_78JbJdMCkHi8Ih1N_f_HXm6uS60Mzi26Hn5ZREJrv7rBv1mRwDw
.www.proofpoint.com/	1970-01-20 18:13:52	Name: __adroll_fpc Value: fbfe290257510cec45afda06fcc94d0c-1675674584314
.www.proofpoint.com/	1970-01-20 18:13:30	Name: __ar_v4 Value: %7C7YJ7XZCLMRHSVCXIHB5HIT%3A20230208%3A1%7CYV5KYXXEJZATZCT37YRTMK%3A20230208%3A1%7CT47Y2VPPABDUBJXFROMZZM%3A20230208%3A1
.adnxs.com/	1970-01-20 11:37:30	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2GU^cQT)V!1yIE`c.t(d)IY:Z@xepUO+[AG+Vx5U2RTAAZc(iTs[:$FKFTDA>x^]H!^kvGH+tzG$^NI2='EyKx:b$9RFMZ9T5_m!x$<N+LLm@
.casalemedia.com/	1970-01-20 18:13:30	Name: CMID Value: Y.DD2DlDJ8V21BzYULra.wAA
.casalemedia.com/	1970-01-20 11:37:30	Name: CMPS Value: 5228
.casalemedia.com/	1970-01-20 11:37:30	Name: CMPRO Value: 5228
.d.adroll.com/	1970-01-20 18:56:42	Name: __adroll Value: 2ee7a9afa523dbedd6d41d777c8fb867-g_1675674584-a_1675674584
.adroll.com/	1970-01-20 18:56:42	Name: __adroll_shared Value: 2ee7a9afa523dbedd6d41d777c8fb867-g_1675674584-a_1675674584
.pubmatic.com/	1970-01-20 11:37:30	Name: KRTBCOOKIE_10 Value: 22808-MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc&KRTB&22883-MmVlN2E5YWZhNTIzZGJlZGQ2ZDQxZDc3N2M4ZmI4Njc
.pubmatic.com/	1970-01-20 10:11:06	Name: PugT Value: 1675674584
.mathtag.com/	1970-01-20 18:53:49	Name: uuid Value: df3c63e0-c3d8-4900-901f-dc263b10cba5
www.proofpoint.com/	1970-01-20 09:27:56	Name: drift_campaign_refresh Value: c6d81b96-7474-4524-a186-52cdfde9467c
www.proofpoint.com/	1970-01-20 18:55:16	Name: __atuvc Value: 1%7C6
www.proofpoint.com/	1970-01-20 09:27:56	Name: __atuvs Value: 63e0c3d87fb41fc6000
www.proofpoint.com/	1970-01-20 09:37:59	Name: _an_uid Value: 8129852076532443161
www.proofpoint.com/	1970-01-20 19:03:54	Name: _gd_visitor Value: 4994f9aa-9038-41d4-8560-2cf6154df87b
www.proofpoint.com/	1970-01-20 09:28:08	Name: _gd_session Value: bb04dc9a-9407-4ca4-8a80-397c1a22f62a
.addthis.com/	1970-01-20 18:55:16	Name: uvc Value: 1%7C6
.6sc.co/	1970-01-20 19:03:54	Name: 6suuid Value: 51d77a5c860d0000d9c3e06347000000e9821900
.addthis.com/	1970-01-20 18:55:16	Name: loc Value: MDAwMDBFVURFU0wyMjkyMTg2MTAwMzAwMDBDSA==

