Submitted URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us...
Effective URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us...
Submission: On April 28 via api from US

Summary

This website contacted 51 IPs in 7 countries across 50 domains to perform 97 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com.
TLS certificate: Issued by Thawte RSA CA 2018 on August 27th 2019. Valid for: a year.
This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 2a02:e980:107... 19551 (INCAPSULA)
2 2a00:1450:400... 15169 (GOOGLE)
2 216.58.208.34 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 88.221.60.75 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.225.73.37 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 143.204.89.126 16509 (AMAZON-02)
2 2 52.215.1.63 16509 (AMAZON-02)
1 2 13.225.73.113 16509 (AMAZON-02)
1 4 2a00:1450:400... 15169 (GOOGLE)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 151.101.112.157 54113 (FASTLY)
1 147.75.32.13 54825 (PACKET)
2 91.228.74.152 27281 (QUANTCAST)
2 2 34.250.26.209 16509 (AMAZON-02)
2 4 52.16.182.42 16509 (AMAZON-02)
2 34.96.102.137 15169 (GOOGLE)
5 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
3 4 172.217.18.6 15169 (GOOGLE)
2 143.204.89.91 16509 (AMAZON-02)
1 1 68.67.153.60 29990 (ASN-APPNEX)
2 2 185.33.220.145 29990 (ASN-APPNEX)
1 13.225.73.6 16509 (AMAZON-02)
1 1 216.200.122.11 6461 (ZAYO-6461)
1 2a00:1450:400... 15169 (GOOGLE)
1 6 23.210.248.216 16625 (AKAMAI-AS)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.133 13414 (TWITTER)
1 2600:9000:21f... 16509 (AMAZON-02)
15 18 52.17.245.120 16509 (AMAZON-02)
1 147.75.84.39 54825 (PACKET)
1 147.75.32.105 54825 (PACKET)
2 2a03:2880:f02... 32934 (FACEBOOK)
2 2 54.93.143.252 16509 (AMAZON-02)
1 18.156.0.31 16509 (AMAZON-02)
1 2 2.18.234.21 16625 (AKAMAI-AS)
1 69.173.144.136 26667 (RUBICONPR...)
1 2 70.42.32.31 22075 (AS-OUTBRAIN)
1 185.64.189.110 62713 (AS-PUBMATIC)
1 1 2a00:1288:f03... 10310 (YAHOO-1)
1 151.101.113.44 54113 (FASTLY)
1 2 52.58.189.189 16509 (AMAZON-02)
1 2 52.57.35.19 16509 (AMAZON-02)
1 185.33.221.50 29990 (ASN-APPNEX)
1 35.241.8.149 15169 (GOOGLE)
1 2 34.95.120.147 15169 (GOOGLE)
1 1 216.58.205.226 15169 (GOOGLE)
1 2a03:2880:f12... 32934 (FACEBOOK)
1 151.101.114.110 54113 (FASTLY)
1 104.244.42.195 13414 (TWITTER)
2 162.247.242.21 23467 (NEWRELIC-...)
2 2a00:1450:400... 15169 (GOOGLE)
97 51
Apex Domain
Subdomains
Transfer
23 adroll.com
s.adroll.com
d.adroll.com
27 KB
15 proofpoint.com
www.proofpoint.com
2 MB
8 doubleclick.net
googleads.g.doubleclick.net
4788165.fls.doubleclick.net
ad.doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
4 KB
5 g2crowd.com
tracking.g2crowd.com
4 reactful.com
visitor.reactful.com
tracking.reactful.com
109 KB
4 avct.cloud
ads.avct.cloud
2 KB
4 google-analytics.com
www.google-analytics.com
18 KB
4 company-target.com
api.company-target.com
segments.company-target.com
3 KB
4 google.com
www.google.com
adservice.google.com
537 B
3 linkedin.com
px.ads.linkedin.com
www.linkedin.com
2 KB
3 adnxs.com
secure.adnxs.com
ib.adnxs.com
3 KB
3 hotjar.com
static.hotjar.com
script.hotjar.com
vars.hotjar.com
71 KB
3 google.de
www.google.de
329 B
2 gstatic.com
fonts.gstatic.com
18 KB
2 nr-data.net
bam.nr-data.net
460 B
2 openx.net
us-u.openx.net
498 B
2 bidswitch.net
x.bidswitch.net
909 B
2 3lift.com
eb2.3lift.com
739 B
2 outbrain.com
sync.outbrain.com
807 B
2 casalemedia.com
dsum-sec.casalemedia.com
2 KB
2 yahoo.com
ups.analytics.yahoo.com
ads.yahoo.com
1 KB
2 advertising.com
pixel.advertising.com
818 B
2 facebook.net
connect.facebook.net
143 KB
2 driftt.com
js.driftt.com
45 KB
2 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com
2 KB
2 avocet.io
ads.avocet.io
474 B
2 quantserve.com
secure.quantserve.com
pixel.quantserve.com
7 KB
2 bing.com
bat.bing.com
8 KB
2 bidr.io
match.prod.bidr.io
1019 B
2 marketo.net
munchkin.marketo.net
6 KB
2 geoip-js.com
geoip-js.com
3 KB
2 googleadservices.com
www.googleadservices.com
21 KB
2 googleapis.com
fonts.googleapis.com
2 KB
1 twitter.com
analytics.twitter.com
652 B
1 newrelic.com
js-agent.newrelic.com
10 KB
1 facebook.com
www.facebook.com
248 B
1 rlcdn.com
idsync.rlcdn.com
62 B
1 taboola.com
trc.taboola.com
281 B
1 pubmatic.com
simage2.pubmatic.com
543 B
1 rubiconproject.com
pixel.rubiconproject.com
239 B
1 consensu.org
d.adroll.mgr.consensu.org
137 B
1 quantcount.com
rules.quantcount.com
356 B
1 t.co
t.co
448 B
1 gwmtracking.com
gwmtracking.com
389 B
1 ml-api.io
attr.ml-api.io
484 B
1 ml-attr.com
s.ml-attr.com
280 B
1 ads-twitter.com
static.ads-twitter.com
2 KB
1 licdn.com
snap.licdn.com
2 KB
1 demandbase.com
scripts.demandbase.com
21 KB
1 googletagmanager.com
www.googletagmanager.com
51 KB
97 50
Domain Requested by
17 d.adroll.com 14 redirects www.proofpoint.com
15 www.proofpoint.com www.proofpoint.com
6 s.adroll.com 1 redirects www.googletagmanager.com
www.proofpoint.com
s.adroll.com
5 tracking.g2crowd.com www.proofpoint.com
4 ads.avct.cloud 2 redirects www.proofpoint.com
4 www.google-analytics.com 1 redirects www.googletagmanager.com
www.proofpoint.com
3 www.google.de www.proofpoint.com
3 www.google.com 1 redirects www.proofpoint.com
2 fonts.gstatic.com
2 tracking.reactful.com visitor.reactful.com
2 bam.nr-data.net js-agent.newrelic.com
2 us-u.openx.net 1 redirects www.proofpoint.com
2 x.bidswitch.net 1 redirects www.proofpoint.com
2 eb2.3lift.com 1 redirects www.proofpoint.com
2 sync.outbrain.com 1 redirects www.proofpoint.com
2 dsum-sec.casalemedia.com 1 redirects www.proofpoint.com
2 pixel.advertising.com 2 redirects
2 connect.facebook.net s.adroll.com
connect.facebook.net
2 px.ads.linkedin.com 1 redirects www.proofpoint.com
