www.ironnet.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Submission: On August 09 via api (August 9th 2022, 4:21:32 pm UTC) from US — Scanned from DE

Summary HTTP 99 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 33 IPs in 4 countries across 25 domains to perform 99 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.ironnet.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 11th 2022. Valid for: a year.

This is the only time www.ironnet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	2606:2c40::c7... 2606:2c40::c73c:67fe	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
8	2606:4700::68... 2606:4700::6812:1005	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1	2606:2800:233... 2606:2800:233:66b5:799a:7cd3:f74d:7071	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f00... 2a03:2880:f007:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
3	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:f1cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
2	104.111.234.67 104.111.234.67	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
4	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:11a... 2a02:26f0:11a::6867:4868	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2606:4700:440... 2606:4700:4400::ac40:9a55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:45b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	52.222.236.103 52.222.236.103	16509 (AMAZON-02) (AMAZON-02)
2	104.244.42.136 104.244.42.136	13414 (TWITTER) (TWITTER)
2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.60 18.66.122.60	16509 (AMAZON-02) (AMAZON-02)
1	13.32.13.117 13.32.13.117	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
2	54.156.137.3 54.156.137.3	14618 (AMAZON-AES) (AMAZON-AES)
3	3.5.21.167 3.5.21.167	14618 (AMAZON-AES) (AMAZON-AES)
99	33

32 2606:2c40::c73c:67fe (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.ironnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:66b5:799a:7cd3:f74d:7071 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f007:8:face:b00c:0:1 (Vienna, Austria)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)

lp.ironnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:f1cc (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

063-xzx-814.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:11a::6867:4868 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:4400::ac40:9a55 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:22::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-103.fra56.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.136 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-60.fra60.r.cloudfront.net

wec-assets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.13.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-13-117.vie50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.156.137.3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-137-3.compute-1.amazonaws.com

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.5.21.167 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: s3.us-east-1.amazonaws.com

qualified-production.s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	ironnet.com www.ironnet.com lp.ironnet.com	8 MB
10	qualified.com js.qualified.com — Cisco Umbrella Rank: 26032 app.qualified.com — Cisco Umbrella Rank: 27217 assets.qualified.com — Cisco Umbrella Rank: 28991	1 MB
7	gstatic.com fonts.gstatic.com www.gstatic.com	67 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 674 syndication.twitter.com — Cisco Umbrella Rank: 864	150 KB
5	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 1934	16 KB
5	linkedin.com 3 redirects platform.linkedin.com — Cisco Umbrella Rank: 2714 px.ads.linkedin.com — Cisco Umbrella Rank: 361 www.linkedin.com — Cisco Umbrella Rank: 491 px4.ads.linkedin.com — Cisco Umbrella Rank: 5619	511 KB
3	amazonaws.com qualified-production.s3.us-east-1.amazonaws.com — Cisco Umbrella Rank: 44434	40 KB
3	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 381 js.adsrvr.org — Cisco Umbrella Rank: 1298 insight.adsrvr.org — Cisco Umbrella Rank: 619	3 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67 translate.googleapis.com — Cisco Umbrella Rank: 1094	88 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 94	191 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 557	140 KB
2	terminus.services vidassets.terminus.services — Cisco Umbrella Rank: 15013 wec-assets.terminus.services — Cisco Umbrella Rank: 14329	12 KB
2	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 5428 track.hubspot.com — Cisco Umbrella Rank: 2017	1 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3223	6 KB
2	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 6647	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	88 KB
2	google.com translate.google.com — Cisco Umbrella Rank: 1377	53 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	16 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2742	347 B
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 1927	20 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 734	3 KB
1	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124	548 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 125	15 KB
1	mktoresp.com 063-xzx-814.mktoresp.com	318 B
0	highdegree.io Failed sensor.highdegree.io Failed
99	25

	Domain	Requested by
32	www.ironnet.com	www.ironnet.com assets.qualified.com
7	assets.qualified.com	www.ironnet.com app.qualified.com
5	js.hs-banner.com	www.ironnet.com js.hs-banner.com
4	platform.twitter.com	www.ironnet.com platform.twitter.com
4	fonts.gstatic.com	fonts.googleapis.com
3	qualified-production.s3.us-east-1.amazonaws.com	assets.qualified.com
3	www.gstatic.com	www.ironnet.com translate.googleapis.com
3	lp.ironnet.com	www.ironnet.com cdn2.hubspot.net lp.ironnet.com
3	www.googletagmanager.com	www.ironnet.com www.googletagmanager.com
2	app.qualified.com	js.qualified.com
2	static.xx.fbcdn.net	www.facebook.com
2	syndication.twitter.com	platform.twitter.com www.ironnet.com
2	px.ads.linkedin.com	2 redirects
2	translate.googleapis.com
2	munchkin.marketo.net	www.ironnet.com munchkin.marketo.net
2	cdn2.hubspot.net	www.ironnet.com lp.ironnet.com
2	connect.facebook.net	www.ironnet.com connect.facebook.net
2	translate.google.com	www.ironnet.com
1	insight.adsrvr.org	js.adsrvr.org
1	track.hubspot.com
1	js.adsrvr.org	www.googletagmanager.com
1	wec-assets.terminus.services	www.ironnet.com
1	match.adsrvr.org	www.ironnet.com
1	vidassets.terminus.services	www.googletagmanager.com
1	www.facebook.com	connect.facebook.net
1	app.hubspot.com	www.ironnet.com
1	region1.google-analytics.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.ironnet.com
1	www.linkedin.com	1 redirects
1	js.hs-analytics.net	www.ironnet.com
1	snap.licdn.com	www.googletagmanager.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	063-xzx-814.mktoresp.com	munchkin.marketo.net
1	fonts.googleapis.com	www.ironnet.com
1	platform.linkedin.com	www.ironnet.com
1	js.qualified.com	www.ironnet.com
0	sensor.highdegree.io Failed	www.ironnet.com
99	38

This site contains links to these domains. Also see Links.

Domain
ir.ironnet.com
translate.google.com
docs.microsoft.com
www.crowdstrike.com
www.justice.gov
www.cisa.gov
security-soup.net
www.proofpoint.com
unit42.paloaltonetworks.com
www.cyberscoop.com
tria.ge
attack.mitre.org
kb.ironnet.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.ironnet.com Cloudflare Inc ECC CA-3	`2022-04-11` - `2023-04-11`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2021-09-10` - `2022-09-10`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-05-19` - `2022-08-17`	3 months	crt.sh
lp.ironnet.com Cloudflare Inc ECC CA-3	`2022-04-25` - `2023-04-24`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2022-05-06` - `2023-05-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2022-03-08` - `2023-03-07`	a year	crt.sh
*.terminus.services Amazon	`2021-11-16` - `2022-12-14`	a year	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
app.qualified.com R3	`2022-07-21` - `2022-10-19`	3 months	crt.sh
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Frame ID: DA49CA8AF6525B266EFF2563B7CBA29F
Requests: 76 HTTP requests in this frame

Frame: https://lp.ironnet.com/Prefll_Form.html
Frame ID: CAAD34BFAD17347D76250D5B7C200E1C
Requests: 3 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b1befbea3a1424bb94efd70105dfa52.html?origin=https%3A%2F%2Fwww.ironnet.com
Frame ID: 2F79E79A252A1C0D56D31A5FD443B0C9
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b7a27c329b7ec%26domain%3Dwww.ironnet.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ironnet.com%252Ffa2dd5ff5d2ca8%26relation%3Dparent.parent&container_width=43&href=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&layout=button&locale=en_US&sdk=joey&size=small
Frame ID: 8145D182227251674A4BDF723D919896
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: E5F115B0CA65A99BE51E993794213811
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b1befbea3a1424bb94efd70105dfa52.en.html
Frame ID: E98876D07DE7A6344094502B86B8898E
Requests: 2 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/wX6rSUG6pPb1PMPx/messenger?uuid=7fe5a14c-77c5-41d3-87c3-ff0c1f62f0af
Frame ID: 2376A0CC9A3162AEC986A53EDD28AEA4
Requests: 13 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=zv8jv9y&ref=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&upid=kpfi814&upv=1.1.0
Frame ID: 23B2EE61F843FE8FABA88DF7B7EB6F33
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Detecting a MUMMY SPIDER campaign and Emotet infection

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

99
Requests

98 %
HTTPS

63 %
IPv6

25
Domains

38
Subdomains

33
IPs

4
Countries

10891 kB
Transfer

16022 kB
Size

17
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://ir.ironnet.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Google Übersetzer

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/deployoffice/security/internet-macros-blocked
Title: Microsoft disabling macros by default

Search URL Search Domain Scan URL

URL: https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-february-mummy-spider/
Title: MUMMY SPIDER

Search URL Search Domain Scan URL

URL: https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation
Title: taking down the Emotet botnet

Search URL Search Domain Scan URL

URL: https://www.cisa.gov/uscert/ncas/alerts/aa22-110a
Title: joint alert

Search URL Search Domain Scan URL

URL: https://security-soup.net/quick-post-mummy-spider-delivers-emotet-maldocs-for-the-holidays/
Title: recent reports

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/emotet-thread-hijacking/
Title: article

Search URL Search Domain Scan URL

URL: https://www.cyberscoop.com/emotet-tweaks-microsoft-botnet-russia/
Title: Recent reporting

Search URL Search Domain Scan URL

URL: https://tria.ge/220428-23e5saffg3/behavioral1#report
Title: https://tria.ge/220428-23e5saffg3/behavioral1#report

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/tactics/TA0011/
Title: Command and Control

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1071/
Title: Application Layer Protocol

Search URL Search Domain Scan URL

URL: https://kb.ironnet.com/knowledge
Title: Knowledge base

Search URL Search Domain Scan URL

URL: https://twitter.com/IronNet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/ironnet/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4082106%2C1357876&time=1660062085610&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&tm=gtmv2 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4082106%252C1357876%26time%3D1660062085610%26url%3Dhttps%253A%252F%252Fwww.ironnet.com%252Fblog%252Fdetecting-a-mummyspider-campaign-and-emotet-infection%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4082106%2C1357876&time=1660062085610&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&tm=gtmv2&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4082106%2C1357876&time=1660062085610&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&tm=gtmv2&liSync=true&e_ipv6=AQJq-7vd_iLx9AAAAYKDaTQl3z-3xrLSQlU0g64rM2KfUPbYT89VPwfzXCcQgH6U0B7OIB6M

99 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request detecting-a-mummyspider-campaign-and-emotet-infection Show response
www.ironnet.com/blog/ 144 KB
24 KB 1022ms
940ms Document
text/html 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / HubSpot

Resource Hash

965f8d82558ebea71ec853cb504f0026c3f3ac617cb9d6a7d5337d3f3781059c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: s-maxage=14400, max-age=0
cf-h2-pushed: </hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>,</hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js>
cf-ray: 7381d317288a920b-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 09 Aug 2022 16:21:24 GMT
edge-cache-tag: CT-73137754657,CG-12313847636,P-6306975,CW-35525642561,CW-35525686689,CW-35927605472,CW-36076804917,CW-71869379416,CW-71989987083,E-35525642575,E-35525642579,E-35525642580,E-35525664228,E-35525679625,E-35525679626,E-35525679629,E-35525686694,E-35525686697,E-36128798909,E-36401964800,E-36423006893,E-36584928962,E-36675484470,E-40241648202,E-47940322742,E-54839291782,E-54839691267,E-71699587088,E-71699688714,E-72600750451,E-73784023460,PGS-ALL,SW-2,GC-36484365074,GC-73784023689,TS-35927363315
etag: W/"9dceb5d3bc73ac203a30772cbbe8be44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Mon, 08 Aug 2022 18:20:27 GMT
link: </hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xs1llx6Yxhs4VPsjN1YfpLkxAaBZmSBjEWHQFxoSQGuxnzct3NB51plLsMDCnAI6U31tZKEP0DLMslMmZf63QFCmwBokuUdg9ocWdzmt1wrYzTPSgAaNI7Ryj%2FkmsF6kP1YTl%2BettZPQjWEJoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=14400, max-age=0
x-hs-cf-cache-status: MISS
x-hs-combine-css: Disabled
x-hs-content-id: 73137754657
x-hs-hub-id: 6306975
x-hs-prerendered: Mon, 08 Aug 2022 18:20:27 GMT
x-powered-by: HubSpot

GET
H2 200 jquery-1.11.2.js Show response
www.ironnet.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 1ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ironnet.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:24 GMT
via: 1.1 18c7c6863d32a25928e512ad864f8a18.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16958349
cf-ray: 7381d31cffc0920b-FRA
x-cache: Miss from cloudfront
content-encoding: br
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gwpavlqrQbsQ1fB3Jh7HtowCzcaR%2BnCB95Y3Zr3dixcAnyKlU%2Fu0OVkgkZm%2FgAj1Xz6mcFIkynOKux0DDUrTW5jz373KImA1wt0IgGjtadVIyccaPw8p5jdh69j7NYLPc0uTRo%2BllR7HabT50Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: null
cache-control: public, max-age=31536000
x-amz-cf-pop: JFK51-C1
content-type: application/javascript
x-amz-cf-id: KYXPQogsE-dY6JA62uXAi4yeYiSuEZ4iPnO8kD-98HATwGJKulU7rA==
expires: Wed, 09 Aug 2023 16:21:24 GMT

GET
H2 200 project.js Show response
www.ironnet.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 3ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ironnet.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:24 GMT
via: 1.1 18c7c6863d32a25928e512ad864f8a18.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16958349
x-amz-server-side-encryption: AES256
cf-ray: 7381d31cffc4920b-FRA
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FTKrn2wLOgRtngZTzSQJo6u9%2FF8nZHN64q%2BzAwx5R0E9sdhpvF6MU55VYx767f%2BJw0lPTdcvuJUuabFk3U9yD5nFgAwzyp87CkqZhi1mVDD%2FYK0%2BlIFbnKitUOFe2GPPqTXXzzyKwejHvAD9kg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
cache-control: public, max-age=31536000
x-amz-cf-pop: JFK51-C1
content-type: application/javascript
x-amz-cf-id: jS0MgJiJSnUr0ivaUq1QVOKewGNCvFqHtM99hYOh__ZI6Kt0juWfFg==
expires: Wed, 09 Aug 2023 16:21:24 GMT