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
javascript	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware(Line 1538) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware(Line 1538) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://api.company-target.com/api/v2/ip.json?key=79a80d0e3f65c8809c2d2c9dda90c2b5&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&page_title=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&referrer= Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10487471.fls.doubleclick.net
309-rhv-619.mktoresp.com
4788165.fls.doubleclick.net
ad.doubleclick.net
ads.avct.cloud
ads.avocet.io
adservice.google.com
analytics.twitter.com
api.company-target.com
app-abj.marketo.com
attr.ml-api.io
b.6sc.co
bam.nr-data.net
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
cdn.linkedin.oribi.io
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
data.adxcel-ec2.com
dev.visualwebsiteoptimizer.com
dsum-sec.casalemedia.com
eb2.3lift.com
epsilon.6sense.com
fonts.googleapis.com
geoip-js.com
googleads.g.doubleclick.net
gwmtracking.com
ib.adnxs.com
ibc-flow.techtarget.com
image2.pubmatic.com
ipv4.d.adroll.com
ipv6.6sc.co
j.6sc.co
jadserve.postrelease.com
js-agent.newrelic.com
js.driftt.com
m.addthis.com
metrics.api.drift.com
munchkin.marketo.net
pixel.mathtag.com
pixel.rubiconproject.com
pixel.sitescout.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
s.ml-attr.com
s7.addthis.com
script.hotjar.com
secure.adnxs.com
secure.chip2gift.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.co
track.accountinsight.cloud
tracking.g2crowd.com
trk.techtarget.com
ups.analytics.yahoo.com
us-u.openx.net
vars.hotjar.com
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
www.proofpoint.com
x.bidswitch.net
z.moatads.com
s7.addthis.com
104.111.216.120
104.16.96.80
104.244.42.3
104.244.42.5
104.64.124.188
13.107.42.14
13.32.27.15
13.32.27.54
141.226.228.48
142.250.180.198
142.250.181.226
142.250.184.194
142.250.185.102
143.204.215.12
143.204.215.77
143.204.215.95
146.75.120.157
151.101.194.137
158.255.109.19
162.247.241.14
18.156.0.31
18.156.168.138
185.64.190.80
185.80.39.216
192.28.144.124
2.18.233.201
2001:4860:4802:32::36
2001:4860:4802:34::178
216.200.122.11
2600:9000:206f:6400:2:53b2:240:93a1
2600:9000:211e:a000:6:9280:1080:93a1
2600:9000:211e:d400:12:3734:2a40:93a1
2606:4700::6812:1244
2606:4700::6812:1e49
2606:4700::6812:c9f
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:806::2003
2a00:1450:4001:809::2004
2a00:1450:4001:809::2013
2a00:1450:4001:829::2002
2a00:1450:400d:806::2008
2a00:1450:400d:80a::200e
2a00:1450:400d:80d::200a
2a00:1450:400d:80e::2002
2a00:1450:4025:401::9a
2a02:26f0:3500:16::215:14a0
2a02:26f0:3500:2aa::1c91
2a02:e980:107::cf
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d018:cc3:fe04:e2c0:2f19:6496:9fa8
34.111.208.231
34.193.113.164
34.225.204.170
34.240.211.162
34.96.102.137
35.244.159.8
37.252.171.84
37.252.173.215
51.11.20.152
52.28.41.26
54.229.65.185
54.76.108.148
64.202.112.223
68.67.153.60
69.173.144.139
69.192.161.152
76.223.111.18
95.101.176.89
98.98.134.241
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0525fa75941bbfc7387fbb49257d925d67da3505235331b5aa27c6be8a72c1b8
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
07aa00aa3aa0d7f661d70680b81bb38d1af1160d7b8d391b1812a51070620535
084390577243b6986d5564d152916a37a3124305e11b2817d0c2eabc863e081b
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
0e5cf82e4a17e79c80c6f17c3fff873756de944e1301fa01c1d03aba1e359669
107d9050613a4124c4636cb54de4492b7b1342eab68693db896a52f4590f6dc6
13f8638e932bd9b91fc68c0baf723fc0dc801548ce4a1ff4ee8251afd82a29a2