2 ad.doubleclick.net 2 redirects
2 secure.adnxs.com 2 redirects
2 js.driftt.com www.proofpoint.com
js.driftt.com
2 4788165.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 visitor.reactful.com www.proofpoint.com
visitor.reactful.com
2 dev.visualwebsiteoptimizer.com www.proofpoint.com
2 ads.avocet.io 2 redirects
2 bat.bing.com www.googletagmanager.com
www.proofpoint.com
2 segments.company-target.com 1 redirects www.proofpoint.com
2 match.prod.bidr.io 2 redirects
2 api.company-target.com scripts.demandbase.com
www.proofpoint.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 munchkin.marketo.net www.proofpoint.com
munchkin.marketo.net
2 geoip-js.com www.proofpoint.com
geoip-js.com
2 www.googleadservices.com www.proofpoint.com
www.googletagmanager.com
2 fonts.googleapis.com www.proofpoint.com
visitor.reactful.com
1 analytics.twitter.com static.ads-twitter.com
1 js-agent.newrelic.com www.proofpoint.com
1 www.facebook.com www.proofpoint.com
1 cm.g.doubleclick.net 1 redirects
1 idsync.rlcdn.com www.proofpoint.com
1 ib.adnxs.com www.proofpoint.com
1 trc.taboola.com www.proofpoint.com
1 ads.yahoo.com 1 redirects
1 simage2.pubmatic.com www.proofpoint.com
1 pixel.rubiconproject.com www.proofpoint.com
1 ups.analytics.yahoo.com www.proofpoint.com
1 pixel.quantserve.com www.proofpoint.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 d.adroll.mgr.consensu.org 1 redirects
1 rules.quantcount.com secure.quantserve.com
1 t.co www.proofpoint.com
1 stats.g.doubleclick.net 1 redirects
1 www.linkedin.com 1 redirects
1 adservice.google.com www.proofpoint.com
1 gwmtracking.com 1 redirects
1 attr.ml-api.io www.proofpoint.com
1 s.ml-attr.com 1 redirects
1 secure.quantserve.com www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 scripts.demandbase.com www.proofpoint.com
1 www.googletagmanager.com www.proofpoint.com
97 64
Subject Issuer Validity Valid
proofpoint.com
Thawte RSA CA 2018
2019-08-27 -
2020-08-26
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
www.googleadservices.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2020-03-24 -
2020-10-09
7 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA
2020-03-14 -
2021-04-13
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
*.demandbase.com
Go Daddy Secure Certificate Authority - G2
2018-09-20 -
2020-11-19
2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
www.google.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
www.google.de
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
*.company-target.com
Go Daddy Secure Certificate Authority - G2
2019-06-19 -
2021-08-18
2 years crt.sh
www.bing.com
Microsoft IT TLS CA 2
2019-04-30 -
2021-04-30
2 years crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-14 -
2020-08-18
a year crt.sh
static.hotjar.com
Let's Encrypt Authority X3
2020-04-04 -
2020-07-03
3 months crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA
2019-10-04 -
2020-10-07
a year crt.sh
ads-eu.avct.cloud
Amazon
2020-04-01 -
2021-05-01
a year crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2
2017-06-30 -
2020-07-06
3 years crt.sh
*.g2crowd.com
Sectigo ECC Domain Validation Secure Server CA
2019-08-06 -
2020-09-28
a year crt.sh
*.reactful.com
Go Daddy Secure Certificate Authority - G2
2020-03-12 -
2021-05-09
a year crt.sh
*.doubleclick.net
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
drift.com
Amazon
2019-10-03 -
2020-11-03
a year crt.sh
*.ml-api.io
Amazon
2020-02-06 -
2021-03-06
a year crt.sh
*.google.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA
2020-01-29 -
2021-04-29
a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-03-04 -
2020-09-04
6 months crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
adroll.mgr.consensu.org
Amazon
2019-11-06 -
2020-12-06
a year crt.sh
script.hotjar.com
Let's Encrypt Authority X3
2020-04-04 -
2020-07-03
3 months crt.sh
vars.hotjar.com
Let's Encrypt Authority X3
2020-04-04 -
2020-07-03
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-04-15 -
2020-07-14
3 months crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2020-02-13 -
2020-08-11
6 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018
2020-03-02 -
2021-04-01
a year crt.sh
*.rubiconproject.com
DigiCert SHA2 Secure Server CA
2019-01-10 -
2021-01-14
2 years crt.sh
*.outbrain.com
Thawte RSA CA 2018
2019-10-29 -
2021-11-23
2 years crt.sh
*.pubmatic.com
Sectigo RSA Organization Validation Secure Server CA
2019-02-22 -
2021-02-21
2 years crt.sh
*.taboola.com
DigiCert SHA2 Secure Server CA
2020-02-19 -
2020-09-10
7 months crt.sh
*.3lift.com
Amazon
2019-07-17 -
2020-08-17
a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA
2020-04-23 -
2022-05-04
2 years crt.sh
*.adnxs.com
DigiCert ECC Secure Server CA
2019-01-23 -
2021-03-08
2 years crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2020-04-14 -
2021-04-23
a year crt.sh
*.openx.net
GeoTrust RSA CA 2018
2018-01-04 -
2020-07-09
3 years crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2020-04-23 -
2021-03-18
a year crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA
2020-02-05 -
2022-02-08
2 years crt.sh
*.gstatic.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Frame ID: F1A020E0B012BDE635067C3655647CCF
Requests: 110 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_8kceSjOkCFc_IuwgddZwLyg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823
Frame ID: 05335CE27BA113E0868591FBF8FBB8E1
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 63CADE5A41C1916D58E5A84672CF4C79
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 2EC51B3DE4FE45B882CD07E3CE13680D
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /\.quantserve\.com\/quant\.js/i