GET
H2 200 index.js Show response
www.ironnet.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/ 10 KB
4 KB 5ms
0ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.ironnet.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a50df52651133ee2b309daf0c3b921e9f5109067d5e11f2b8dd055f9ca3e66f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:24 GMT
via: 1.1 5f2bb43f258333f4156847ce1f482ee6.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1040605
x-amz-server-side-encryption: AES256
cf-ray: 7381d31cffc5920b-FRA
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-encoding: br
last-modified: Wed, 27 Jul 2022 14:35:54 GMT
server: cloudflare
etag: W/"0d86ec7be24f2dff2308b8edf54c2f32"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wr9OwBkkps%2BOWEFKgcMJ1ae%2Bv21PbflAHKvOTnxOaYteAPl3VNNLiwYp3kup4Ey52ohEZrzhdrO8z1MDd8KhiasCBcC3dawACFkt9DnWNRaDrrJrZpWoGQsKBS3PSt0XUFCjOc%2FFtRJ1xTferA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: k79.hN9WG526nViFF800Vr3DxQF_q.yo
cache-control: public, max-age=31536000
x-amz-cf-pop: TXL50-P4
content-type: application/javascript
x-amz-cf-id: GUKC_JoIeTDYKv-9aXPL8oQMSf3OKYsqkxz6gmXboIivWGaF2LSu0g==
expires: Wed, 09 Aug 2023 16:21:24 GMT

GET
H2 200 bulma-grid.min.css
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525642579/1601450019033/ironnet-2020/punch/assets/css/dist/ 26 KB
4 KB 306ms
303ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525642579/1601450019033/ironnet-2020/punch/assets/css/dist/bulma-grid.min.css
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e07414c9b5c677277f7066b23d698005bf6bc2e6405d5ebf1a2221cc5defb102

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1601450019033
date: Tue, 09 Aug 2022 16:21:24 GMT
via: 1.1 5630c5d6ce3870273aaf2ed5fe6c2f14.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: M3R27RWMD1E1P56X
x-amz-id-2: qu9EwbPnrJNSqh4sOh9/DPYm5Mar6S3j/eX3S9O6P1fWoc8g5AzH/74KhcP2J2lzulf8ab+Vi+Y=
last-modified: Wed, 30 Sep 2020 07:13:40 GMT
server: cloudflare
etag: W/"7107a5f9b183e769f3122d62d833535d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YCaoOotXYPM0iXQ8cbaRAlOkTHMGowsFgGgbKgXiIqqbQMN%2Fj4%2FKJiJbV11absnX6HJIF9VT3ViMwSVUhwH4jVFe5hUxSLcx9pRacY0m0VLtlarBZFb7ZRJsA7T41MhIFNs%2BTsDoi%2FM9EXUmyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: rModS9nd6wyAoOvT2ZFs4Vjd4Kt_4RYJ
cf-ray: 7381d31d6824920b-FRA
x-amz-cf-id: tAqct1ys8q5yUknW_hVnMH875Mtaim_fuWCm0tO1gT-p_gxrX4XHsg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 flickity.min.css
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525679626/1601450019010/ironnet-2020/punch/assets/css/dist/ 2 KB
1 KB 550ms
548ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525679626/1601450019010/ironnet-2020/punch/assets/css/dist/flickity.min.css
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 977af5b132aa036c483277e9b4f0aa35506e96d69e5a4b0909bdd6468df3caca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1601450019010
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 615f410a3a080a335933e9fa08c15260.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: M3R0922XE0G7E9KG
x-amz-id-2: WRiAL5kz/zIJoIurCFzyuZ//y7JiJNPhEhUHL/3hWBduKh1tfi8qomFPHdDxDa0rHnPmNNtdECA=
last-modified: Wed, 30 Sep 2020 07:13:40 GMT
server: cloudflare
etag: W/"955965aa159bd4a41390fa3dddb3430d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCW8waEnpp7Iqtq0jwfgc4HXvJcsD%2Fbh0vcNe85XG%2BsfYSZDb0DuhEwZVw%2FzC8YK%2FWJj4KWSvyoeuabjPsETFwGDJ4xDuA9iVuBHjJyaYrJ7GTzjNrTHlWSBalllghX3jZ318DyuvtpzAW2gAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: Eawgt75FrXjihypBIT7KFqEp4IHLWfvm
cf-ray: 7381d31d6827920b-FRA
x-amz-cf-id: K1ti3De57tMh2iZhbqeERN5Cg0c6cbuqKh20qSf7keb2O9Ds71kH3w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 main.min.css
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/71699688714/1659569745938/ironnet-2020/punch/assets/css/ 82 KB
14 KB 278ms
275ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/71699688714/1659569745938/ironnet-2020/punch/assets/css/main.min.css
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19645836d6ae45ea1873033845899381953b0b10ddc3bca12cd8fd9d4e6482c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1659569746560
date: Tue, 09 Aug 2022 16:21:24 GMT
via: 1.1 979084a90b32fe3f5fdc377fb6e67b76.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: M3RCETYJ45Q3W7FB
x-amz-id-2: 7SX+8XlHpX/utRK5mGPXHcbGQnNDBQx9+4LftirmF1jZfozjyNcOEim34WAXhTz3tidpwImI7i4=
last-modified: Wed, 03 Aug 2022 23:35:47 GMT
server: cloudflare
etag: W/"e9eb6fb71c6c0a155b554d82e3a93d8f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f89%2FJcGV5iCnBCEqefmEWjkbPY%2BxgBREFqVaMLv6dCbFKRgGcx2pB2LHchFkTlYvJHqzAOej8IcvlVjtbV7GFJ51zVzlqAAhBDGr%2Fp8AtpqWUmslF6mQDqhFy34l%2BefpyjaolafdW2IKmF3cAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 95Nn4SDhmKaJox1YTZ2Ijf7wW6lEYdDD
cf-ray: 7381d31d682b920b-FRA
x-amz-cf-id: dR85dKabE_ozjZXaYz-ETnDbkaxg0QukF-4yjIjKJPIHEHenSeeiqg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 main.min.css
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525642575/1655813112043/ironnet-2020/assets/css/ 254 KB
46 KB 305ms
303ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525642575/1655813112043/ironnet-2020/assets/css/main.min.css
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f1550c110faf0637f19b7ecd91c6da3cecb92beea093a0628a89d484e7ab532

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1655813113314
date: Tue, 09 Aug 2022 16:21:24 GMT
via: 1.1 0501dadffc52b06a0cf6aadc57586acc.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: M3R8KKCKHKWF71R7
x-amz-id-2: k1dPWhkop+bfdvEsdmSMM59f7siBkP2M69gf/zfXXKAV8Uz2f7ivKMaLLKe+yZ88xWcFuIxle7c=
last-modified: Tue, 21 Jun 2022 12:05:14 GMT
server: cloudflare
etag: W/"02ee90cc3423d113b904cc120fb377d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UIfQb7%2BihXuUhlcnTA8w14DujFb1OES5KSBcSB1EsPGo0KjjH%2F5Mn8FgA2BOUuOlbq7LSvbn%2BmmS3kX8Mca4UZDUN0bQuSDijO%2Fx2t%2Bz9pNFKuHcdcS2NkLYBF9f67%2FgCPWdQBfb2BkZBR7kIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: PkUTjzwH8e_IX7F6e7A0NyCpUo9KiLBv
cf-ray: 7381d31d682e920b-FRA
x-amz-cf-id: RYWvhAmoA3ijkPJlVq0EZXKlsrqmOIs3nvTiV2l0hazzfkSJppPnbQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET dd.js
sensor.highdegree.io/scripts/ 0
0

GET
H2 200 qualified.js Show response
js.qualified.com/ 231 KB
68 KB 492ms
440ms Script
text/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=wX6rSUG6pPb1PMPx

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e67e6bfbd3ec76e56875b5a1b542fb0092dc7c74093f8ff16192a5e36338659

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=63072000; includeSubDomains
x-xss-protection: 1; mode=block
x-request-id: 83822c86-ab9d-b4fe-e08a-ab9f389180a8
x-runtime: 0.015365
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1e67e6bfbd3ec76e56875b5a1b542fb0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept,Accept-Encoding
x-download-options: noopen
content-type: text/javascript; charset=utf-8
via: 1.1 spaces-router (ec8e39011293)
cache-control: public, max-age=14400
cf-ray: 7381d3214ae09b70-FRA
expires: Tue, 09 Aug 2022 20:21:25 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 114 KB
45 KB 143ms
53ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-661486000

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e5c54a4a7ca3144089f870c123d6bd21c2cb61e2e31284d501bdd39c30e915bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45585
x-xss-protection: 0
last-modified: Tue, 09 Aug 2022 15:50:33 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Aug 2022 16:21:25 GMT

GET
H2 200 prism.min.css
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/54839291782/1631132254005/ironnet-2020/assets/css/dist/ 2 KB
2 KB 275ms
273ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/54839291782/1631132254005/ironnet-2020/assets/css/dist/prism.min.css
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b877c141969b8914929e24fa9132309c78f381dd36cf9783dccaf201f4e55835

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1631132254135
date: Tue, 09 Aug 2022 16:21:24 GMT
via: 1.1 a12c29ca3e64ac2015cf4f6c9099b8ce.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 2MT7KYQP4722HCV1
x-amz-id-2: 6m+Z2+0YkPmwJn90pbnfuhlhhpwUoGF9QyFZvWZqt+67SR0TReFIBCuo+4CjufgZeKQNHM7DwaE=
last-modified: Wed, 08 Sep 2021 20:17:35 GMT
server: cloudflare
etag: W/"6497a16f1221ea206efb4259a9ee7833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GjsuN3GItlg%2FbA3e48BQ7BCFL7xHqpOU7HnLVqyieCEpCa4F3ht62iriUKYmJFhP0qk4R6Rgy9bGqEhT3PkNShbWonQhI45WG6gl5FSn4PdhJ0ph%2BdKrw%2FOcVhOFx6ULyYCTa55%2BKYyk9vInlA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: abeIOsePvskJom93mbZwgYGqmAy.WHOM
cf-ray: 7381d31d6832920b-FRA
x-amz-cf-id: OFXyrAyVfocUtlcLmAF-pQ1tvAe-d8iUYtlmgxulxsaYOXp5gLYhnw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 in.js Show response
platform.linkedin.com/ 507 KB
508 KB 71ms
9ms Script
text/javascript 2606:2800:233:66b5:799a:7cd3:f74d:7071
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.linkedin.com/in.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frd/E2D7) /
Resource Hash: f0ab4e14456c13a6c725c55a882e76fc62b42d511be4a8ec4d903a531e703013

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:24 GMT
x-cdn-client-ip-version: IPV6
x-cdn: ECST
age: 564
x-cache: HIT
x-cdn-proto: HTTP2
content-length: 519224
x-li-uuid: AAXl0TFE4aqsWLloYfC7zg==
server: ECAcc (frd/E2D7)
last-modified: Tue, 09 Aug 2022 16:12:01 GMT
x-li-pop: prod-lor1-x
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
accept-ranges: bytes
x-li-proto: http/1.1
x-li-fabric: prod-lor1
expires: Tue, 9 Aug 2022 17:12:01 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 76 KB
27 KB 149ms
54ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aef68dcd7483c7061fa95315327615fd5e40a6cd1770fe6319afba48c69a805a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Aug 2022 16:21:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 60ms
18ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d20c3298ba0008f7c5865821dfff6bfd9e49f897c20136c10756548a73622f52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Origin: https://www.ironnet.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: CSA+KZLvadVS15VIW9IMog==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: ECpffbCuhNKGTYKolPtBHxYChYq9OPtE+UydqXClsPkD197LYkOATTBheVm3Uh68dRLchHsm8JI0hcoZN8ngNQ==
x-fb-trip-id: 720026100
x-fb-content-md5: d48290aae6f6ea75cf6381ab444ef3dd
x-frame-options: DENY
date: Tue, 09 Aug 2022 16:21:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "375bfc78cf896527c111a33d4d4d9b31"
timing-allow-origin: *
expires: Tue, 09 Aug 2022 16:27:23 GMT

GET
H2 200 AdobeStock_325296623.jpeg
www.ironnet.com/hubfs/ 7 MB
7 MB 888ms
885ms Image
image/jpeg 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hubfs/AdobeStock_325296623.jpeg
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ca78cb9c3d04229e62a9dd1f5456f36c55ca2162c3ec458689bf276b10afdd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-73222892687,P-6306975,FLS-ALL
x-amz-request-id: AH49AEEV23B3XEAX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-73222892687,P-6306975,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "d344be20cfd702739da4726feda12b62"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1652197288198
date: Tue, 09 Aug 2022 16:21:26 GMT
via: 1.1 d8eef512ab23f23f549b4cd25ac5328c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA2-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-73222892687,P-6306975,FLS-ALL
x-amz-meta-index-tag: all
content-length: 7429530
x-amz-id-2: eus6d6RuC2LGcjBNk91Xg7YG6m7xOX5dTA5ljgHYRaUjyERYuGwmJZ/VLMvxxGFre0nLfYuGZTw=
last-modified: Tue, 10 May 2022 15:41:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bafC6LS29BIZCVvsmw3N4iLmFt%2B%2BzD2T3OZMIADopprulc%2BUQxylcLhIWLGiCed5oYI%2BDYjKU%2BA%2BwwEm42Hc78Ker1d8FYpoVBwRnKFy49%2F1Vxrl3p%2B54Cwv7kOGkiztgsqubpqWUWaf5V27%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: FgqKiBwDhVLEbJ59IEl1vPR5aTBGVTdx
accept-ranges: bytes
cf-ray: 7381d3210c15920b-FRA
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: OrF-rfe8gCbbAmSNiw-depkM-xGa_Bnok6onzaDMan6TKMFASeOSJQ==