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
1b1ab7879aa2fd8b15125ad858143c427b9ae8c805f1f1ddaece7ecb336b34df
1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f
1e03d00462477cbfe7c7878fad99a3557ed2f344fb0bbc9088fbe2ddfb3c7fba
1eb6e26a6de3e52515f6ce3ecf77d55b332251005bbd8d6ec1d528a022acefe0
1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70
226b38d4dd6197b2d2989ef529f69e83ee3ff816b601033ee5ad3ba07fa76307
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6
29cd59aa3bf14290910ab2f5ec1b4ff80185d6eca5b167544d60bf184168b7ab
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
310e33ce5ebd0aaa68fac582770b63715a3b5b58e1358adf878f35fa184baf9e
32dffddd1bfd33d7568ee8501d3a7dc111f7b8177bd78b41fa668328f0ed8dbf
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
3609708bba6a09acae69fc95a092dcd998e1ae0f4bbe4a0abe56904db52a2724
38a674c1fcaa31a7e02046bda9fbc303302a9c1735ef872094ec2cdc702da640
3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3e8fcc873d9a3992a1f1c4df8c1fb75c1d385e8c4fd34c08dce349606b303b1d
43580e037fc59487c315cc0a33e1167f17c8430dd41aa375e21f4d6d325e8f28
45a52827db382bfd27514536bb4e5bc52cb32ca4c5cc1d2d689697f3b51a5ab8
4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
504ff3efe64294cb4fd8b982dadb288136e511a05d4b068356c371dc6057865f
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5aa93e7401f9a3344d1f891eacfb0cf698bf56cc5d7cb2586bfe0d82d1c8c4b0
5b2317d255abcd45c5ef83037cf4b054d1224f822ee9ec4db9d564834927f556
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
628d6315130cd4de61ea584cd8dc091a22f3fe455afbf7228b43b99ca44db25e
63c035e2f43180086b19ec08f35c8deee82b2b804ddfcf92f7f0e6d835957bfe
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
6907f421de451fd5e7f962c48d39191bd7d86390df35df8b416d3ca0eb558436
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75
6a9f4a7fdaed340429c448b9132181f72a59635ec28a42beb2b180b176c006ef
6b22ce383218fba0cf96dcb87ea53886594d11f48b42c0a7f88d887eeb9320ea
737642f3d69953b6bba3641d8b61f4b30dba68f538711d2f57d057c399cd2f8e
73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b
785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7e05c4fabf6d02fa4c14937ca467cc7d4ebbb02f295e3cff6ba999e6369fc663
81ddc254dc771374be4de8a66290843b57ae545c52f3863d7298f29b6286e9dd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f
87db80c1251e057889cee3b35187e79d7365d3d9b54214fd1c5c06a8386cc48e
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a2eec716594a088e751fb0238d964df99bbab6d347cd0ad8f61316ae4caa0b9
8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421
8ca0c189d4911ebe4c2a57e80bf61583cbd9af58bb33de61a739ddf49d2d39ad
914ae362937120d900bb5c5d95c70f3957fa2270c308925e4a72ad56446911cb
918ac9ed724198d1a97c2b2f35d73bed4276d70d45a3eb39419377ef286de806
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
937a01cb3fdcc15351b7d2a375e177c5d4bce93c3dfc148c2787b70ed4279e00
93f03d420b0d30047cbe6183aa29f0975177995357f422e233e70841a5ba221d
94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae
9b7b5d56054f5bab6ea5dfd9472ceb900f406a8a35a3df5b17b606521a411a35
9caa51975dc97351ceb4e544fab746be9aee637db3095652a84b8dc68241e6ec
a04ca4a38cfded547daa7993112f5dcc2fbdf13f93b968d676e1313e8d8e98f6
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a168e0f3762d6f18eeddb33559de8221e7b4478932895416260ccacff18f332a
a2628f7a0920ea4910575e20b9d35ea6acf06b26cc38a6441cf503f7ffb47d26
a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394
a757f891e9f4a002a7aecb7fcf4e1d74e3e43cc2dc74c3a1fe3812fe7c9a3545