Page Statistics

97
Requests

99 %
HTTPS

35 %
IPv6

50
Domains

64
Subdomains

51
IPs

7
Countries

2259 kB
Transfer

5396 kB
Size

17
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAGVUk69UVYAAG6cc5wJyw HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAGVUk69UVYAAG6cc5wJyw&verifyHash=8f51aa6ebdf0530609abf6419fc94fd3719c353f
Request Chain 47
  • https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j HTTP 301
  • https://ads.avct.cloud/s?r=1&uuid=0&add=5aba5f53ab79f7f51390a95a&ty=j HTTP 302
  • https://ads.avct.cloud/s?bounce=true&r=1&uuid=0&add=5aba5f53ab79f7f51390a95a&ty=j
Request Chain 56
  • https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j HTTP 301
  • https://ads.avct.cloud/s?r=1&uuid=0&add=5d1dcad3b00320110090d553&ty=j HTTP 302
  • https://ads.avct.cloud/s?bounce=true&r=1&uuid=0&add=5d1dcad3b00320110090d553&ty=j
Request Chain 57
  • https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823 HTTP 302
  • https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_8kceSjOkCFc_IuwgddZwLyg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823
Request Chain 59
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
  • https://attr.ml-api.io/?domain=proofpoint.com&pId=3118802362309008801
Request Chain 60
  • https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=1252010180 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CNqEvseSjOkCFU9uGwodfl0MZA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
  • https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CNqEvseSjOkCFU9uGwodfl0MZA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
Request Chain 62
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&time=1588112088347 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fthreat-insight%252Fpost%252Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%252Fr%252Fnhttps%253A%252F%252Fkc.mcafee.com%252Fcorporate%252Findex%253Fpage%253Dcontent%2526id%253DKB92734%2526viewlocale%253Dfr_fr%2526locale%253Dfr_fr%255Cr%255Cn%255Cr%255CnSUMMARY%255Cr%255Cn___________________________________________________%255Cr%255Cn-%26time%3D1588112088347%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&time=1588112088347&liSync=true
Request Chain 63
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1655181927&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YFBAAEAB~&jid=1577627883&gjid=664922422&cid=304155067.1588112088&tid=UA-2257074-1&_gid=1128882449.1588112088&_r=1&gtm=2wg4f0MGR7P8X&z=1715663811 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2257074-1&cid=304155067.1588112088&jid=1577627883&_gid=1128882449.1588112088&gjid=664922422&_v=j81&z=1715663811 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=304155067.1588112088&jid=1577627883&_v=j81&z=1715663811 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=304155067.1588112088&jid=1577627883&_v=j81&z=1715663811&slf_rd=1&random=2983013283
Request Chain 73
  • https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 75
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/7YJ7XZCLMRHSVCXIHB5HIT?_s=11add5dd973267bc115ffb33eae33f63&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=11add5dd973267bc115ffb33eae33f63&_b=2
Request Chain 83
  • https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&pv=80186283752.70102&cookie=&adroll_s_ref=&keyw= HTTP 302
  • https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Request Chain 86
  • https://d.adroll.com/cm/aol/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPacb20572-899d-11ea-a360-06b408aa5bf6
Request Chain 87
  • https://d.adroll.com/cm/index/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expiration=1619648088 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expiration=1619648088&C=1
Request Chain 88
  • https://d.adroll.com/cm/n/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expires=365
Request Chain 89
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&rdrctExp=true
Request Chain 90
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Request Chain 91
  • https://d.adroll.com/cm/r/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
  • https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 92
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
Request Chain 93
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://eb2.3lift.com/xuid?mid=4714&xuid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&dongle=c85e HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Request Chain 94
  • https://d.adroll.com/cm/b/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
Request Chain 95
  • https://d.adroll.com/cm/x/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://ib.adnxs.com/setuid?entity=172&code=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
Request Chain 96
  • https://d.adroll.com/cm/l/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://idsync.rlcdn.com/377928.gif?partner_uid=97e1cd8a64ceb112fba02f22e7d31c68
Request Chain 97
  • https://d.adroll.com/cm/o/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=97e1cd8a64ceb112fba02f22e7d31c68 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=97e1cd8a64ceb112fba02f22e7d31c68
Request Chain 98
  • https://d.adroll.com/cm/g/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT&google_nid=adroll5 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=l-HNimTOsRL7oC8i59McaA HTTP 302
  • https://d.adroll.com/cm/g/in