GET
H2 200 module_71869379416_search_input.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/module_assets/71869379416/1651662444163/ 4 KB
2 KB 511ms
510ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/module_assets/71869379416/1651662444163/module_71869379416_search_input.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e1f8fbebc1b0ab39c0da6c568f511c783855d173f2e33af4cd8779974adfee1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1651662444163
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 4a66fbee8ce857225d1bddf53b79420c.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: AD3NF3RN8PKQKZSX
x-amz-id-2: maFQdfgl34VQKazfJVctP+OCN403QBwLYU7F9xMzBac2IS8+oDJAR0Hv4dLxp70pQhjMeetaSFs=
last-modified: Wed, 04 May 2022 11:07:25 GMT
server: cloudflare
etag: W/"b4e9736cbf0ef71851163d13308e30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZJ9cWrCMRe9kWD9%2FZAXrbyfeXtois2AgYhFE7MJvJfGfMEY8PGCr4NJFDw7%2F9GltpRatnkqiN2SU%2FUEs%2BulEk6eYDjDKx5GguM57EN27JzDijOl3zXDuA7HBUfWQjP7jlfdEjGFQT7s9v0eww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: .QcZq5H25Po1rrQlfxG6w6elrLkHQQ23
cf-ray: 7381d31fcacb920b-FRA
x-amz-cf-id: bMDPJt3RocerfCSB5D4ctI4BTqAL6kbr8ZI-8_5fH1RAdYwcgLfKFA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 6306975.js Show response
www.ironnet.com/hs/scriptloader/ 995 B
1 KB 181ms
178ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs/scriptloader/6306975.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 90bf27fb15e7d9ce69d011bb4e2d0821080ccb87c155630f5931703a12f5a613

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 2160295c-871e-4fe5-8d01-d5b0bf3780c6
last-modified: Tue, 09 Aug 2022 06:13:58 GMT
server: cloudflare
x-trace: 2BF4B920FD6D5B760AFD02FDD6D36568F6FC7C3697000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3lOwOprIqyvbbkbIHaypK4%2B%2BSkC5pmQsRWsBGt5MFCA%2B%2B5d7gARVVMZogg5jPSxTO5f2E2yqQKEs7%2F%2F%2FLIM8G1rFxQ1L4kHCJlNqC%2BrWz5rLHIyHt%2Bfh0tc%2BxyJZ0jBs3Ez4k00nebU9PDzIbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.ironnet.com
cache-control: public, max-age=60
access-control-allow-credentials: true
cf-ray: 7381d3210c16920b-FRA
expires: Tue, 09 Aug 2022 16:22:25 GMT

GET
H2 200 prism.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/54839691267/1631732153112/ironnet-2020/assets/js/dist/ 42 KB
17 KB 235ms
234ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/54839691267/1631732153112/ironnet-2020/assets/js/dist/prism.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e9f48fa82dc1e7e4e7151766b49c1c470f11849ded31eb39dc8b977692896e3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1631732153631
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 417YF66FFBKZ7Y3C
x-amz-id-2: jT3KEafQJ0+Y0ChGN1P0ixJHMIBsLPa+GBEdp+yYus5Y5w73KsOA3LXWh3pblFpt4hDsoBYMdMI=
last-modified: Wed, 15 Sep 2021 18:55:54 GMT
server: cloudflare
etag: W/"be866a017f15227e7f4172bf0b8ae2d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hh5iUTbVeoJMJnPIVhhu%2FdDJO8Ux0M9VrQStGv5jLK49SF090IZxeYDn943jll1SO%2BFeBQw%2B0RDJgLnepx%2F4TAzgbhD%2FR5Cp%2Fvl2k%2F%2BeTNfGH6lPXQB%2BOvsGRa7zjKGiZO%2BtB5Wsk3kreUvInw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: 5efY3CkyC5chIDTFni7AiW0XnuzNQwsV
cf-ray: 7381d320dbe6920b-FRA
x-amz-cf-id: WRxEae8R5lwAipYCi_uhcu_XKJALDTCx5vi83buhhUsIS5bK0fsITg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.magnificpopup.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/36675484470/1603744103883/ironnet-2020/punch/assets/js/dist/ 20 KB
8 KB 263ms
259ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/36675484470/1603744103883/ironnet-2020/punch/assets/js/dist/jquery.magnificpopup.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50a4a63ddb8de2028f6aefd96e0f3b71f3a15995c89ed1fb6d83acff835ee3eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1603744103883
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 5630c5d6ce3870273aaf2ed5fe6c2f14.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: QCJYT3B92GW73W3E
x-amz-id-2: vudqV7gsFuNTujGMFPeqUuhqAs+GWkDbrKHgMxHl1IRbio4iT7klX+S76JQ6wdL6riP6vH5vlys=
last-modified: Mon, 26 Oct 2020 20:28:24 GMT
server: cloudflare
etag: W/"39217362bb05b1a19a89db13b77a662e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWMlhBILblQlczGl9iO4AFSQPxX5B09XHsNIyjnkvHMzkcXYF8toCUFhGLeEdHV30vyTeNF%2BiQPQ8eZRKyzMFjNVj35tCUUCJbUPcxr2Z2Zg2zR%2FwuSZL5HHLc51tSFOHGJjACy7jlY4I2faNg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: mB.9QMW9mXGjRd67qnqxkMztJmI0zis6
cf-ray: 7381d320fc03920b-FRA
x-amz-cf-id: w7PTY4Tvu-5dkOgx34FzKMPEBw6g0yjeJYVxeqqpwSFI6PWiyk5K6A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 waypoints.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525679629/1603161296039/ironnet-2020/punch/assets/js/dist/ 9 KB
4 KB 809ms
804ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525679629/1603161296039/ironnet-2020/punch/assets/js/dist/waypoints.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 250c3daa87a81384d8591c1e5b61ba975a822837ab5f3057caa83a51ead31847

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1603161296039
date: Tue, 09 Aug 2022 16:21:26 GMT
via: 1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: KF47THS90X6ZW2N6
x-amz-id-2: 85zDXwtANkxEsUyZ3ccriO+dbC30VU675RtNl/AWFpAZGXl1nryTv4Ac7Fi8VQ4vmxhcbAdK4Vw=
last-modified: Tue, 20 Oct 2020 02:34:57 GMT
server: cloudflare
etag: W/"4afb7b66486fb07e6ec957a648f4efd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4AqkzAiJIQ%2FJ2AP2gldfk1qAohvpTOR64GzK2s%2BFqLntKzaiLcaiANhzwlj5wGQhkrmonOrawJKwDHvx7OppXd9uyX7oNTcIAkp%2B9IjtrbUVLlkJ7boyQWF2SdvTYXUVdqzYQ%2BRbqyn7UYBUaw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: p0P7xfyfYMrQxhW91x9zKkkshxsUx95k
cf-ray: 7381d320fc04920b-FRA
x-amz-cf-id: PRVw5KXc0jRIpWzRPYqbXrudZlWFJleGJTDWqkUR_wLKwC8I2YIjJQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 waypoints.inview.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525686697/1601450019498/ironnet-2020/punch/assets/js/dist/ 2 KB
1 KB 259ms
254ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525686697/1601450019498/ironnet-2020/punch/assets/js/dist/waypoints.inview.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5249277c32e64757e7e97148a6a6778acca4a8e11d2114ccabe04515c152edec

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1601450019498
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 d591fee4e3f29cf0e3380368d25b4a40.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 9VWR6KC1P2TFD6XY
x-amz-id-2: 5YAjqfHuu5OKrktN00dvmdZIalXBADvcHtFfGfwrs1QcZBwBUleb8RT+bJwSl9ujrQcvv+SqF+4=
last-modified: Wed, 30 Sep 2020 07:13:40 GMT
server: cloudflare
etag: W/"38a96b2fb266a6a2c57bcf7616681ee3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3TbDN6I0UMjaDAQot5xs3mbK9aUXVeWpZpfXPSTAKEEsDz5HaiC7%2FcKqPoqqxrb4lHEtvLvtsNpkv8ayVhP%2BfRPSq9Pyad%2FsaQRxw7pPJbtHeopJhSTWmOr3mMbAcJ3CAyERW1RH%2BYOlKs3yYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: qAQhsU_0MM1Obyhv3_XufauD_XQ6CaYQ
cf-ray: 7381d320fc06920b-FRA
x-amz-cf-id: 1uOiuIuukte0oBtohN3JdRAwr0XEX25ZvYD1jXDeFQiPhYXlZzYVWg==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 flickity-combo.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/47940322742/1622045975278/ironnet-2020/punch/assets/js/dist/ 67 KB
18 KB 263ms
259ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/47940322742/1622045975278/ironnet-2020/punch/assets/js/dist/flickity-combo.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a8e98730db641e1b77b9b3dc9f07b54b5f0b93f6d7d0055b896c23666e1a252

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1622045976476
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 4a66fbee8ce857225d1bddf53b79420c.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: A0XSNHNB1H4833N9
x-amz-id-2: L5BovBCOZeoaGAINmEcVREIgSqQtDeQ6w0MDmtlnIHIzLbQLfRlciM7XhuJ45p3MuL4hCtH6i+w=
last-modified: Wed, 26 May 2021 16:19:37 GMT
server: cloudflare
etag: W/"1811fcdd82d6aa05dd9851ffcbd2bf5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zAkjZ6JMtuf5JnvYiridJSNogePPVf43c0bb5Q6E7DuI5dVGF%2BzodY%2BL8So%2F%2FoqBYNtv1DzTlXsLyLb%2FaPCO9U3jylTgsgZ7n%2BDGDkceR8ugARUTEqSr7L9918xFvZ7OUXPWcQwnw%2B1IjgQdfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: Qfc8S.WrtOhc5cy5NsENY6uDAHpFB.Ro
cf-ray: 7381d320fc07920b-FRA
x-amz-cf-id: Ko2DgIGaC_25AOBQBQ7feqfyYCJ3EvspnhKSnQrGoayDvrjKD8Gq4Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 lazyload.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/72600750451/1651573663958/ironnet-2020/punch/assets/js/dist/ 7 KB
4 KB 262ms
257ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/72600750451/1651573663958/ironnet-2020/punch/assets/js/dist/lazyload.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2037a416b86a501dbf1b4fa90a471e0f53d739eb1c1068aa88f8d71d0d92b05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1651573664291
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 d0f195624e615b103c40900f88cfd922.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: V91442ZDM75R9F3G
x-amz-id-2: n/HdnnZWdWbBfBfzcL1+ru1JEJhBEJEUbaUQHY0QRGgQI0qmi8xm61JGPbESzTTkitWzPEQTBT0=
last-modified: Tue, 03 May 2022 10:27:45 GMT
server: cloudflare
etag: W/"5cd968ad76c88eb02aebcf74fb202b76"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HqSl43%2BGmUTiCUQU51%2Fuzji3QkB2Lpkqhc5qDIyVDUZ%2FWwBqCah2XwtuZqein5XQ7483olebibg02KgB4nYhzruX9pyrOtOFQlKKapWvdrfkUg7dtwGNCx79PyHBKwviEX2H%2Bf7POaoGZSBvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: C4zsRhZbFW2lUsdCtQWKC5Z2n3nioE_w
cf-ray: 7381d320fc0e920b-FRA
x-amz-cf-id: pFgw87Omeq6j7fh6WfXAtOKH8xeNqXQyq0P8_97O7Y3CFumoHDFr4w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 jquery.matchHeight.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/40241648202/1610138198387/ironnet-2020/punch/assets/js/dist/ 5 KB
2 KB 301ms
297ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/40241648202/1610138198387/ironnet-2020/punch/assets/js/dist/jquery.matchHeight.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 407092548c6ac3e583260ec0d465ae75ea34dfdea979df37a577a2412069184d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1610138198387
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 6f3546b6b501aaa8c1b4750231158188.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: SPJTN3BM2F5NFST4
x-amz-id-2: A/X+qvAVj9dTdE87njPD5cQ2trgjgha8lVaDiyLg+BCsbO7ASEHTL6Rsl6hv98yDxed+LvFfEA0=
last-modified: Fri, 08 Jan 2021 20:36:39 GMT
server: cloudflare
etag: W/"6d13b317cf9296d5f385039436c06fb2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wU5wvKGbRsSxECcppdoXsR4x7YYJHxVrPd5QHcECwHW0a9c8igUnKS%2FnvjWJesH80KRXx3fXAeyXVKmbqNjnpM79wIaKOyZcxSrwlHCUe66%2F%2B47wktGo7PyImNX%2FN5eQ00dgCXFUVZBcDSI11w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: _EjmFiEWcHCv1Spjb3qIjRtpdDodPKQY
cf-ray: 7381d3210c0f920b-FRA
x-amz-cf-id: SnvtZJDSyhzM-vEep3P6EDyMzFcwGQ3IbtxLG1JNuP79jVJlVMuv_w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 frontend.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525642580/1654336651562/ironnet-2020/punch/assets/js/ 7 KB
3 KB 265ms
261ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525642580/1654336651562/ironnet-2020/punch/assets/js/frontend.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c45845ddd750a0a686e2468ac73581bc04ee85c3bb196d61245b5a09c3f88710