ac26fc0398d551aa08b0c47dc122714f69add40a4b04f02f69efe4822dd428d9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aecbf6f5221412b95bfc3a667fc00829eb8319acf1ed22fc86807b4a25bceba5
b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1ffa703af97cbc8af57a71d2ba52caf7f68d6d34b50190aa9b7d0cb53233e9a
b3eef75decadc91e863f376b960ade61991801ed72b6003681abc350493482cf
b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40
b827a1026b75dea08dd707dc362c5b3758c05b39270abe0d9d36dc540f4afe49
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
ba95ed077caa1b5b8b0938c45e2223e486f179f659a64bcc4d6ea3d240235734
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
bdc11f3dcb2320159c0adec9109d55267f2b670d0d5ef4fa45d7eccda937b404
c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236
c1f22198f612a3b0cb9bb29f17b4d3887c8c5256295c92a027c571721acdf5ad
c2b237efcb68e6fc63be94223a1bc1d7c2b2ef122c939dcd09e08cfce9b359e9
c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2
c2e916865e5811dc30c297c5d94b30565b68fb05acce5c92851c0c38f3eb2415
c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6
c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca
ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a
ce6274ec5a980cf17f8db07b971ad1626135b9af40f7a3ae55b167240e46fc22
cea918e6af14ac3645e0e33b30cb802820aed3e549defbd618be220c31546625
cf2b7b8c9c5756454079e4eb012128b38f569bcc9d32a5b895df5396ae5052b2
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d5343875add664847054760190ee3c05b8f65851de52991bebdba1a29cfb5d60
d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
db19cb09c2f10a72da9475973ba416b345973e81aa3fb1ad906db2cd586d1eb4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
dd526f2495b939b744a150e0a07435e928817393f7f947987b09b79fedcd653b
e3939195d41be69e3a9afbf116ad6df3ab2f8bbdb1057078c383ed45d3f2f298
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e7de12e2dc8f1140baf513360f096e8b25b97a15ddb4ddb46323d2e10bd2a23e
e87e201d3ac066d6522dc7a17d02df52163ae9e47173244f017d23476f9e1eda
e9b3c1ef5622bc620a5c1d364aa9fbec2c9d6230bb5f6ab825825db09dd71f6a
ea0a66087c5669d9c516399640336a37d06d722e1ef0ada8047db1869af0de96
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919
eea93734d5f0032479fa252394415d53cbcd4e7bd6d54764543eaa8b7c9fd10c
eee51d0715d2f5efd605e8c6020900a6aa8a1678867cac80e0bd43628f7e1bcf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f075862042ebde742aed537c14b94385831d14760eb33a8ae7e887a49fe340c6
f2ea684e3b845732d5688c534995dded4f2b5639e4b51b23540b00424f2736ad
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16
f51a75f2ede4c5e0457f05d60bfa39290b59348a71cdae4cc701236e6f552ad9
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
f7374d4ad8ceaaa6a35a0cd36fa303a0154e20a9ef85db32bb832f9d43b3ce27
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f92333a45b532bdb5248178674b041b1c35edfd33a55df48192256f0bfe49e4e
fa8c32e4cf3d3e6a515ed02bcb7c24c87a1371ff8b888ca12332e4da8e4c5e65
fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd
faab326e699f5c5e1123da40e450eff737d1e4babb824ef83ebacc514fba6ae5
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a
fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767

www.proofpoint.com Open in urlscan Pro 2a02:e980:107::cf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

230 Requests

90 %HTTPS

35 %IPv6

58 Domains

78 Subdomains

67 IPs

9 Countries

7667 kBTransfer

14613 kBSize

64 Cookies

17 Outgoing links

Redirected requests

230 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Screenshot
Live screenshot

Full Image

230
Requests

90 %
HTTPS

35 %
IPv6

58
Domains

78
Subdomains

67
IPs

9
Countries

7667 kB
Transfer

14613 kB
Size

64
Cookies

230 HTTP transactions
13 data transactions