97 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index
www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/
41 KB
13 KB
Document
General
Full URL
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
nginx /
Resource Hash
1dc7010e3ba823724e577311b6933f6fbccc0c7f6419fee83b758e11b735eaf5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
www.proofpoint.com
:scheme
https
:path
/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
404
server
nginx
date
Tue, 28 Apr 2020 22:14:47 GMT
content-type
text/html; charset=UTF-8
cache-control
max-age=86400, public
x-drupal-dynamic-cache
UNCACHEABLE
link
<https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps%3A//kc.mcafee.com/corporate/index>; rel="canonical", <https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps%3A//kc.mcafee.com/corporate/index>; rel="shortlink" <https://www.proofpoint.com/us/page-not-found>; rel="alternate"; hreflang="en-us" <https://www.proofpoint.com/uk/page-not-found>; rel="alternate"; hreflang="en-gb" <https://www.proofpoint.com/fr/page-not-found>; rel="alternate"; hreflang="fr" <https://www.proofpoint.com/de/page-not-found>; rel="alternate"; hreflang="de" <https://www.proofpoint.com/es/page-not-found>; rel="alternate"; hreflang="es" <https://www.proofpoint.com/jp/page-not-found>; rel="alternate"; hreflang="ja" <https://www.proofpoint.com/au/page-not-found>; rel="alternate"; hreflang="en-au" <https://www.proofpoint.com/it/page-not-found>; rel="alternate"; hreflang="it" <https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps%3A//kc.mcafee.com/corporate/index>; rel="canonical", <https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps%3A//kc.mcafee.com/corporate/index>; rel="shortlink" <https://www.proofpoint.com/us/page-not-found>; rel="alternate"; hreflang="en-us" <https://www.proofpoint.com/uk/page-not-found>; rel="alternate"; hreflang="en-gb" <https://www.proofpoint.com/fr/page-not-found>; rel="alternate"; hreflang="fr" <https://www.proofpoint.com/de/page-not-found>; rel="alternate"; hreflang="de" <https://www.proofpoint.com/es/page-not-found>; rel="alternate"; hreflang="es" <https://www.proofpoint.com/jp/page-not-found>; rel="alternate"; hreflang="ja" <https://www.proofpoint.com/au/page-not-found>; rel="alternate"; hreflang="en-au" <https://www.proofpoint.com/it/page-not-found>; rel="alternate"; hreflang="it"
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin
feature-policy
geolocation 'self'
x-frame-options
SAMEORIGIN
x-ua-compatible
IE=edge
content-language
en
x-content-type-options
nosniff
expires
Wed, 29 Apr 2020 22:14:47 GMT
last-modified
Tue, 28 Apr 2020 22:14:47 GMT
etag
"1588112087"
vary
Cookie
x-generator
Drupal 8 (https://www.drupal.org)
x-drupal-cache
MISS
x-request-id
v-aba98a08-899d-11ea-b4d4-8fd71362959f
x-ah-environment
prod
age
0
via
varnish
x-cache
MISS
set-cookie
visid_incap_177663=ohAK0KWgTs27OmtapVUZbdeqqF4AAAAAQUIPAAAAAAD1CIf4tuCbkIC2HqEVshLR; expires=Wed, 28 Apr 2021 14:10:51 GMT; HttpOnly; path=/; Domain=.proofpoint.com incap_ses_246_177663=VyeyET7geTncN0C+LfhpA9eqqF4AAAAAT5cryER/7jPIJMN3QvvqKQ==; path=/; Domain=.proofpoint.com
x-cdn
Incapsula
content-encoding
gzip
x-iinfo
5-18616728-18616729 NNYN CT(172 352 0) RT(1588112086109 0) q(0 0 5 -1) r(12 13) U11
css_BpC9e9Xf-abYN_CGrep6Vz3VI9oBlboIb4s435larzM.css
www.proofpoint.com/sites/default/files/css/
25 KB
4 KB
Stylesheet
General
Full URL
https://www.proofpoint.com/sites/default/files/css/css_BpC9e9Xf-abYN_CGrep6Vz3VI9oBlboIb4s435larzM.css
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
0690bd7bd5dff9a6d837f086adea7a573dd523da0195ba086f8b38df995aaf33
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 13 Apr 2020 09:11:00 GMT
x-cdn
Incapsula
etag
"6c8bd798"
content-type
text/css
status
200
x-iinfo
5-18616873-0 0CNN RT(1588112087500 0) q(0 -1 -1 0) r(1 -1)
cache-control
max-age=1189939, public
content-length
4438
expires
Tue, 12 May 2020 16:47:06 GMT
css_hQHpK914zY4FyLEBiR1JyH34obgrO7-kdcg8FPT0g88.css
www.proofpoint.com/sites/default/files/css/
756 KB
190 KB
Stylesheet
General
Full URL
https://www.proofpoint.com/sites/default/files/css/css_hQHpK914zY4FyLEBiR1JyH34obgrO7-kdcg8FPT0g88.css
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
8501e92bdd78cd8e05c8b101891d49c87df8a1b82b3bbfa475c83c14f4f483cf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 27 Apr 2020 16:31:18 GMT
x-cdn
Incapsula
etag
"ac1520a0"
content-type
text/css
status
200
x-iinfo
5-18616874-0 0CNN RT(1588112087500 0) q(0 -1 -1 3) r(1 -1)
cache-control
max-age=1189940, public
content-length
194224
expires
Tue, 12 May 2020 16:47:07 GMT
modernizr.min.js
www.proofpoint.com/core/assets/vendor/modernizr/
5 KB
2 KB
Script
General
Full URL
https://www.proofpoint.com/core/assets/vendor/modernizr/modernizr.min.js?v=3.3.1
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 07 Feb 2020 20:18:15 GMT
x-cdn
Incapsula
content-type
application/javascript
status
200
x-iinfo
5-18616875-0 0CNN RT(1588112087502 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189939, public
content-length
2110
expires
Tue, 12 May 2020 16:47:06 GMT
logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
3 KB
1 KB
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 07 Feb 2020 20:18:17 GMT
x-cdn
Incapsula
etag
"13fdd2ef"
content-type
image/svg+xml
status
200
x-iinfo
5-18616880-0 0CNN RT(1588112087518 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189940, public
content-length
1124
expires
Tue, 12 May 2020 16:47:07 GMT
psat-training-modules.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
913 KB
914 KB
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/psat-training-modules.png
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
2cfe7c393d823154ee86def4c4eeeff7520b903871d93073ef7ad566a07ea92d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
x-content-type-options
nosniff
last-modified
Fri, 07 Feb 2020 20:18:17 GMT
x-cdn
Incapsula
etag
"cdd6b9a9"
content-type
image/png
status
200
x-iinfo
5-18616883-0 0CNN RT(1588112087537 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189941, public
content-length
934755
expires
Tue, 12 May 2020 16:47:08 GMT
css
fonts.googleapis.com/
12 KB
901 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0796293ec526d0aa2afcd3a403c1c8b5707863314cf4db4d1bac426ead264416
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 28 Apr 2020 22:14:47 GMT
server
ESF
date
Tue, 28 Apr 2020 22:14:47 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 28 Apr 2020 22:14:47 GMT
truncated
/
209 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
221 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
204 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c8de55874475c175335f0c6fc79e975cc9325630e3641389c18ae7ae5ab9a981

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
221 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fab816e037c0f67ab424c67234af03471c66a13357d6e187ecb238a2eac62a04

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
720 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cef5e7a8bbafdc0187cc3bd50db0417a3ed578deec09d93fe306bddf30a9ba43

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
444 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4f3fc31f17996bdcd89a0b6358ef30b10a4d5b8e436dcd786082965f868f3bd8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
606 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f156ae940f7e272f1319e3a835871f632bc4275105f4882685a3435d7ed4e3fb

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
685 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d1c6032b67262b3855f2ae2702f0497cf50f3caf6ce5211641f1756ee3a4332b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
460 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c0269ba28d9ec51948de3000f364e6890e8a369ab832b4deb572415845a39712

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
465 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93fa8b2f6e13b1ac02946cf42cebafaa637e07feb93b926eace76fd5128df564

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
blue-bg.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/
25 KB
25 KB
Image
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/blue-bg.png
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5451119aa5fd566ad1bc22ab81193be0154f0e80c69a1b5d9c99d217f5737e3a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
x-content-type-options
nosniff
last-modified
Fri, 07 Feb 2020 20:18:17 GMT
x-cdn
Incapsula
etag
"8b9597e3"
content-type
image/png
status
200
x-iinfo
5-18616886-0 0CNN RT(1588112087586 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189941, public
content-length
25228
expires
Tue, 12 May 2020 16:47:08 GMT
RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
21 KB
21 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.proofpoint.com/sites/default/files/css/css_hQHpK914zY4FyLEBiR1JyH34obgrO7-kdcg8FPT0g88.css
Origin
https://www.proofpoint.com

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
x-content-type-options
nosniff
last-modified
Wed, 08 Apr 2020 23:58:51 GMT
x-cdn
Incapsula
etag
"39ed386e"
status
200
x-iinfo
5-18616887-0 0CNN RT(1588112087587 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189941, public
content-length
21036
expires
Tue, 12 May 2020 16:47:08 GMT
fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
16 KB
16 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.proofpoint.com/sites/default/files/css/css_hQHpK914zY4FyLEBiR1JyH34obgrO7-kdcg8FPT0g88.css
Origin
https://www.proofpoint.com