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1654336651895
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: 9Q521WQTKXZVJTW5
x-amz-id-2: zLWKxXOdcpHHlwqlbHwUGiowIv3WSXRjOxuMlMzPaQd9FFRvlsRlsCZhfuRD1Bm9sZlG1Hj/0ho=
last-modified: Sat, 04 Jun 2022 09:57:32 GMT
server: cloudflare
etag: W/"78c263273b29ef7332cf6233ff571d76"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wd6t%2BmLRRJY3iAdw6m9m7iAtQvNmrI3%2F0Lzep92st0vSkT%2BGAPHLUyQ8A8nv9m7rRXqeXyqjXM8aaPDBNlzQHGd%2F9hy8Rezvx1qvwfPaZDJ5duB8Zk2UfsKV%2Bcd3whVrzPaX4sRd9nF3vR2jcg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: EtjKx27MASqHCIBBNEb6QOOneCQ2hC22
cf-ray: 7381d3210c10920b-FRA
x-amz-cf-id: ITGpEgcpHsKW2f4iAK5rJA5CPh2zZDgfCsSI3EMCFg6pWYg-qCK34w==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 main.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/71699587088/1655212471934/ironnet-2020/punch/assets/js/ 4 KB
2 KB 359ms
355ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/71699587088/1655212471934/ironnet-2020/punch/assets/js/main.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 311678ae55442120e141bdc8226bc8fa7991dd91ce3dc657b94a483b59a609e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1655212472331
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: WD6HVBV480GA31CV
x-amz-id-2: aSEkR0eXikaODLVAoi8gvmO7QqaHKpEAZB8iKK4pZQ9GVHgN8vk1nI2sFJLWJ9jPGXQMnowKt6Q=
last-modified: Tue, 14 Jun 2022 13:14:33 GMT
server: cloudflare
etag: W/"34b1663786d158603512cc76a3deecca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HzGQfh2z3t5gDx6iTFOCTvFlT0XaHYHJ%2FpvGX9lY0Q%2FZS6TThLAk4bdC8CRGuEoBxAMu6jmK8vr12zWYHFJBKxf8UtjayjubHH9buiUMOyQS2tCMfTW034jLlB9q3RyFoeUvFeTqLnKvX2XAbg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: KkmP7gv1u0cF_gR3azwjSiFYQg3uG0Iz
cf-ray: 7381d3210c12920b-FRA
x-amz-cf-id: wZGGXyxTUSa9v8Lswyu8BTY5o2PRZErf_f4KDsPmywNFZZskb4X2_Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 main.min.js Show response
www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/36584928962/1626985056083/ironnet-2020/assets/js/ 1 KB
2 KB 283ms
280ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/36584928962/1626985056083/ironnet-2020/assets/js/main.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e033aa550c58223507ebebc632997793d17b8469598b337d63b6b407956513bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1626985056394
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-encoding: br
x-amz-request-id: QCJP6SKHSRHWDE1B
x-amz-id-2: Xld9KiAn2jphUeJNn0XhSEGE5J1zpglmtMxvZ0P0XNHdJF+EUIE443vafhCDdQvnURt1/FR+k88=
last-modified: Thu, 22 Jul 2021 20:17:37 GMT
server: cloudflare
etag: W/"190be94c2e5c79862c28356be066f21f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fzDiQ7NeTe43RfNI44TtaKv9hCfMLLJ6y9r2%2FPdm%2Fb9qwdmPWu6Z0LjbzAsBvr7hEVWfxTRo1jTFoMppP5b9oWoLqTISazcLV%2BG%2BeSAgeOvvQj8hevyvISnx7VmbNiSbt8wQAYFzYR%2FE4ebofg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
x-amz-version-id: nkxo4bMlGsusxr_8AK8CPviP5RRsvIYj
cf-ray: 7381d3210c14920b-FRA
x-amz-cf-id: iAvz3eSnsbu9Y82NuTbQWacnBzzPa7FyEZUr_v0Gxg6Ir-4f-847YA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 forms2.min.js Show response
lp.ironnet.com/js/forms2/js/ 206 KB
69 KB 347ms
144ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.ironnet.com/js/forms2/js/forms2.min.js

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17dc16f203a20131a9dfccce83ed74af83cb9da328011181ca745b7f3a883d08

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Tue, 14 Jun 2022 21:04:07 GMT
server: cloudflare
etag: "2281608-3391f-5e16ebec83fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 7381d31eba825b7a-FRA
expires: Tue, 09 Aug 2022 20:21:25 GMT

GET
H2 200 teknkl-library.min.js Show response
cdn2.hubspot.net/hub/6306975/hub_generated/template_assets/71927228185/1650933626364/ 2 KB
2 KB 80ms
46ms Script
application/javascript 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/6306975/hub_generated/template_assets/71927228185/1650933626364/teknkl-library.min.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c7487b93bfb86015257f8c7ee9b5557cda0825c07f96617315150138b6adb42

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-amz-meta-created-unix-time-millis: 1650933626611
date: Tue, 09 Aug 2022 16:21:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 763058
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHIUmiQC3CaZ%2F3dZ2%2BBeqzmvBs6ECw8Hzc%2FDWOBYd5xsPQWEv%2FJ%2BkHe%2FVUimkCDsV98BZ7%2B2aGyPXzP68Htzl5KNNmkg%2Bocz5uNcN4ZHLlL8wPUdsb17oZSm%2FW4vUpKnmZPQ%2Fy%2BWYHsYwHvon78%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 26 Apr 2022 00:40:27 GMT
server: cloudflare
etag: W/"5d67051d35b3290a7db0af29cc3c496c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-P1
cf-ray: 7381d31db8189b92-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 126ms
46ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525642575/1655813112043/ironnet-2020/assets/css/main.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/hs-fs/hub/6306975/hub_generated/template_assets/35525642575/1655813112043/ironnet-2020/assets/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 09 Aug 2022 16:19:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 09 Aug 2022 16:21:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 09 Aug 2022 16:21:25 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 212 KB
74 KB 195ms
106ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NC22BNL

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

77346eb268d61abfb02851995b748f7724fcefc70881cc31b6dd291a5bf759a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 75572
x-xss-protection: 0
last-modified: Tue, 09 Aug 2022 15:50:33 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 09 Aug 2022 16:21:25 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 49ms
7ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 16:21:25 GMT
Content-Encoding: gzip
Last-Modified: Fri, 29 Oct 2021 01:24:07 GMT
Server: AkamaiNetStorage
ETag: "461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 753

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 119ms
37ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ironnet.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 04 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 461974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Aug 2023 08:01:51 GMT

GET
DATA 200
OK truncated
/ 5 KB
5 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 939c81c89f076cf15236cf6d83cffac59c5086ddb2fe479a5001ce0b85e55b45

Request headers

Referer
Origin: https://www.ironnet.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: font/woff2;charset=utf-8

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 128ms
47ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ironnet.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 07 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 211904
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 07 Aug 2023 05:29:41 GMT

GET
DATA 200
OK truncated
/ 3 KB
3 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7fd32c535b3ed7818861ade3b92fb653bf533fc369e987fe795d2397341401d0

Request headers

Referer
Origin: https://www.ironnet.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: font/woff2;charset=utf-8

GET
H2 200 translateelement.css
translate.googleapis.com/translate_static/css/ 18 KB
4 KB 134ms
39ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.de.PJY76OogfOM.O/d=1/rs=AN8SPfo1AXy9NieTjxAoJVBZToVcZNPQNg/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 15:57:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1411
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3130
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 19:45:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 09 Aug 2022 16:57:54 GMT

GET
H2 200 m=el_main Show response
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.PJY76OogfOM.O/d=1/exm=el_conf/ed=1/rs=AN8SPfo1AXy9NieTjxAoJVBZToVcZNPQNg/ 241 KB
83 KB 136ms
41ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.PJY76OogfOM.O/d=1/exm=el_conf/ed=1/rs=AN8SPfo1AXy9NieTjxAoJVBZToVcZNPQNg/m=el_main

Requested by

Host:
URL: /_/translate_http/_/js/k=translate_http.tr.de.PJY76OogfOM.O/d=1/rs=AN8SPfo1AXy9NieTjxAoJVBZToVcZNPQNg/m=el_conf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cadbc4851a36cc3e72fb44cc871e7d1c349edbea74e8e4965a5818713d4153a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 07:22:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32311
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84980
x-xss-protection: 0
last-modified: Sat, 06 Aug 2022 19:12:33 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="rosetta"
vary: Accept-Encoding
report-to: {"group":"rosetta","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/rosetta"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 09 Aug 2023 07:22:54 GMT

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 76 KB
26 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aef68dcd7483c7061fa95315327615fd5e40a6cd1770fe6319afba48c69a805a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/161/ 11 KB
5 KB 11ms
10ms Script
application/x-javascript 104.111.234.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/161/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-234-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 16:21:25 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Sep 2021 00:38:21 GMT
Server: AkamaiNetStorage
ETag: "0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4681
Expires: Thu, 17 Nov 2022 16:21:25 GMT

POST
H/1.1 200
OK visitWebPage
063-xzx-814.mktoresp.com/webevents/ 2 B
318 B 505ms
99ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://063-xzx-814.mktoresp.com/webevents/visitWebPage?_mchNc=1660062085339&_mchCn=&_mchId=063-XZX-814&_mchTk=_mch-ironnet.com-1660062085337-98314&_mchHo=www.ironnet.com&_mchPo=&_mchRu=%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 16:21:25 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: e70330d5-8689-408c-9257-7f0c9ca86d81

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 34ms
9ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: 71679b04fbd29b2c4fe5a7f200ccdc88d666d9b9b9253c4f2878ea06591dac71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 16:21:25 GMT
Content-Encoding: gzip
Age: 490
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 29203
x-tw-cdn: VZ
Last-Modified: Wed, 03 Aug 2022 21:01:21 GMT
Server: ECS (frb/6725)
Etag: "2db8c3ce16d9541818f0d180a9ea89b1+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 304 KB
86 KB 40ms
18ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=dbb8a0e49be7504c73a56a5b070469d1

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3de78afbc2886dbda69e3b0f501c23e89224aaecf42f898cdb70c2719aea56e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Origin: https://www.ironnet.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Ke3FqISIHeilkbIoC7QBXQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 87737
x-fb-rlafr: 0
x-fb-debug: vu0KmuW/FIPdnLK8CUqSStCHDDF5H9r/x1tW0CyrpfXu84NQdM2kgvSTUcA5x1q/Mzl3ObDMJSrDCcr45+3UhQ==
x-fb-content-md5: ab69538670bd2cf31876f1bdef31d7fb
x-frame-options: DENY
date: Tue, 09 Aug 2022 16:21:25 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "211e04423c0dcf504d94304bbc7191c1"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 09 Aug 2023 14:10:23 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 42ms
42ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ironnet.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 08 Aug 2022 11:47:17 GMT
x-content-type-options: nosniff
age: 102848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 08 Aug 2023 11:47:17 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 111ms
37ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.ironnet.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 03 Aug 2022 20:10:25 GMT
x-content-type-options: nosniff
age: 504660
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 03 Aug 2023 20:10:25 GMT

GET
H2 200 IronNet-emotet-graphic.jpg
www.ironnet.com/hs-fs/hubfs/ 43 KB
43 KB 327ms
326ms Image
image/jpeg 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hs-fs/hubfs/IronNet-emotet-graphic.jpg?width=350&name=IronNet-emotet-graphic.jpg
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 914ea15e96aeeec92087c0ebdfaf295fdf2425544e5347078e3be88c70411822

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 a12c29ca3e64ac2015cf4f6c9099b8ce.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74444719186,P-6306975,FLS-ALL
cache-tag: F-74444719186,P-6306975,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 43732
last-modified: Fri, 29 Jul 2022 13:19:59 GMT
server: cloudflare
etag: "0903a6cdca8a041f956b1f8f1174a51e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KqTIH4BcSu%2B6yY2QFi3svNKlsZwsmO244dR8JxOkOcCaoHe0mlxHft6Z7mm14Z2SD4QBGSfPleam4O7tAXag0Dq%2BpfIgKkBw823CI5yAPnK%2BsyeouT5NZ%2FHJyl0T2ndCQ5%2BTBos3j3tp1vpR1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 7381d321fd0b920b-FRA
x-amz-cf-id: Ya-y9ChZ28QXS4HhML0zE3c_gtMjNg_9nJR226ZxhqX8RNMggenOQw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Screen%20Shot%202022-04-29%20at%208.09.00%20PM_edited.png
www.ironnet.com/hs-fs/hubfs/ 23 KB
24 KB 910ms
909ms Image
image/png 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hs-fs/hubfs/Screen%20Shot%202022-04-29%20at%208.09.00%20PM_edited.png?width=770&name=Screen%20Shot%202022-04-29%20at%208.09.00%20PM_edited.png
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 635bfec3e11b4db537b83f9c17682c95ceb8c9680a6ac97af9e70886ecb5af18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
via: 1.1 9349b115ae66d16aae68deb9bb5eebc2.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
edge-cache-tag: F-73341681814,P-6306975,FLS-ALL
cache-tag: F-73341681814,P-6306975,FLS-ALL
x-amz-storage-class: INTELLIGENT_TIERING
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 23975
last-modified: Mon, 08 Aug 2022 12:19:01 GMT
server: cloudflare
etag: "ccf54f065f6cfdc2417a1583eb1f40dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s7Y8ydr7HOGGDJppdOdXXsLr%2BtBL9eg3k8p2azYOg8xjU5lsDxuEr9aKXVH2ZGjKBSL6m9e5ENKhRdrc4%2FOfpzbM9QmfSc9bwHjAfsdYwK%2Bpm4%2Fbu0GTmAbsUypBSALnQJHc6%2ByMS4MlKGmHdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 7381d321fd11920b-FRA
x-amz-cf-id: 1_KI_ynDmL_1-xTXAzEqI1bK5AfzVfaZP7wO8TCcgo3IXFcW6qr--Q==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 Screen%20Shot%202022-04-29%20at%208.12.34%20PM.png
www.ironnet.com/hs-fs/hubfs/ 171 KB
172 KB 360ms
359ms Image
image/png 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hs-fs/hubfs/Screen%20Shot%202022-04-29%20at%208.12.34%20PM.png?width=2514&name=Screen%20Shot%202022-04-29%20at%208.12.34%20PM.png
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42a7d2221743f7092a4a63d59096d7ce57d0653129232b00eef5a2cbc063a33c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1652209896915
date: Tue, 09 Aug 2022 16:21:25 GMT
via: 1.1 8c1cde7cef0a6f5dc839234d2bb2bca4.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-P1
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
cf-ray: 7381d321fd14920b-FRA
edge-cache-tag: F-73241625261,P-6306975,FLS-ALL
cache-tag: F-73241625261,P-6306975,FLS-ALL
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
x-cache: RefreshHit from cloudfront
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
content-length: 175364
last-modified: Tue, 10 May 2022 19:11:38 GMT
server: cloudflare
etag: "cc2f3f2429b8e959e93ffe41aa27bda3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ateZ66XEnoKaL%2Fj8jSvFrh0I7TlxJUNC7QZD0TiuRHT7UNKKMhcywj2wS4KxTTZp815i2iOYkDo6iMjaq9%2F78iroNaPW0JcYoYqlEsSSqtMBlsgg0VGhAEZddGorHPH338o7VmZWC0YZ7nQXtg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: 5hST3boOZ-wHu-bNkzqwD3iwcei6CUQzeYy401-OVDPNc00DRkKdDw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 40 KB
15 KB 124ms
51ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-661486000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15160
x-xss-protection: 0
server: cafe
etag: 9823212955285023900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 09 Aug 2022 16:21:25 GMT

POST
H2 200 landing
pagead2.googlesyndication.com/pagead/ 42 B
548 B 135ms
48ms Ping
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/landing?gcs=G100&gcd=G100&rnd=807936664.1660062085&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&gtm=2oa880&did=dZTQ1Zm&gdid=dZTQ1Zm

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-661486000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Aug 2022 16:21:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 202 KB
72 KB 140ms
59ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CVV8TFTKTV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NC22BNL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

733491e8aad8d12c07c98185a38d289b3cb85e6b0016e72d70709cdfc68d02e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73507
x-xss-protection: 0
expires: Tue, 09 Aug 2022 16:21:25 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 78ms
20ms Script
application/x-javascript 2a02:26f0:11a::6867:4868
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NC22BNL
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:11a::6867:4868 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 662
date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: gzip
last-modified: Wed, 13 Apr 2022 23:25:22 GMT
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=16645
accept-ranges: bytes
content-length: 3085

GET
H2 200 6306975.js Show response
js.hs-banner.com/ 61 KB
16 KB 175ms
142ms Script
text/javascript 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/6306975.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/hs/scriptloader/6306975.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f75f3f8cfa815312005335e83ea70f25adbe9f71fc6a92fc901f4c731dd867e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: CTEWYTC2R5WJ1CPP
x-amz-server-side-encryption: AES256
content-type: text/javascript; charset=UTF-8
access-control-max-age: 604800
x-amz-id-2: 00Y2sL5ehxP0CXtV1f0GHl+WdypJ/niDXK8NenQSG4jya702RiE2Ndyqg64UXdwlGgsKIOXxlVY=
timing-allow-origin: *
last-modified: Wed, 27 Jul 2022 21:45:37 GMT
server: cloudflare
etag: W/"28fb2175735e714376adca0e2a341cb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id: ZnfdCMsFswDvxvLRscYm.LRw3T7MWp0x
access-control-allow-origin: https://www.ironnet.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300, public
access-control-allow-credentials: true
cf-ray: 7381d32348099975-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires: Tue, 09 Aug 2022 16:26:25 GMT

GET
H2 200 6306975.js Show response
js.hs-analytics.net/analytics/1660062000000/ 62 KB
20 KB 562ms
529ms Script
text/javascript 2606:4700::6811:45b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1660062000000/6306975.js
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/hs/scriptloader/6306975.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccb2d8dd6c228906f7964ac7e770c89f98b4355d0fec1d94a5423833245ad69e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: J23VRYE9DM2YZCW0
x-amz-server-side-encryption: AES256
cf-ray: 7381d3234c989c12-FRA
x-amz-id-2: tidAWeJa+puePjfdfAmwy2qRiGFYtCKD7s6WHpxcXhz2C0U7xxGhNqjJU4EtrG6uAi3XG9/Bykw=
last-modified: Tue, 26 Jul 2022 15:05:09 GMT
server: cloudflare
etag: W/"abe3506b6496b1cc456af5305e25d8a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-version-id: null
cache-control: max-age=300, public
access-control-allow-credentials: false
content-type: text/javascript
expires: Tue, 09 Aug 2022 16:26:26 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4082106%2C1357876&time=1660062085610&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&tm=gtmv2
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4082106%252C1357876%26time%3D1660062085610%26url%3Dhttps%253A%252F%252Fwww.ironne...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4082106%2C1357876&time=1660062085610&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&tm=gtmv2&liS...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4082106%2C1357876&time=1660062085610&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&tm=gtmv2&li...

0
264 B

347ms
268ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4082106%2C1357876&time=1660062085610&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&tm=gtmv2&liSync=true&e_ipv6=AQJq-7vd_iLx9AAAAYKDaTQl3z-3xrLSQlU0g64rM2KfUPbYT89VPwfzXCcQgH6U0B7OIB6M
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B2A99E10B82D4EB193F26033F594EA20 Ref B: FRAEDGE1519 Ref C: 2022-08-09T16:21:26Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXl0VL4wIzk1cLgFjC5TQ==
x-li-fabric: prod-lor1

Redirect headers

date: Tue, 09 Aug 2022 16:21:25 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DCC22A4CE1FF474CB712AE7B700E29CD Ref B: VIEEDGE2217 Ref C: 2022-08-09T16:21:26Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4082106%2C1357876&time=1660062085610&url=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&tm=gtmv2&liSync=true&e_ipv6=AQJq-7vd_iLx9AAAAYKDaTQl3z-3xrLSQlU0g64rM2KfUPbYT89VPwfzXCcQgH6U0B7OIB6M
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXl0VLzd9AufPdUhYG2mA==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
347 B 113ms
40ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-CVV8TFTKTV&gtm=2oe880&_p=1997384784&gcs=G100&cid=17324573.1660062086&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1660062085&sct=1&seg=0&dl=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&dt=Detecting%20a%20MUMMY%20SPIDER%20campaign%20and%20Emotet%20infection&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CVV8TFTKTV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Aug 2022 16:21:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.ironnet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
762 B 190ms
172ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=6306975&callback=jsonpHandler

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/hs/hsstatic/HubspotToolsMenu/static-1.138/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode: false
server: cloudflare
x-hubspot-correlation-id: 364459bd-9690-4814-aff8-ee39f981653c
x-trace: 2BBE584EDC24B0D363FA2B13DDED56EE5DCC5A123E000000000000000000
date: Tue, 09 Aug 2022 16:21:26 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
cf-cache-status: DYNAMIC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports?cfRay=7381d3265e96696f&resource=unknown"}]}
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 7381d3265e96696f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Prefll_Form.html Show response
lp.ironnet.com/ Frame CAAD 2 KB
1 KB 434ms
433ms Document
text/html 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.ironnet.com/Prefll_Form.html

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/6306975/hub_generated/template_assets/71927228185/1650933626364/teknkl-library.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c445291a53a3c8869a046e1a9737a65991356571eb8b1081ba908754a4e66c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 7381d326591e5b7a-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 09 Aug 2022 16:21:26 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="CAO CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT"
server: cloudflare
vary: *,Accept-Encoding
x-asset-type: LP
x-content-type-options: nosniff

GET
H/1.1 200
OK widget_iframe.2b1befbea3a1424bb94efd70105dfa52.html Show response
platform.twitter.com/widgets/ Frame 2F79 320 KB
104 KB 10ms
10ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b1befbea3a1424bb94efd70105dfa52.html?origin=https%3A%2F%2Fwww.ironnet.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6794) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 500893
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Tue, 09 Aug 2022 16:21:26 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Wed, 03 Aug 2022 20:59:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6794)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=4
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 share_button.php Show response
www.facebook.com/plugins/ Frame 8145 43 KB
16 KB 168ms
121ms Document
text/html 2a03:2880:f11c:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b7a27c329b7ec%26domain%3Dwww.ironnet.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ironnet.com%252Ffa2dd5ff5d2ca8%26relation%3Dparent.parent&container_width=43&href=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&layout=button&locale=en_US&sdk=joey&size=small

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=dbb8a0e49be7504c73a56a5b070469d1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

78273e86483bb1d4b08d56984cdbfa9c7c8bc97d2fc3113334888481b30993fa

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Tue, 09 Aug 2022 16:21:26 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: dOODCI+TL+v4zInosnnGXVar4L5+pVRxZ4I091vSbObQlXwFthxaRoL+oLaWu6AYYJ9W9Q3+XkDZogCJN2gdyg==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 t.js Show response
vidassets.terminus.services/b42e63ca-e97b-4fe1-8452-5a40f07d4b6d/ 35 KB
11 KB 167ms
48ms Script
application/javascript 52.222.236.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vidassets.terminus.services/b42e63ca-e97b-4fe1-8452-5a40f07d4b6d/t.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NC22BNL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.103 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-103.fra56.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 903
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Thu, 23 Jun 2022 17:58:18 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
via: 1.1 ab23076896ec73a1a830c9cdc49fcac4.cloudfront.net (CloudFront)
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
x-amz-cf-pop: FRA56-P4
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: 1Uy3gNl3vkPNU87r-kEa3eCzFhAYHcQD-XadfsJElJRaH9qvCgN5GQ==

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 2F79 575 B
546 B 511ms
146ms Fetch
application/json 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=170d53dce3744c3c03c71f75baae0549bb64381d

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b1befbea3a1424bb94efd70105dfa52.html?origin=https%3A%2F%2Fwww.ironnet.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

bc1680464cd20e184c16ed9bc6b0281aa6d6dc279ed4e6256df4ab6cd16ab8a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-response-time: 105
date: Tue, 09 Aug 2022 16:21:25 GMT
content-encoding: gzip
last-modified: Tue, 09 Aug 2022 16:21:26 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: e1a20144658e3b1c160af5567d423b9a7acbb104a29ec50756e3098aa5bddc6c
content-length: 265

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
265 B 258ms
64ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=id17evj&ttd_tpi=1&ttd_puid=b42e63ca-e97b-4fe1-8452-5a40f07d4b6d|9fa6a9f5-3284-4ffe-9b82-6d5d4bf477b8
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 09 Aug 2022 16:21:26 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 t.gif
wec-assets.terminus.services/b42e63ca-e97b-4fe1-8452-5a40f07d4b6d/ 43 B
297 B 541ms
413ms Image
image/gif 18.66.122.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wec-assets.terminus.services/b42e63ca-e97b-4fe1-8452-5a40f07d4b6d/t.gif?d=9fa6a9f5-3284-4ffe-9b82-6d5d4bf477b8&s=c0ae77df-572f-4a7e-a8a2-55624a9d9016&p=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&cb=1660062086361&t=Detecting%20a%20MUMMY%20SPIDER%20campaign%20and%20Emotet%20infection&r=&e=page_viewed&u=ad9e458f-d6a5-4b5f-9c1e-0691b3fa46dc-1660062086361

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.122.60 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-122-60.fra60.r.cloudfront.net

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
via: 1.1 a4233498d2bd44dbd411d60d86f8334e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P2
strict-transport-security: max-age=31536000
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: 0Uf5WOQ8bywPcgMk312hpWMj1DqykJsLL_NYcvz8qTTWN4X1pBvrBg==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 204ms
58ms Script
application/x-javascript 13.32.13.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NC22BNL
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.13.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-13-117.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 07:27:02 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 32065
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 2acbf12c17a7f7f2ed99463cb4024586.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: VIE50-C2
X-Amz-Cf-Id: Gex9ZPl11lAxDGMbYH5eJF11KWPYG54uSNA65A5odzYI83JhGNYl5g==

GET
H2 200 GzgedhmzSQa.png
static.xx.fbcdn.net/rsrc.php/v3/yn/r/ Frame 8145 272 B
696 B 208ms
61ms Image
image/png 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yn/r/GzgedhmzSQa.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3b7a27c329b7ec%26domain%3Dwww.ironnet.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ironnet.com%252Ffa2dd5ff5d2ca8%26relation%3Dparent.parent&container_width=43&href=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&layout=button&locale=en_US&sdk=joey&size=small

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
x-content-type-options: nosniff
content-md5: lIjeC3eJAboxVqIOEs/Auw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 272
x-fb-rlafr: 0
x-fb-debug: 1nlGSA8GFwYVmd5b0Jqaeq8VjYHV0ojnP10nfJK2blulHrVK4umRp7FEBswx1ey3bS5yrYB+W9ME+JL4DcJ4sw==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Sat, 05 Aug 2023 02:02:40 GMT

GET
H2 200 cS8skx2GDlY.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yT/l/en_US/ Frame 8145 533 KB
139 KB 202ms
61ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yT/l/en_US/cS8skx2GDlY.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 Vienna, Austria, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a5e67cdd4efcb6057b3819a8efc89cde68f1e3a4d3a2efd7e812b0771211989c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: VsuFn3ZI5j2iTMAhAxel5g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 142050
x-fb-rlafr: 0
x-fb-debug: DzngbSzJOKQa6UjTbZtY2p6HxdqU+SWzMrz3ylVlQZ8I9HF+ej+KjA2Zv7clzCou4Mh0gDXWQq3i592eKjoGBg==
x-fb-trip-id: 2050670934
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Fri, 04 Aug 2023 21:37:45 GMT

GET
DATA 200
OK truncated Show response
/ Frame E5F1 2 KB
2 KB Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52cf06797c66d59d2428883cb27b5b083eed8b73ff8e0e11af86ee162e11ad2c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Type: text/html;charset=UTF-8

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 846 B
1 KB 223ms
73ms Image
image/png 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:10:12 GMT
x-content-type-options: nosniff
age: 674
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 846
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 09 Aug 2023 16:10:12 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1023 B 224ms
74ms Image
image/png 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 12:47:02 GMT
x-content-type-options: nosniff
age: 12864
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 910
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 09 Aug 2023 12:47:02 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 220ms
74ms Image
image/png 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://translate.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 15:17:23 GMT
x-content-type-options: nosniff
age: 3843
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1842
x-xss-protection: 0
last-modified: Thu, 14 Oct 2021 09:08:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 09 Aug 2023 15:17:23 GMT

GET
H2 200 teknkl-library.min.js Show response
cdn2.hubspot.net/hub/6306975/hub_generated/template_assets/71927228185/1650933626364/ Frame CAAD 2 KB
1 KB 69ms
68ms Script
application/javascript 2606:4700::6811:f1cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/6306975/hub_generated/template_assets/71927228185/1650933626364/teknkl-library.min.js
Requested by: Host: lp.ironnet.com
URL: https://lp.ironnet.com/Prefll_Form.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:f1cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c7487b93bfb86015257f8c7ee9b5557cda0825c07f96617315150138b6adb42

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lp.ironnet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis: 1650933626611
date: Tue, 09 Aug 2022 16:21:26 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 763060
x-hs-alternate-content-type: text/plain
x-amz-server-side-encryption: AES256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2FzFvXq2O7bMrKCIhXE530yArEP6c1QORsjtBtx0%2FptYaAQkzgtoio9cRCRwIi0oJaJfg5Hvs%2BF6WBKqTtA49mdwwFWfcWTkMA230W%2BHNaSaE5VCHR8yu4VOKNUWS2IlAZ2Kd3mYWg01XcrrbM0%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
last-modified: Tue, 26 Apr 2022 00:40:27 GMT
server: cloudflare
etag: W/"5d67051d35b3290a7db0af29cc3c496c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop: IAD89-P1
cf-ray: 7381d3291ef99b92-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 stripmkttok.js Show response
lp.ironnet.com/js/ Frame CAAD 2 KB
815 B 167ms
167ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.ironnet.com/js/stripmkttok.js

Requested by

Host: lp.ironnet.com
URL: https://lp.ironnet.com/Prefll_Form.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7545b96ed2740220c349ae9deb614faf1f0f211d4cf710788e0790f74cc9715

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lp.ironnet.com/Prefll_Form.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Tue, 14 Jun 2022 21:04:07 GMT
server: cloudflare
etag: "2282324-602-5e16ebec83fc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7381d3291c0b5b7a-FRA
content-length: 678
expires: Tue, 09 Aug 2022 20:21:26 GMT