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Apr 2020 08:44:22 GMT
x-cdn
Incapsula
etag
"80852160"
status
200
x-iinfo
5-18616889-0 0CNN RT(1588112087588 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189941, public
content-length
16540
expires
Tue, 12 May 2020 16:47:08 GMT
conversion.js
www.googleadservices.com/pagead/
27 KB
10 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f34.1e100.net
Software
cafe /
Resource Hash
4a9abec4e9f9962a1b4ac3f8c3f637be75b3dd39e37a670ca8a33c3c4f9eb2bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
10582
x-xss-protection
0
server
cafe
etag
11280618715274700684
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 28 Apr 2020 22:14:48 GMT
js_UJ6WAapFBKGtCbnPxYQVxUAs3D5OwPRBRocKPZw3Gdo.js
www.proofpoint.com/sites/default/files/js/
138 KB
46 KB
Script
General
Full URL
https://www.proofpoint.com/sites/default/files/js/js_UJ6WAapFBKGtCbnPxYQVxUAs3D5OwPRBRocKPZw3Gdo.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
509e9601aa4504a1ad09b9cfc58415c5402cdc3e4ec0f44146870a3d9c3719da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 27 Apr 2020 11:50:28 GMT
x-cdn
Incapsula
etag
"4b2e4ebc"
content-type
text/javascript
status
200
x-iinfo
5-18616900-0 0CNN RT(1588112087669 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189940, public
content-length
47329
expires
Tue, 12 May 2020 16:47:07 GMT
geoip2.js
geoip-js.com/js/apis/geoip2/v2.1/
3 KB
2 KB
Script
General
Full URL
https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab7954e1447f64d179eaec1e53a64438f59fc59a3d701897acab070e1138f849

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 28 Apr 2020 18:13:17 GMT
server
cloudflare
age
1304
etag
W/"5ea8723d-cfc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=43200
cf-ray
58b423667aeedfbf-FRA
cf-request-id
02647474090000dfbf02030200000001
expires
Wed, 29 Apr 2020 10:14:48 GMT
js_uO_4d7s8b5IZnoF4iyK0PxwR2_Sn_Is4HKuBW6aio10.js
www.proofpoint.com/sites/default/files/js/
8 KB
2 KB
Script
General
Full URL
https://www.proofpoint.com/sites/default/files/js/js_uO_4d7s8b5IZnoF4iyK0PxwR2_Sn_Is4HKuBW6aio10.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b8eff877bb3c6f92199e81788b22b43f1c11dbf4a7fc8b381cab815ba6a2a35d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 16 Apr 2020 22:59:34 GMT
x-cdn
Incapsula
etag
"a9172948"
content-type
text/javascript
status
200
x-iinfo
5-18616901-0 0CNN RT(1588112087671 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189941, public
content-length
2112
expires
Tue, 12 May 2020 16:47:08 GMT
munchkin.js
munchkin.marketo.net/
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-60-75.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c7d7214a0b940c1ffcbd64689a576c5847b42e886da3ad9ea45bc4cda214bac8

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Content-Encoding
gzip
Last-Modified
Fri, 03 Apr 2020 02:45:45 GMT
Server
Apache
ETag
"aa520b8aca3502dbdbf62462e6f4be67:1585881945"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
751
js_HEYxx3UitzLt66h2zHBeQDdU1hDQNbpw6dyyF2yI5Fg.js
www.proofpoint.com/sites/default/files/js/
1 MB
410 KB
Script
General
Full URL
https://www.proofpoint.com/sites/default/files/js/js_HEYxx3UitzLt66h2zHBeQDdU1hDQNbpw6dyyF2yI5Fg.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1c4631c77522b732edeba876cc705e403754d610d035ba70e9dcb2176c88e458
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 08 Apr 2020 23:59:32 GMT
x-cdn
Incapsula
etag
"3685731c"
content-type
text/javascript
status
200
x-iinfo
5-18616902-0 0CNN RT(1588112087672 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189941, public
content-length
419228
expires
Tue, 12 May 2020 16:47:08 GMT
truncated
/
45 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
18 KB
18 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.proofpoint.com/sites/default/files/css/css_hQHpK914zY4FyLEBiR1JyH34obgrO7-kdcg8FPT0g88.css
Origin
https://www.proofpoint.com

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
x-content-type-options
nosniff
last-modified
Fri, 07 Feb 2020 20:17:55 GMT
x-cdn
Incapsula
etag
"01c16c31"
status
200
x-iinfo
5-18616907-0 0CNN RT(1588112087689 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189941, public
content-length
18296
expires
Tue, 12 May 2020 16:47:08 GMT
RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/
21 KB
21 KB
Font
General
Full URL
https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.proofpoint.com/sites/default/files/css/css_hQHpK914zY4FyLEBiR1JyH34obgrO7-kdcg8FPT0g88.css
Origin
https://www.proofpoint.com

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
x-content-type-options
nosniff
last-modified
Wed, 08 Apr 2020 23:58:51 GMT
x-cdn
Incapsula
etag
"8df65834"
status
200
x-iinfo
5-18616908-0 0CNN RT(1588112087690 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1190596, public
content-length
21384
expires
Tue, 12 May 2020 16:58:03 GMT
munchkin.js
munchkin.marketo.net/158/
11 KB
5 KB
Script
General
Full URL
https://munchkin.marketo.net/158/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-60-75.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5f967fd41346c0fc1b9b44fa69c52bf1e754420c59c8017cefb0a14a764cafa4

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Content-Encoding
gzip
Last-Modified
Tue, 28 Jan 2020 03:01:21 GMT
Server
Apache
ETag
"67df7eb9e9e68638308f14367dddec10:1580180481"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4686
Expires
Thu, 06 Aug 2020 22:14:48 GMT
gtm.js
www.googletagmanager.com/
219 KB
51 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cee2bb03171a567a8cd35860be7c776aac49ca6c77516bcc30add40d53a08a01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
51753
x-xss-protection
0
last-modified
Tue, 28 Apr 2020 21:25:34 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 28 Apr 2020 22:14:48 GMT
MP9Jyqtx.min.js
scripts.demandbase.com/
103 KB
21 KB
Script
General
Full URL
https://scripts.demandbase.com/MP9Jyqtx.min.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.73.37 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-37.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ceb810209db25558f5023859835a13c7ca43a7f77feff6752b042b2a8e9b00bc

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
QJqjmWl8QQSIDMtxZ3CXEsWLmzaPxk4B
content-encoding
gzip
last-modified
Tue, 28 Apr 2020 00:50:58 GMT
server
AmazonS3
age
1186
date
Tue, 28 Apr 2020 21:55:03 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
status
200
cache-control
public, max-age=3600
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
HF6vpnTA4Z1v1qn0ZumC4gM1qOJTcs_9rJCXpp33-JJr2h6FsPkMfg==
via
1.1 590590f04f79f692591f9db0e720a31d.cloudfront.net (CloudFront)
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1588112088163&cv=9&fst=1588112088163&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3fff4d39d7b6373df4d2da37edcfc221707441dc8ca8b36c753cb2dd1c790239
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1146
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
me
geoip-js.com/geoip/v2.1/country/
771 B
1 KB
XHR
General
Full URL
https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com
Requested by
Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d43e3abd2704bd958444aa0b7544900b1e13fc70ba557c32167cf8806f406fae