GET
H/1.1 200
OK button.fed83577e235944f1c02f314fdfd94dd.js Show response
platform.twitter.com/js/ 7 KB
3 KB 42ms
42ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.fed83577e235944f1c02f314fdfd94dd.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: dd73aaa40aaa3f68485ce0099ab91f2db304523f542b95da68397340d58d5c4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 16:21:26 GMT
Content-Encoding: gzip
Age: 500896
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Content-Length: 2359
x-tw-cdn: VZ
Last-Modified: Wed, 03 Aug 2022 20:59:06 GMT
Server: ECS (frb/6725)
Etag: "c1233079fb145bc77c712143fa5dcd65+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000

GET
H/1.1 200
OK tweet_button.2b1befbea3a1424bb94efd70105dfa52.en.html Show response
platform.twitter.com/widgets/ Frame E988 37 KB
14 KB 40ms
39ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b1befbea3a1424bb94efd70105dfa52.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6725) /
Resource Hash: 4b9ff99e15d41fd8c922c4e2a64694803ffff8eb112b5515e7977f0d57b71d24

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 500894
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13674
Content-Type: text/html; charset=utf-8
Date: Tue, 09 Aug 2022 16:21:26 GMT
Etag: "89c9e62200af53fd09664245d4ebf950+gzip"
Last-Modified: Wed, 03 Aug 2022 20:59:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6725)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 jot
syndication.twitter.com/i/ 43 B
357 B 123ms
122ms Image
image/gif 104.244.42.136
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22IronNetCyber%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1660062086787%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22b7df0f50e1ec1%3A1659558317797%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=170d53dce3744c3c03c71f75baae0549bb64381d

Requested by

Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.136 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Tue, 09 Aug 2022 16:21:26 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: e1a20144658e3b1c160af5567d423b9a7acbb104a29ec50756e3098aa5bddc6c
x-transaction: a94df89a4dbb0b82
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame E988 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/wX6rSUG6pPb1PMPx/ Frame 2376 3 KB
2 KB 362ms
129ms Document
text/html 54.156.137.3
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/wX6rSUG6pPb1PMPx/messenger?uuid=7fe5a14c-77c5-41d3-87c3-ff0c1f62f0af

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=wX6rSUG6pPb1PMPx

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.156.137.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-137-3.compute-1.amazonaws.com

Software

nginx /

Resource Hash

112654e44bc554327099d35aa5aa3a8acb30b20cf630dcf4e4514ed5e7416df5

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Length: 1225
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Tue, 09 Aug 2022 16:21:27 GMT
Etag: W/"112654e44bc554327099d35aa5aa3a8a"
Link: <https://assets.qualified.com/packs/css/2-2294d5f9.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-db0aac4f.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (ec8e39011293)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 2bd07553-8c93-11ce-85be-24317cbf0978
X-Runtime: 0.025275
X-Xss-Protection: 1; mode=block

GET
H2 200 2-2294d5f9.chunk.css
assets.qualified.com/packs/css/ Frame 2376 36 KB
7 KB 48ms
37ms Stylesheet
text/css 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/2-2294d5f9.chunk.css
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d51672bf626e0ecfd640111434d91d284e6ab6e86dca8f036764c6a1531acd6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1048
x-amz-request-id: F7T6YY8BPS8QYHPK
x-amz-id-2: MwGlr4VMLnu6q9wuF0SXyKfZa7lzYQE92rY88NxxVChMEVQ3cllhyI/onpZ7+8sVugGuwBZDGTs=
last-modified: Tue, 21 Jun 2022 21:59:02 GMT
server: cloudflare
etag: W/"3427aee848db4851a1415592dd32b349"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
x-amz-version-id: RxBLUUDUkl_XkKUsDlN7psnEjINNBmjU
cf-ray: 7381d32d7ed39b70-FRA
expires: Tue, 09 Aug 2022 20:21:27 GMT

GET
H2 200 messenger-db0aac4f.chunk.css
assets.qualified.com/packs/css/widget/sandboxed/ Frame 2376 5 KB
1 KB 48ms
38ms Stylesheet
text/css 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-db0aac4f.chunk.css
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ccfdfabc7b73e52243d66188306a7c01551ee7bd91673d3817343421876e4ed3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6708
x-amz-request-id: F7T3KAW6T7FH8AM2
x-amz-id-2: ggbaAjc0I/KQ58yaXSo6SdfRw2W+3IZKAcklgMKWnHizGKlKh97PR5alVaDh8cXODTOfn8V+tYo=
last-modified: Tue, 21 Jun 2022 21:59:03 GMT
server: cloudflare
etag: W/"8ca79772395d002f45d486899015216d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
x-amz-version-id: dd9TQgIpoCQ51hWdVTdjOVf2E3XDbAsO
cf-ray: 7381d32d7ed59b70-FRA
expires: Tue, 09 Aug 2022 20:21:27 GMT

GET
H2 200 messenger~runtime-dafe21483d2a4a7bd206.js Show response
assets.qualified.com/packs/js/widget/sandboxed/ Frame 2376 1 KB
971 B 41ms
38ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-dafe21483d2a4a7bd206.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/wX6rSUG6pPb1PMPx/messenger?uuid=7fe5a14c-77c5-41d3-87c3-ff0c1f62f0af
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0836e0ca85c352993c12e75d531b1394a2be0b679828a749c1922b9f66032a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 5062
x-amz-request-id: F7T8FT9AHSSRR9ZR
x-amz-id-2: uf6+Z3/98dYjvp7w4IypdRtNFbiqFYtwM1zcU8SZ8IQAN+etAuZbgwri7mqHljgcueqVcaCnBY8=
last-modified: Tue, 21 Jun 2022 21:58:44 GMT
server: cloudflare
etag: W/"706686ff419d52d21724ccb3f65e4736"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
x-amz-version-id: 6KrL6nVIHVgM9kQTC8DGLBDDlXko5dCf
cf-ray: 7381d32d7ed79b70-FRA
expires: Tue, 09 Aug 2022 20:21:27 GMT

GET
H2 200 2-461781d7f31c0c43d163.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/ Frame 2376 3 MB
721 KB 47ms
44ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/2-461781d7f31c0c43d163.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/wX6rSUG6pPb1PMPx/messenger?uuid=7fe5a14c-77c5-41d3-87c3-ff0c1f62f0af
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67961956e6bb6a85e1571649c8004b00c4616b4d12fc4974d010103fe28494e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 329
x-amz-request-id: 636C3HDQYSH30THK
x-amz-id-2: Letw2hhWKuHOhtJa8LDU47p2DN7zkX924687cew7r+k60cFvwheQ/4JGn/83Q+mJqOcK/+OWIBc=
last-modified: Tue, 09 Aug 2022 02:11:35 GMT
server: cloudflare
etag: W/"e354f2c67dd85f826335e2fc3a9fc004"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
x-amz-version-id: Q5eSKNn.6UgNQpw2C.f1v95VYdIrBJWI
cf-ray: 7381d32d7eda9b70-FRA
expires: Tue, 09 Aug 2022 20:21:27 GMT

GET
H2 200 messenger-8f283074ec339dd1daa5.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame 2376 722 KB
184 KB 47ms
46ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-8f283074ec339dd1daa5.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/wX6rSUG6pPb1PMPx/messenger?uuid=7fe5a14c-77c5-41d3-87c3-ff0c1f62f0af
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e326b3163995169c1b9fd5dc2538f38cfbcc6dc994835677e3870d823c62e91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:27 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 1849
x-amz-request-id: 5NRC3HCJ5JW5P016
x-amz-id-2: gj2imPPNQOpPDTPca5JJCz9Z/CTuA5XIXDHjTXujYcE682VIsAWp1toYHFL+4gxxQx/viFtoyBc=
last-modified: Tue, 09 Aug 2022 03:45:07 GMT
server: cloudflare
etag: W/"7c2c1fb1557262087ec3f727ed336c06"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
x-amz-version-id: S8XN72cLO9BXvIFflFSlrW2G5_qoXAiB
cf-ray: 7381d32dbf2e9b70-FRA
expires: Tue, 09 Aug 2022 20:21:27 GMT

GET
H2 200 Inter-Regular-cd3c302ecefb19f92003ef258645c37c.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 2376 115 KB
115 KB 44ms
17ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-cd3c302ecefb19f92003ef258645c37c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/wX6rSUG6pPb1PMPx/messenger?uuid=7fe5a14c-77c5-41d3-87c3-ff0c1f62f0af
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf1ffcb96984568b22f7a9029dd980abb5a4a47700f588a16b8ace0f7412977e

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:27 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 4206279
content-length: 117248
x-amz-request-id: 0JNPK3EPVWZ4BMHV
x-amz-id-2: CreMkz8+xS2VrQHnK276N3sXzJwDbs8JptZDGrphiYREQjAw6zlOGnkTGWIK56VjOXhZGroSWes=
last-modified: Tue, 21 Jun 2022 21:59:09 GMT
server: cloudflare
etag: "2ddfbbfd61fa41d24078763e3740d72f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-amz-version-id: HiAc8BRSgXQaTJStL3sFNz2gMEW3a_fM
accept-ranges: bytes
cf-ray: 7381d32d993f5c3e-FRA
expires: Wed, 09 Aug 2023 22:21:27 GMT

GET
H2 200 Inter-SemiBold-c1b3bf01f912184899dbb6fbb4029910.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 2376 123 KB
123 KB 58ms
32ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-c1b3bf01f912184899dbb6fbb4029910.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/wX6rSUG6pPb1PMPx/messenger?uuid=7fe5a14c-77c5-41d3-87c3-ff0c1f62f0af
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41e5c059963bd8f9bc4097f78535c3d722f4d73e75c46b2df5cc74bf864af150

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:27 GMT
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status: HIT
age: 4206279
content-length: 125644
x-amz-request-id: 0JNWSNWVGPYB1R2W
x-amz-id-2: /9MskhvPidMOijAItqiKTWeh4Mk2r4kYUElSD0mBb0VNGBXQok18n9UCjGCxcMbWdDOr5jMLK6k=
last-modified: Tue, 21 Jun 2022 21:59:09 GMT
server: cloudflare
etag: "fa8b08c22a80fb7a4a31bcbb3898e719"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31557600
x-amz-version-id: N1_fZOTf8w1whUurfXJA3MI8Rv4M1CD5
accept-ranges: bytes
cf-ray: 7381d32d99415c3e-FRA
expires: Wed, 09 Aug 2023 22:21:27 GMT

OPTIONS
H2 200 domain-collection
js.hs-banner.com/cookie-banner-public/v1/ Frame 0
0 149ms
117ms Preflight
application/octet-stream 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/domain-collection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.ironnet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.ironnet.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7381d32fd8466997-FRA
content-length: 0
content-type: application/octet-stream
date: Tue, 09 Aug 2022 16:21:27 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
timing-allow-origin: *

OPTIONS
H2 200 view
js.hs-banner.com/cookie-banner-public/v1/activity/ Frame 0
0 147ms
117ms Preflight
application/octet-stream 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.ironnet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.ironnet.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 7381d32fd8496997-FRA
content-length: 0
content-type: application/octet-stream
date: Tue, 09 Aug 2022 16:21:27 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
timing-allow-origin: *

POST
H2 204 domain-collection Show response
js.hs-banner.com/cookie-banner-public/v1/ 0
137 B 128ms
127ms XHR
text/plain 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/domain-collection
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/6306975.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

timing-allow-origin: *
date: Tue, 09 Aug 2022 16:21:27 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: 18586b2e-e0bb-489e-b7f2-9bae1ddbc5bb
x-trace: 2B0AC2986CF634CF15542B7957BAE4F1E29CAB115B000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.ironnet.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 7381d33099776997-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id

POST
H2 204 view Show response
js.hs-banner.com/cookie-banner-public/v1/activity/ 0
114 B 178ms
177ms XHR
text/plain 2606:4700:4400::ac40:9a55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/cookie-banner-public/v1/activity/view
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/6306975.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

timing-allow-origin: *
date: Tue, 09 Aug 2022 16:21:27 GMT
cf-cache-status: DYNAMIC
server: cloudflare
x-hubspot-correlation-id: dd5b623a-dc09-49cf-86af-225ccf032821
x-trace: 2BD2BC2075C135480707AE3F23A171EFE4DBFD9251000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.ironnet.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials: true
cf-ray: 7381d33099766997-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
526 B 137ms
136ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=51757497&v=1.1&a=6306975&pi=73137754657&ct=blog-post&ccu=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&cpi=73137754657&cgi=12313847636&lpi=73137754657&lvi=73137754657&lvc=en&pu=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&t=Detecting+a+MUMMY+SPIDER+campaign+and+Emotet+infection&cts=1660062087626&vi=759cb887b006e2935303516f2f50000a&nc=true&ce=false&pt=1&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 16:21:27 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 7a7deaa4-e417-4048-9aa1-2d8562472700
cf-ray: 7381d32fac16696f-FRA
p3p: CP="NOI CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A%2Btc7yx6vlS%2BrSYicacJ2NFxiM4v1LZFZSEIMb3ah7e8KiAUMk5GkPhUyumLYl3d3JVxLL94Sdfkgo2tDCrKRRpPNTbsBtgLQDMyIb%2BWmzWtKtCl5jG%2B2IePiGSRtAb1FzTBuzVgTtXU%2B31gePwD"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
x-robots-tag: none

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 23B2 0
181 B 39ms
33ms Document
text/html 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=zv8jv9y&ref=https%3A%2F%2Fwww.ironnet.com%2Fblog%2Fdetecting-a-mummyspider-campaign-and-emotet-infection&upid=kpfi814&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Tue, 09 Aug 2022 16:21:27 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 IronNet-Case%20Study-NBH%20Bank.png
www.ironnet.com/hubfs/ 197 KB
198 KB 662ms
662ms Image
image/png 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hubfs/IronNet-Case%20Study-NBH%20Bank.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00cda5929c27fb999c19eb21cf135ccb0f6e8eabcf474959ec06b77e35638485

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-67739075195,P-6306975,FLS-ALL
x-amz-request-id: WE3XVYY9Z2DKXH9X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-67739075195,P-6306975,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "6540e3923d961dc1b0dc79ff7ef90864"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1646407599878
date: Tue, 09 Aug 2022 16:21:28 GMT
via: 1.1 7a3193ebce69450274ae629ce856b09c.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA2-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-67739075195,P-6306975,FLS-ALL
x-amz-meta-index-tag: all
content-length: 201594
x-amz-id-2: nwSSPv3lr/jkCUVS8yhX8mudCVnvFMng5HGf+yp+H6wCFjk1JWqZT2BU7qiXpiGfgHtVPoNx7qo=
last-modified: Fri, 04 Mar 2022 15:26:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZZLpdQb%2B5rjuXl9BFA499HMVHhcBxgBbc7wuMMN%2BVRWHA4n4Iu227omaGttmvKQVIyc3wxGyRiT9XPFaelhenUFIrDsMc3gvKZvasmWjLWgi4mYz%2BB%2Btfa2Bo968j9rOyIdOvULdEROabPlrWw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: XPg7sj3WOyNoBwrsHsVDP9ZOpJHxNdVq
accept-ranges: bytes
cf-ray: 7381d32ffcf9920b-FRA
x-amz-cf-id: nKB5XhhZJljGDLUmdUyl5NyO_xMVY0jW_QCuxNUMcZ-D7YVwMs9wJQ==

GET
H2 200 A%20practical%20way%20to%20rule%20out%20false%20positives-WP%20Graphic.png
www.ironnet.com/hubfs/ 38 KB
39 KB 35ms
35ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hubfs/A%20practical%20way%20to%20rule%20out%20false%20positives-WP%20Graphic.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bacaacf0e22df5efda4340986d5a7957927a33b4658217dfd49eaa688fce358

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-67489053814,P-6306975,FLS-ALL
age: 8173
x-amz-server-side-encryption: AES256
edge-cache-tag: F-67489053814,P-6306975,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="A%20practical%20way%20to%20rule%20out%20false%20positives-WP%20Graphic.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: N5RFC1DM71X967MD
cf-bgj: imgq:85,h2pri
etag: "bbdbd6766c1b3bb740d90626c789b3fb"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1646168923399
date: Tue, 09 Aug 2022 16:21:27 GMT
via: 1.1 f47fcc9b2aa47ced36c40c318e6f006a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: DUS51-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=74308
x-cache: RefreshHit from cloudfront
cache-tag: F-67489053814,P-6306975,FLS-ALL
x-amz-meta-index-tag: all
content-length: 38638
x-amz-id-2: ABPB+0Ek5kgflVn5hNnI+s1qmgWhhdHNROSvZUV2u/PsSKyo6+XBNVwj7Sbz7kGjhtWhtIW0ZjU=
last-modified: Tue, 01 Mar 2022 21:08:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A2UahZQxKb5SAchS4A9P7BrMIqNtviIwHEIA33aBBTe%2BSApWjp2764w3w3ptwbdAt6BILLaTT84fbQg1etkEGQB8%2FMFYfHg%2BVir5Z%2BB8Wf2Ss7GbMCqObFOpXfxzYrjlIj3PfFkPikBcEPQlHg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: xDY6Mcup_wFlF2BW8rStVAZX3RSZNPpK
accept-ranges: bytes
cf-ray: 7381d32ffcfa920b-FRA
x-amz-cf-id: saEIHWSF3c5eYZ077WD-mEehr9LCf2oD2xzmbtzFxMjisqoPJp6XvQ==

GET
H2 200 Utility-ecosystem-NDR-Collective-Defense-Thumbnail.png
www.ironnet.com/hubfs/ 128 KB
129 KB 861ms
861ms Image
image/png 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hubfs/Utility-ecosystem-NDR-Collective-Defense-Thumbnail.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55c990ef7df20971f7f1e1a27c02c6c7c552ab7d9956f3b0043372f3b168b0f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-75308852822,P-6306975,FLS-ALL
x-amz-request-id: WE3YRT5JZHZ9TQJK
x-amz-server-side-encryption: AES256
edge-cache-tag: F-75308852822,P-6306975,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "534819cff30bd99472ad6a7c250a1c79"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1654276428424
date: Tue, 09 Aug 2022 16:21:28 GMT
via: 1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA2-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-75308852822,P-6306975,FLS-ALL
x-amz-meta-index-tag: all
content-length: 130887
x-amz-id-2: Eovwgxwtr9R+do83Zd3fBqU8Eegw3feIa+4vlrUl22kib9syleiptE4v1BSWdno1IlNVgCojkYY=
last-modified: Fri, 03 Jun 2022 17:13:49 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lULjehFxYup5lkpvVUwrvyo8sBXdSQwugVblhmk0sOiVrEn5e90Gx2Xo4ZwguIPgeY3ziw0zk9H7h4YqEpfrBpH4RLJQQi82IFD2ZqdqUCj2IynkqwbSjRrJfGOhHnX5haS%2F8FuuPYxHL8Ncvw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: LJGSGrLxfXffn5Df.F3CWx0YEPlKfejw
accept-ranges: bytes
cf-ray: 7381d32ffcfb920b-FRA
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: XicNDZADldqtiBxTrWiIa3jnR5SOG_OweQXeTPW4EacWQYmM2vd0Rw==

GET
H2 200 IronNet-Threat-Intel-Brief-2022-Thumbnail.png
www.ironnet.com/hubfs/ 79 KB
80 KB 598ms
598ms Image
image/png 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hubfs/IronNet-Threat-Intel-Brief-2022-Thumbnail.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64f2936c1338c4ba2a3b2aee33dce49330b4c9ef71cb4498dea3a6dccd5162b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-75307307431,P-6306975,FLS-ALL
x-amz-request-id: 00QRE376SQEJZGH3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-75307307431,P-6306975,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
etag: "3c95608f1c290b16a9df6c4fdf66fc70"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1654276077237
date: Tue, 09 Aug 2022 16:21:28 GMT
via: 1.1 7a18a0a1d9929dae345690b88b08dd5e.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA2-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-75307307431,P-6306975,FLS-ALL
x-amz-meta-index-tag: all
content-length: 81123
x-amz-id-2: OtYdJPy+684YTkI9lw+CTQI2s3F9S5jT6bUL+d2IySeBEmgHxWKIc7FaOyE2AL8EtfgjeT63Tvk=
last-modified: Fri, 03 Jun 2022 17:07:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvWJdidg7PfYHlh7NpmeiYov1tASXAopWQVWQYfrJIpuwR6oso5jP7dfdFtUj8N87KcM12VZ1Uck5CrI%2FOVRJmNHiXKoP%2FlhAw%2BVWlzhL4%2BDhltN6wjuvUWeMXrlPMoj3nEiSeYW3h53FVH0%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: fKfrDmxcWjcCymJ_KF.kA9m4aIAuPub7
accept-ranges: bytes
cf-ray: 7381d330ddd6920b-FRA
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: 83EqtO0hcRAkbeEhTfIrBv9hISvx77uPBpUKSFREPe5g2UH-dNPk3w==

GET
H/1.1 200
OK a170f5a6904afd939cd423e826b642bbd1bbfa34176a6cb02bddde8339e4f6af.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 2376 13 KB
13 KB 449ms
116ms Image
image/png 3.5.21.167
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/a170f5a6904afd939cd423e826b642bbd1bbfa34176a6cb02bddde8339e4f6af.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.21.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b677c896141ff9ee627e09e2d2e45ffce135d2f5df97b77b0ada5c2b18f0fe1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 16:21:31 GMT
Last-Modified: Fri, 08 Apr 2022 14:45:01 GMT
Server: AmazonS3
x-amz-request-id: H4XF79H5MWNQK2TA
ETag: "b461df2fc7272d934aa9a790462d674b"
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 13266
x-amz-id-2: O9ss6Wy3MBYTJEVfGACLvP0Lju+DZMmLSqgtm3a5W8cDypt3S/TRI4YJF2ByrS2vqalPb5iunq7HvxaWnzg22g==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/a170f5a6904afd939cd423e826b642bbd1bbfa34176a6cb02bddde8339e4f6af.png
Requested by: Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-8f283074ec339dd1daa5.chunk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.21.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b677c896141ff9ee627e09e2d2e45ffce135d2f5df97b77b0ada5c2b18f0fe1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 16:21:31 GMT
Last-Modified: Fri, 08 Apr 2022 14:45:01 GMT
Server: AmazonS3
x-amz-request-id: H4XE5AXSMCCRRHP3
ETag: "b461df2fc7272d934aa9a790462d674b"
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 13266
x-amz-id-2: fn8XRdYsOPUbJVocWQ2lrQkfGGUkLVQF4TKG2O4aN/sIhCbxI4/FdSYZWXhzmtJlMYTe3EIdjUpG5Xxhsp7pWg==

GET
H2 200 New%20IronNet%20Primary%20Logo_web_600px.png
www.ironnet.com/hubfs/ Frame 2376 6 KB
7 KB 33ms
33ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hubfs/New%20IronNet%20Primary%20Logo_web_600px.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f84fd00496c19209452d59d2747f8c195db51dd3d9b54273dfe2cd9cf1c3ba18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-73932634286,P-6306975,FLS-ALL
age: 119049
x-amz-server-side-encryption: AES256
edge-cache-tag: F-73932634286,P-6306975,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="New%20IronNet%20Primary%20Logo_web_600px.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: BXT1MJZE3ZSYAQK0
cf-bgj: imgq:85,h2pri
etag: "80d7221396f1bc867f93a5912cedd0e9"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1652908574689
date: Tue, 09 Aug 2022 16:21:30 GMT
via: 1.1 bdb48db5b688ca8c8dee7661b221599a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: TXL50-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=16145
x-cache: RefreshHit from cloudfront
cache-tag: F-73932634286,P-6306975,FLS-ALL
x-amz-meta-index-tag: all
content-length: 6398
x-amz-id-2: UeT4cg8+KyzSwQvcdRSS1UfeGR9m4IdiQCLsvODmwsAdiYzps6GdeZBqM6dCunEcR6gEiYv5oJ4=
last-modified: Wed, 18 May 2022 21:16:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EBI6JR%2FwiAKoy7k6HUcKfTJO070B2FjYKLmnpYFiKtb4G0VNXOJdosloRQTv%2B%2FWcro8sGYRpHeeyqdM5ffbUd%2BV68QKz7HjvzQs7KgWPf9G82pBZJuikOXgO2vWD20cnl9oKYqYOSaOlIZ%2Fmw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: wprzcdai236GhCYZZcd0NIf9Qg3_0vNf
accept-ranges: bytes
cf-ray: 7381d3407ff3920b-FRA
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: e_rB-nnnbyWkiR-KHGL2YwOFrQ_tpFmXR0AmHMhObGh5G_4u3DAbvw==

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/a170f5a6904afd939cd423e826b642bbd1bbfa34176a6cb02bddde8339e4f6af.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.21.167 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3.us-east-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b677c896141ff9ee627e09e2d2e45ffce135d2f5df97b77b0ada5c2b18f0fe1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 09 Aug 2022 16:21:31 GMT
Last-Modified: Fri, 08 Apr 2022 14:45:01 GMT
Server: AmazonS3
x-amz-request-id: H4XAX1QJE5EYKC3Z
ETag: "b461df2fc7272d934aa9a790462d674b"
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 13266
x-amz-id-2: AjpIeXsTushPcBr9p1MQv0mDB9Dc/S1KfschtsMrJHloB6MNhtrdf8/c4Gmf/xeB7yVWsMFdi0VFp3FFFFKI0Q==

POST
H2 200 perf Show response
www.ironnet.com/_hcms/ 2 B
459 B 142ms
142ms XHR
text/plain 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.ironnet.com/_hcms/perf
Requested by: Host: www.ironnet.com
URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-type: application/json

Response headers

cf-ray: 7381d34269f3920b-FRA
date: Tue, 09 Aug 2022 16:21:30 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-hubspot-correlation-id: 91f34389-b9bb-430c-94f6-eb89ba518833
x-trace: 2B3D0F43AE6BD8A6439AF3319E1C149982568DF7F3000000000000000000
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fna1Kup387nXJIV0Ah27tq626jychw8Ez7Neo%2B52AqwGESegnG43l4nvkZfsYXc%2FSAL%2FRk80dsSZovr2fNV5e7GJ%2FVk%2BL2R1cDGvGDK907GGuHPyzJAf01uKL0ihwAgMHt4AoEzSAXpo1y0uTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-credentials: false
x-robots-tag: none
content-length: 2

GET
H2 200 New%20IronNet%20Primary%20Logo_web_600px.png
www.ironnet.com/hubfs/ Frame 2376 6 KB
7 KB 32ms
32ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ironnet.com/hubfs/New%20IronNet%20Primary%20Logo_web_600px.png
Requested by: Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/2-461781d7f31c0c43d163.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f84fd00496c19209452d59d2747f8c195db51dd3d9b54273dfe2cd9cf1c3ba18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-73932634286,P-6306975,FLS-ALL
age: 119050
x-amz-server-side-encryption: AES256
edge-cache-tag: F-73932634286,P-6306975,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="New%20IronNet%20Primary%20Logo_web_600px.webp"
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
x-amz-request-id: BXT1MJZE3ZSYAQK0
cf-bgj: imgq:85,h2pri
etag: "80d7221396f1bc867f93a5912cedd0e9"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15
x-amz-meta-created-unix-time-millis: 1652908574689
date: Tue, 09 Aug 2022 16:21:31 GMT
via: 1.1 bdb48db5b688ca8c8dee7661b221599a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: TXL50-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=16145
x-cache: RefreshHit from cloudfront
cache-tag: F-73932634286,P-6306975,FLS-ALL
x-amz-meta-index-tag: all
content-length: 6398
x-amz-id-2: UeT4cg8+KyzSwQvcdRSS1UfeGR9m4IdiQCLsvODmwsAdiYzps6GdeZBqM6dCunEcR6gEiYv5oJ4=
last-modified: Wed, 18 May 2022 21:16:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kScT3fDT34%2BQ%2FSVga0QHYZBxR15tro1HcHulGYUy0O1JbMOiOEJ1oVWP6ZkwiSmtBoH1mm%2F9qnnWdiLalQrJyegCqTB7wXwkNAuAVRf40DrSoRqBPwBmXNToD3HN%2B%2FfIgNRv030L%2FSU%2FAfy35Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: wprzcdai236GhCYZZcd0NIf9Qg3_0vNf
accept-ranges: bytes
cf-ray: 7381d3481ffb920b-FRA
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-cf-id: e_rB-nnnbyWkiR-KHGL2YwOFrQ_tpFmXR0AmHMhObGh5G_4u3DAbvw==