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin
*
cf-ray
58b42367c9c9dff3-FRA
content-length
771
cf-request-id
02647474dd0000dff319962200000001
truncated
/
207 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e0b6d26489191155d30162f050cf2a964afb8cf054e3f59e7f710942a9a12293

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
/
www.google.com/pagead/1p-user-list/950296937/
42 B
119 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/950296937/?random=1588112088163&cv=9&fst=1588111200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=584926377&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/950296937/
42 B
110 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/950296937/?random=1588112088163&cv=9&fst=1588111200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=584926377&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ip.json
api.company-target.com/api/v2/
440 B
944 B
XHR
General
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&page_title=Page%20Not%20Found%20%7C%20Proofpoint%20US&key=2e81efc731d57cb3e458d08fae112991&src=tag
Requested by
Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.89.126 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-89-126.fra50.r.cloudfront.net
Software
nginx /
Resource Hash
51f57a3c7d8a7beb3e7d75e5c9efc04404b4270688be21d6570b423731c9ffaf

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
status
200
request-id
5827f020-4907-48c0-b257-123609310cfb
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://www.proofpoint.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
FTxixVOyLeluAVPCZi0GPLgMUU7tnOAdETBdiMu-CNTBom2Qr0iYdA==
expires
Mon, 27 Apr 2020 22:14:48 GMT
validateCookie
segments.company-target.com/
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AAGVUk69UVYAAG6cc5wJyw
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAGVUk69UVYAAG6cc5wJyw&verifyHash=8f51aa6ebdf0530609abf6419fc94fd3719c353f
26 B
408 B
Image
General
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAGVUk69UVYAAG6cc5wJyw&verifyHash=8f51aa6ebdf0530609abf6419fc94fd3719c353f
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.73.113 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-113.fra2.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Via
1.1 2fcedcc055e24d7ac99fbc19ed8fc8ec.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C2
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
e095f0c3ab81f940
X-Amz-Cf-Id
FMTHJxO9RHcICI0spnIdiDKPjau0mwsgI_cxQgmlscOc9w96pX9-Lg==

Redirect headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Via
1.1 2fcedcc055e24d7ac99fbc19ed8fc8ec.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C2
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAGVUk69UVYAAG6cc5wJyw&verifyHash=8f51aa6ebdf0530609abf6419fc94fd3719c353f
Connection
keep-alive
trace-id
6660ddfba3583793
Content-Length
0
X-Amz-Cf-Id
HbD9lTGcR6v2TIrMiZZFDO18eT6_C8Ug4PZgVmdsldb8ZHAT75mOog==
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
4708
date
Tue, 28 Apr 2020 20:56:20 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Tue, 28 Apr 2020 22:56:20 GMT
conversion_async.js
www.googleadservices.com/pagead/
28 KB
10 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s12-in-f34.1e100.net
Software
cafe /
Resource Hash
cc80114d90c7ecae126be5d8af9df7789184890dd1f2aca8d07eb60d96bf5d17
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
10652
x-xss-protection
0
server
cafe
etag
10605283674030211379
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 28 Apr 2020 22:14:48 GMT
bat.js
bat.bing.com/
25 KB
8 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
079e218ad07f42523479d475b4973a6e386ba95209ee964c04c1a6eb6186bda3

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
content-encoding
gzip
last-modified
Mon, 13 Apr 2020 22:01:50 GMT
x-msedge-ref
Ref A: 5B67CEAAB77347B8ADD4B2E7D0F46848 Ref B: FRAEDGE0520 Ref C: 2020-04-28T22:14:48Z
status
200
etag
"0db222df11d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7610
insight.min.js
snap.licdn.com/li.lms-analytics/
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=9281
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
age
2606
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-hhn4041-HHN
last-modified
Tue, 23 Jan 2018 20:09:00 GMT
x-timer
S1588112088.374686,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
hotjar-1456002.js
static.hotjar.com/c/
3 KB
2 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1456002.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.32.13 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress9
Software
/
Resource Hash
b992f31c27f071a3d45841e24bf889829628caeb20e1dfa426a84969705d6443
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:49 GMT
content-encoding
br
x-content-type-options
nosniff
section-io-tag
hotjar
age
0
status
200
section-io-cache
Miss
vary
Accept-Encoding
content-length
1496
cache-control
max-age=60
etag
W/854e7ca91cd1cfa8df9d710fe27223ef
access-control-max-age
600
section-io-origin-status
200
access-control-allow-origin
*
x-cache-hit
1
section-io-origin-time-seconds
0.078
section-io-id
6534cae95315590aecd11cec11e69c51
accept-ranges
bytes
content-type
application/javascript
section-origin-responded
true
quant.js
secure.quantserve.com/
13 KB
6 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.152 , United Kingdom, ASN27281 (QUANTCAST, US),
Reverse DNS
Software
QS /
Resource Hash
e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Content-Encoding
gzip
Last-Modified
Tue, 28-Apr-2020 22:14:48 GMT
Server
QS
Etag
M0-56c8c653
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/x-javascript
Cache-Control
private, no-transform, max-age=604800
Strict-Transport-Security
max-age=86400
Content-Length
5651
Expires
Tue, 05 May 2020 22:14:48 GMT
s
ads.avct.cloud/
Redirect Chain
  • https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
  • https://ads.avct.cloud/s?r=1&uuid=0&add=5aba5f53ab79f7f51390a95a&ty=j
  • https://ads.avct.cloud/s?bounce=true&r=1&uuid=0&add=5aba5f53ab79f7f51390a95a&ty=j
0
382 B
Script
General
Full URL
https://ads.avct.cloud/s?bounce=true&r=1&uuid=0&add=5aba5f53ab79f7f51390a95a&ty=j
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.182.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-182-42.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Connection
keep-alive
P3p
policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length
0
Content-Type
application/javascript

Redirect headers

Location
/s?bounce=true&r=1&uuid=0&add=5aba5f53ab79f7f51390a95a&ty=j
Date
Tue, 28 Apr 2020 22:14:48 GMT
Connection
keep-alive
P3p
policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length
98
Content-Type
text/html; charset=utf-8
j.php
dev.visualwebsiteoptimizer.com/
2 KB
1 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=359897&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&r=0.22100566178654368
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gbel1 /
Resource Hash
fa073b185f34f50f1eadab017755057bf1831a50cd86cf2fb6587c3564ee131d