GET
H/1.1 206
Partial Content 7bfc614b2b8cf39efbfb3b15da61c94a.mp3
app.qualified.com/packs/ 6 KB
6 KB 102ms
101ms Media
audio/mpeg 54.156.137.3
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qualified.com/packs/7bfc614b2b8cf39efbfb3b15da61c94a.mp3
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.156.137.3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-137-3.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3814cdd9f44b721f9c1cb111462e040b4a885d07cb143ee37b680d871cbfa94e

Request headers

Referer: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 09 Aug 2022 16:21:31 GMT
Via: 1.1 spaces-router (ec8e39011293)
Last-Modified: Tue, 09 Aug 2022 03:24:43 GMT
Server: nginx
Content-Type: audio/mpeg
Content-Range: bytes 0-5869/5870
Cache-Control: max-age=315360000, public
Content-Length: 5870
Expires: Thu, 31 Dec 2037 23:55:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sensor.highdegree.io
URL: https://sensor.highdegree.io/scripts/dd.js?customerId=ironnet-00001&siteName=ironnet.com&debug=true

Verdicts & Comments Add Verdict or Comment

154 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.ironnet.com/	1969-12-31 23:59:59	Name: __cfruid Value: 1c3b2f5dd3cc04256e938603a03e852de3638e3a-1660062084
.www.ironnet.com/	1970-01-20 05:07:43	Name: __cf_bm Value: _gBB9aMwCtbkavrFrO3kC9SNbc5TDhqChgDVtT2leoA-1660062084-0-ARv0PrYn/bCd4NRLoW862omzRQIkttlZmGd/RhjoQMkL6iVM8qzS78uCynoaJKOM/RuvDpcArQhepY42lQqG51o=
.lp.ironnet.com/	1970-01-20 05:07:43	Name: __cf_bm Value: n5F_rSU._XBHfASzr85yJ94uUuq7Mm25vUb7zBLw8tk-1660062085-0-AQLxeUNUXnE5Qm39J7lAcKVhUY/OJIdAMsMvJdKjmIKBLnexi1xrT5KASFn+gdiZF8m++li63lOFeJZuuSmN40A=
.ironnet.com/	1970-01-20 14:43:42	Name: _mkto_trk Value: id:063-XZX-814&token:_mch-ironnet.com-1660062085337-98314
.linkedin.com/	1970-01-20 05:50:54	Name: UserMatchHistory Value: AQJMVE-gk0oNmwAAAYKDaTKCGqnoSP_QEp5SscC6OeuyKWJ2QXixNtsYgVOJgKu9MY0v7yMU7cyAgg
.linkedin.com/	1970-01-20 05:50:54	Name: AnalyticsSyncHistory Value: AQIl31xkw1-DOAAAAYKDaTKC3eaDSbrStJUgDaRa61kvSYpszHD28pw_k5GfRoWSAJjjexFpdYM21Eb4MvPWzQ
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 13:53:18	Name: bcookie Value: "v=2&1958b8de-1e22-4cda-80ac-738b329b56a7"
.linkedin.com/	1970-01-20 05:09:08	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2684:u=1:x=1:i=1660062085:t=1660148485:v=2:sig=AQEwaXITrAOZFm5HCZNv0YnDOX7rGLav"
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 13:53:18	Name: bscookie Value: "v=1&20220809162125464a592e-703e-4732-88ee-a91acac675faAQE-Kad3VH5FquZyMmipV18FIfOUVNI3"
.linkedin.com/	1970-01-20 09:26:54	Name: li_gc Value: MTswOzE2NjAwNjIwODU7MjswMjFUrWI0/pCZn35uRQJ6wV7hnK+lYpJhidZjDg1Hfo/buQ==
.hubspot.com/	1970-01-20 05:07:43	Name: __cf_bm Value: vmhrM2jShTyZb0nTuoLv2t0GjhYn.dR.gwmvSiQpIAs-1660062086-0-AXLLpBx2TvZVzklp1ruVarHMrUHyDijLdKiMPsQGIrlwEfUoHWc3+8xTAT3ftkZHovwMYwMAuE5ASJbQsE4CnTE=
www.ironnet.com/	1970-01-20 13:53:18	Name: d-a8e6 Value: 9fa6a9f5-3284-4ffe-9b82-6d5d4bf477b8
www.ironnet.com/	1970-01-20 05:07:42	Name: s-9da4 Value: c0ae77df-572f-4a7e-a8a2-55624a9d9016
lp.ironnet.com/	1969-12-31 23:59:59	Name: BIGipServerab50web-nginx-app_https Value: !8e7txWlfrd99j+twj0+bx/SialTWby9HFKBsglTG2pIbTIHJb4Im3inqi8KqzSt0qKChaGJpfnNH394=
.ironnet.com/	1970-01-20 14:43:42	Name: __q_state_wX6rSUG6pPb1PMPx Value: eyJ1dWlkIjoiN2ZlNWExNGMtNzdjNS00MWQzLTg3YzMtZmYwYzFmNjJmMGFmIiwiY29va2llRG9tYWluIjoiaXJvbm5ldC5jb20iLCJtZXNzZW5nZXJFeHBhbmRlZCI6ZmFsc2UsInByb21wdERpc21pc3NlZCI6ZmFsc2UsImNvbnZlcnNhdGlvbklkIjoiOTQwNDI1OTQ2Nzk3MDIzOTMzIn0=

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://www.ironnet.com/blog/detecting-a-mummyspider-campaign-and-emotet-infection(Line 11) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdn2.hubspot.net/hub/6306975/hub_generated/template_assets/71927228185/1650933626364/teknkl-library.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://sensor.highdegree.io/scripts/dd.js?customerId=ironnet-00001&siteName=ironnet.com&debug=true Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

063-xzx-814.mktoresp.com
app.hubspot.com
app.qualified.com
assets.qualified.com
cdn2.hubspot.net
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
insight.adsrvr.org
js.adsrvr.org
js.hs-analytics.net
js.hs-banner.com
js.qualified.com
lp.ironnet.com
match.adsrvr.org
munchkin.marketo.net
pagead2.googlesyndication.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
qualified-production.s3.us-east-1.amazonaws.com
region1.google-analytics.com
sensor.highdegree.io
snap.licdn.com
static.xx.fbcdn.net
syndication.twitter.com
track.hubspot.com
translate.google.com
translate.googleapis.com
vidassets.terminus.services
wec-assets.terminus.services
www.facebook.com
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.ironnet.com
www.linkedin.com
sensor.highdegree.io
104.111.234.67
104.17.74.206
104.244.42.136
13.107.42.14
13.32.13.117
142.250.186.130
15.197.193.217
18.66.122.60
192.28.144.124
2001:4860:4802:34::36
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67fe
2606:4700:4400::ac40:9a55
2606:4700::6811:45b0
2606:4700::6811:f1cc
2606:4700::6812:1005
2606:4700::6813:9a53
2620:1ec:22::14
2a00:1450:4001:802::200e
2a00:1450:4001:809::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:813::200a
2a00:1450:4001:827::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::2003
2a02:26f0:11a::6867:4868
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f11c:8083:face:b00c:0:25de
3.5.21.167
52.222.236.103
54.156.137.3
00cda5929c27fb999c19eb21cf135ccb0f6e8eabcf474959ec06b77e35638485
0187fed1f15750c2fa9e427912bb64d209aad8b47ee4fa9576f6666b68188d36
112654e44bc554327099d35aa5aa3a8acb30b20cf630dcf4e4514ed5e7416df5
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
17dc16f203a20131a9dfccce83ed74af83cb9da328011181ca745b7f3a883d08
19645836d6ae45ea1873033845899381953b0b10ddc3bca12cd8fd9d4e6482c2
1cadbc4851a36cc3e72fb44cc871e7d1c349edbea74e8e4965a5818713d4153a
1e67e6bfbd3ec76e56875b5a1b542fb0092dc7c74093f8ff16192a5e36338659
250c3daa87a81384d8591c1e5b61ba975a822837ab5f3057caa83a51ead31847
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
311678ae55442120e141bdc8226bc8fa7991dd91ce3dc657b94a483b59a609e2
3814cdd9f44b721f9c1cb111462e040b4a885d07cb143ee37b680d871cbfa94e
3c445291a53a3c8869a046e1a9737a65991356571eb8b1081ba908754a4e66c7
3de78afbc2886dbda69e3b0f501c23e89224aaecf42f898cdb70c2719aea56e2
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
407092548c6ac3e583260ec0d465ae75ea34dfdea979df37a577a2412069184d
41e5c059963bd8f9bc4097f78535c3d722f4d73e75c46b2df5cc74bf864af150
42a7d2221743f7092a4a63d59096d7ce57d0653129232b00eef5a2cbc063a33c
4b9ff99e15d41fd8c922c4e2a64694803ffff8eb112b5515e7977f0d57b71d24
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4c7487b93bfb86015257f8c7ee9b5557cda0825c07f96617315150138b6adb42
4ca78cb9c3d04229e62a9dd1f5456f36c55ca2162c3ec458689bf276b10afdd7
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
50a4a63ddb8de2028f6aefd96e0f3b71f3a15995c89ed1fb6d83acff835ee3eb
5249277c32e64757e7e97148a6a6778acca4a8e11d2114ccabe04515c152edec
52cf06797c66d59d2428883cb27b5b083eed8b73ff8e0e11af86ee162e11ad2c
55c990ef7df20971f7f1e1a27c02c6c7c552ab7d9956f3b0043372f3b168b0f2
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
5bacaacf0e22df5efda4340986d5a7957927a33b4658217dfd49eaa688fce358
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
635bfec3e11b4db537b83f9c17682c95ceb8c9680a6ac97af9e70886ecb5af18
64f2936c1338c4ba2a3b2aee33dce49330b4c9ef71cb4498dea3a6dccd5162b1
67961956e6bb6a85e1571649c8004b00c4616b4d12fc4974d010103fe28494e5
684dfe949ae87a38c2afbcee199f51b0025dd9121b524d62e881cf40846cdd21
6a8e98730db641e1b77b9b3dc9f07b54b5f0b93f6d7d0055b896c23666e1a252
6e1f8fbebc1b0ab39c0da6c568f511c783855d173f2e33af4cd8779974adfee1
6e9f48fa82dc1e7e4e7151766b49c1c470f11849ded31eb39dc8b977692896e3
71679b04fbd29b2c4fe5a7f200ccdc88d666d9b9b9253c4f2878ea06591dac71
733491e8aad8d12c07c98185a38d289b3cb85e6b0016e72d70709cdfc68d02e6
77346eb268d61abfb02851995b748f7724fcefc70881cc31b6dd291a5bf759a5
78273e86483bb1d4b08d56984cdbfa9c7c8bc97d2fc3113334888481b30993fa
7e326b3163995169c1b9fd5dc2538f38cfbcc6dc994835677e3870d823c62e91
7fd32c535b3ed7818861ade3b92fb653bf533fc369e987fe795d2397341401d0
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8f1550c110faf0637f19b7ecd91c6da3cecb92beea093a0628a89d484e7ab532
90bf27fb15e7d9ce69d011bb4e2d0821080ccb87c155630f5931703a12f5a613
914ea15e96aeeec92087c0ebdfaf295fdf2425544e5347078e3be88c70411822
9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216
939c81c89f076cf15236cf6d83cffac59c5086ddb2fe479a5001ce0b85e55b45
965f8d82558ebea71ec853cb504f0026c3f3ac617cb9d6a7d5337d3f3781059c
977af5b132aa036c483277e9b4f0aa35506e96d69e5a4b0909bdd6468df3caca
9a50df52651133ee2b309daf0c3b921e9f5109067d5e11f2b8dd055f9ca3e66f
a5e67cdd4efcb6057b3819a8efc89cde68f1e3a4d3a2efd7e812b0771211989c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aef68dcd7483c7061fa95315327615fd5e40a6cd1770fe6319afba48c69a805a
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3b810fd46e7aad5b789896519011ab5366b39dbb19a5663c53525f756e89bfb
b677c896141ff9ee627e09e2d2e45ffce135d2f5df97b77b0ada5c2b18f0fe1b
b877c141969b8914929e24fa9132309c78f381dd36cf9783dccaf201f4e55835
bc1680464cd20e184c16ed9bc6b0281aa6d6dc279ed4e6256df4ab6cd16ab8a1
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf1ffcb96984568b22f7a9029dd980abb5a4a47700f588a16b8ace0f7412977e
c0836e0ca85c352993c12e75d531b1394a2be0b679828a749c1922b9f66032a9
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c45845ddd750a0a686e2468ac73581bc04ee85c3bb196d61245b5a09c3f88710
ccb2d8dd6c228906f7964ac7e770c89f98b4355d0fec1d94a5423833245ad69e
ccfdfabc7b73e52243d66188306a7c01551ee7bd91673d3817343421876e4ed3
d20c3298ba0008f7c5865821dfff6bfd9e49f897c20136c10756548a73622f52
d51672bf626e0ecfd640111434d91d284e6ab6e86dca8f036764c6a1531acd6c
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd73aaa40aaa3f68485ce0099ab91f2db304523f542b95da68397340d58d5c4f
e033aa550c58223507ebebc632997793d17b8469598b337d63b6b407956513bf
e07414c9b5c677277f7066b23d698005bf6bc2e6405d5ebf1a2221cc5defb102
e2037a416b86a501dbf1b4fa90a471e0f53d739eb1c1068aa88f8d71d0d92b05
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c54a4a7ca3144089f870c123d6bd21c2cb61e2e31284d501bdd39c30e915bf
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0ab4e14456c13a6c725c55a882e76fc62b42d511be4a8ec4d903a531e703013
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7545b96ed2740220c349ae9deb614faf1f0f211d4cf710788e0790f74cc9715
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f75f3f8cfa815312005335e83ea70f25adbe9f71fc6a92fc901f4c731dd867e8
f84fd00496c19209452d59d2747f8c195db51dd3d9b54273dfe2cd9cf1c3ba18

www.ironnet.com Open in urlscan Pro 2606:2c40::c73c:67fe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

99 Requests

98 %HTTPS

63 %IPv6

25 Domains

38 Subdomains

33 IPs

4 Countries

10891 kBTransfer

16022 kBSize

17 Cookies

16 Outgoing links

Redirected requests

99 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.ironnet.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Screenshot
Live screenshot

Full Image

99
Requests

98 %
HTTPS

63 %
IPv6

25
Domains

38
Subdomains

33
IPs

4
Countries

10891 kB
Transfer

16022 kB
Size

17
Cookies

99 HTTP transactions
4 data transactions