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
server
gbel1
content-type
application/javascript; charset=UTF-8
status
200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
via
1.1 google
1594.js
tracking.g2crowd.com/attribution_tracking/conversions/
0
0
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

1644.js
tracking.g2crowd.com/attribution_tracking/conversions/
0
0
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

1645.js
tracking.g2crowd.com/attribution_tracking/conversions/
0
0
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

1646.js
tracking.g2crowd.com/attribution_tracking/conversions/
0
0
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

1647.js
tracking.g2crowd.com/attribution_tracking/conversions/
0
0
Script
General
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&e=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1bbe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

main.rtfl.js
visitor.reactful.com/dist/
270 KB
105 KB
Script
General
Full URL
https://visitor.reactful.com/dist/main.rtfl.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
c4a220432424eb8109e2cc0bf6855e684148e606337f706ba226873fdc003a66

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
server
Google Frontend
age
0
etag
"bsAQ2g"
content-type
application/javascript; charset=UTF-8
status
200
x-cloud-trace-context
dcae6e832079a3f0147cffe10a985bba
cache-control
public, max-age=600
content-length
106718
expires
Tue, 28 Apr 2020 22:24:48 GMT
ip.json
api.company-target.com/api/v2/
440 B
944 B
XHR
General
Full URL
https://api.company-target.com/api/v2/ip.json?key=8d20076343394d24eb8250e933d1560c
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.89.126 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-89-126.fra50.r.cloudfront.net
Software
nginx /
Resource Hash
51f57a3c7d8a7beb3e7d75e5c9efc04404b4270688be21d6570b423731c9ffaf

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
status
200
request-id
23f18882-b7c1-4763-8b53-6b88714d0686
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://www.proofpoint.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 fa5a3d5abd34c6fac657b045a4dcbdc5.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
hy5ccSy3_qIlr_bGtwozarbKK6aTqX07ne7kZ0sfoI2PyilChJ94KA==
expires
Mon, 27 Apr 2020 22:14:48 GMT
s
ads.avct.cloud/
Redirect Chain
  • https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j
  • https://ads.avct.cloud/s?r=1&uuid=0&add=5d1dcad3b00320110090d553&ty=j
  • https://ads.avct.cloud/s?bounce=true&r=1&uuid=0&add=5d1dcad3b00320110090d553&ty=j
0
382 B
Script
General
Full URL
https://ads.avct.cloud/s?bounce=true&r=1&uuid=0&add=5d1dcad3b00320110090d553&ty=j
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.182.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-182-42.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Connection
keep-alive
P3p
policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length
0
Content-Type
application/javascript

Redirect headers

Location
/s?bounce=true&r=1&uuid=0&add=5d1dcad3b00320110090d553&ty=j
Date
Tue, 28 Apr 2020 22:14:48 GMT
Connection
keep-alive
P3p
policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length
98
Content-Type
text/html; charset=utf-8
activityi;dc_pre=CN_8kceSjOkCFc_IuwgddZwLyg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823
4788165.fls.doubleclick.net/ Frame 0533
Redirect Chain
  • https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823?
  • https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_8kceSjOkCFc_IuwgddZwLyg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823?
0
0
Document
General
Full URL
https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_8kceSjOkCFc_IuwgddZwLyg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s28-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
4788165.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CN_8kceSjOkCFc_IuwgddZwLyg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.proofpoint.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.proofpoint.com/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Tue, 28 Apr 2020 22:14:48 GMT
expires
Tue, 28 Apr 2020 22:14:48 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
421
x-xss-protection
0
set-cookie
IDE=AHWqTUkY_ViPhb7riXBxCrGqSFGRIMPaUWIxIM1urCo-OOua6exNcp8nQlfKyZt-; expires=Sun, 23-May-2021 22:14:48 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Tue, 28 Apr 2020 22:14:48 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://4788165.fls.doubleclick.net/activityi;dc_pre=CN_8kceSjOkCFc_IuwgddZwLyg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6812284010068.823?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
5dfsgn7m2kst.js
js.driftt.com/include/1588112100000/
137 KB
45 KB
Script
General
Full URL
https://js.driftt.com/include/1588112100000/5dfsgn7m2kst.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.89.91 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-89-91.fra50.r.cloudfront.net
Software
nginx /
Resource Hash
fe029c6cb1d4cb22e10acd3b28c0ad29c70214c4825c9f6daac95698f71373f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Tue, 28 Apr 2020 21:15:37 GMT
server
nginx
date
Tue, 28 Apr 2020 22:14:48 GMT
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=UTF-8
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cache-control
max-age=10
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
5rBgRbTKzGcxufGslZF3aYoQslsGEyYgr6U3XDWUhvAPNbJUke5dqw==
/
attr.ml-api.io/
Redirect Chain
  • https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
  • https://attr.ml-api.io/?domain=proofpoint.com&pId=3118802362309008801
4 B
484 B
Image
General
Full URL
https://attr.ml-api.io/?domain=proofpoint.com&pId=3118802362309008801
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.225.73.6 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-73-6.fra2.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:49 GMT
Via
1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C2
x-amzn-RequestId
de796c5c-fb39-4c23-8300-365e8a7feff4
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
X-Amzn-Trace-Id
Root=1-5ea8aad9-5465c38094c2938859357ae8;Sampled=0
Connection
keep-alive
x-amz-apigw-id
Lt-h7EjCoAMFWMw=
Content-Length
4
X-Amz-Cf-Id
MLmI_HD9OK_SwDZbeMNCGi3TUIcMi3ZVt2m9JHyzO83ljnoq-AFg_Q==

Redirect headers

Pragma
no-cache
Date
Tue, 28 Apr 2020 22:14:50 GMT
X-Proxy-Origin
185.217.171.12; 185.217.171.12; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.235:80
AN-X-Request-Uuid
d02c9c87-7d1e-442e-8044-a8fc1622c177
Server
nginx/1.13.4
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://attr.ml-api.io/?domain=proofpoint.com&pId=3118802362309008801
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
src=8909468;dc_pre=CNqEvseSjOkCFU9uGwodfl0MZA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
adservice.google.com/ddm/fls/z/
Redirect Chain
  • https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=1252010180
  • https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
  • https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CNqEvseSjOkCFU9uGwodfl0MZA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
  • https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CNqEvseSjOkCFU9uGwodfl0MZA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
42 B
109 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CNqEvseSjOkCFU9uGwodfl0MZA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:49 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
content-type
image/gif
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:49 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
content-type
text/html; charset=UTF-8
location
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CNqEvseSjOkCFU9uGwodfl0MZA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
roundtrip.js
s.adroll.com/j/
34 KB
11 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5c2dcc7280f9f75b2123f8512238e0fb4598e19f1d4da2206d37e613696b50f2

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
8rrc9TDMV5ezSD47OAU1r1L8E3IeGbdH
Content-Encoding
gzip
ETag
"27092f648763d7e7050dcf9fd3e938ba"
x-amz-request-id
0A7A8C13DBCBAEAD
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
10927
x-amz-id-2
ksLXpHw9gp4a7w1p+Fkm7I/jB2eTI8Q5HvK6RVBx708+iRhWKik2oZnMfcJMRgu0DK5BGm3tlN0=
Last-Modified
Wed, 22 Apr 2020 16:19:10 GMT
Server
AmazonS3
Date
Tue, 28 Apr 2020 22:14:48 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fthreat-insight%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-...
0
42 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&time=1588112088347&liSync=true
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
server
Play
linkedin-action
1
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
Jau8yocbChZA3c8qxCoAAA==

Redirect headers

date
Tue, 28 Apr 2020 22:14:48 GMT
x-content-type-options
nosniff
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
linkedin-action
1
status
302
x-li-pop
prod-tln1
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
server
Play
cache-control
no-cache, no-store
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid
CI8mxIcbChYgxEg1aSsAAA==
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&time=1588112088347&liSync=true
x-li-proto
http/2
content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-fabric
prod-lva1
expires
Thu, 01 Jan 1970 00:00:00 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1655181927&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-mal...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2257074-1&cid=304155067.1588112088&jid=1577627883&_gid=1128882449.1588112088&gjid=664922422&_v=j81&z=1715663811
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=304155067.1588112088&jid=1577627883&_v=j81&z=1715663811
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=304155067.1588112088&jid=1577627883&_v=j81&z=1715663811&slf_rd=1&random=2983013283
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=304155067.1588112088&jid=1577627883&_v=j81&z=1715663811&slf_rd=1&random=2983013283
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=304155067.1588112088&jid=1577627883&_v=j81&z=1715663811&slf_rd=1&random=2983013283
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
102 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=1655181927&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=undefined&ea=undefined&_u=YFDAAEAB~&jid=&gjid=&cid=304155067.1588112088&tid=UA-2257074-1&_gid=1128882449.1588112088&gtm=2wg4f0MGR7P8X&z=1776236069
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 04 Apr 2020 15:24:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2098217
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
DE.png
www.proofpoint.com/modules/custom/pp_i18n/images/
3 KB
3 KB
Image
General
Full URL
https://www.proofpoint.com/modules/custom/pp_i18n/images/DE.png
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:47 GMT
x-content-type-options
nosniff
last-modified
Mon, 20 Jan 2020 17:42:12 GMT
x-cdn
Incapsula
etag
"cc0c264c"
content-type
image/png
status
200
x-iinfo
5-18616948-0 0CNN RT(1588112087996 0) q(0 -1 -1 -1) r(0 -1)
cache-control
max-age=1189941, public
content-length
3329
expires
Tue, 12 May 2020 16:47:08 GMT
truncated
/
129 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
234 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
0
bat.bing.com/action/
0
93 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=17087961&Ver=2&mid=62bf681f-7284-47c9-bde0-f0aed7a1b37e&sid=51561ab1-cd93-50b9-2386-e9450179bc43&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Page%20Not%20Found%20%7C%20Proofpoint%20US&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&r=&lt=1849&evt=pageLoad&msclkid=N&sv=1&rn=533739
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Tue, 28 Apr 2020 22:14:47 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: E005237FEC3E458B8FB6FE60E3FDA71A Ref B: FRAEDGE0520 Ref C: 2020-04-28T22:14:48Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1588112088391&cv=9&fst=1588112088391&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg4f0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
31d3b087d4e992b80db3a2e9f4b4c78d989400e0fd87027a6b4e5aadf2415ae5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
1164
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
v.gif
dev.visualwebsiteoptimizer.com/
35 B
218 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=359897&d=proofpoint.com&u=D0044DDB650738DD1DAC8B2F067E7C9DB&h=a72c485456651ac8c430bfd21b74bc76&t=false&r=0.09156657236484822
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3-c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:47 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3-c
content-type
image/gif
status
200
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
adsct
t.co/i/
43 B
448 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nyk4d&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
112
pragma
no-cache
last-modified
Tue, 28 Apr 2020 22:14:48 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
4a7b5dfdb4f4864f092543e69a761cc7
x-transaction
004d326c00c18a24
expires
Tue, 31 Mar 1981 05:00:00 GMT
rules-p-R3wfD8YvtmDvY.js
rules.quantcount.com/
3 B
356 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-R3wfD8YvtmDvY.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:21f3:9e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:12:34 GMT
via
1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
last-modified
Fri, 03 Mar 2017 23:52:35 GMT
server
AmazonS3
age
135
etag
"8a80554c91d9fca8acb82f023de02f11"
x-cache
Error from cloudfront
content-type
application/x-javascript
status
200
cache-control
max-age=300
x-amz-cf-pop
FRA2-C2
accept-ranges
bytes
content-length
3
x-amz-cf-id
iKAyZXUYuEzNjgJvx4sXn3i8iznmEaOraVBbQVsyphNf-1xYKByNuA==
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B
Script
General
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
TbABQrb9C2ZQcnkgOp65Rq.ryGqffoW3
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
F0D3F53B83577A63
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
dBcrX7xjwgnDzgXkPUm3rHg2mMMocXxcokAWjyRITsph5UvPEKbf6dG5++HMmHUDHiP3WRDwALA=
Last-Modified
Mon, 27 Apr 2020 22:39:37 GMT
Server
AmazonS3
Date
Tue, 28 Apr 2020 22:14:48 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/
0
773 B
Script
General
Full URL
https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
4rV4X2UQ8waMifKg7UwUFo0nIooHtgbd
Content-Encoding
gzip
ETag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id
02FCB228129AB7D8
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
20
x-amz-id-2
nlZWyn3hPYkNVPN0zR2xRu0FPTw/g4Qd7pB8/Vw5E2nfNLOFe2UQn3xh2rGbjrU/sGUDWMN1Fg0=
Last-Modified
Tue, 28 Apr 2020 12:46:13 GMT
Server
AmazonS3
Date
Tue, 28 Apr 2020 22:14:48 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/7YJ7XZCLMRHSVCXIHB5HIT?_s=11add5dd973267bc115ffb33eae33f63&_b=2
  • https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=11add5dd973267bc115ffb33eae33f63&_b=2
115 B
581 B
Script
General
Full URL
https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=11add5dd973267bc115ffb33eae33f63&_b=2
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.245.120 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-245-120.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
c16187e4fc3376f1e9af34703979d3f9d9cca87067adc4a63d2c0cefa5828248

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
server
nginx/1.16.1
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
application/javascript
content-length
115

Redirect headers

status
302
date
Tue, 28 Apr 2020 22:14:48 GMT
server
nginx/1.16.1
content-length
105
location
https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=11add5dd973267bc115ffb33eae33f63&_b=2
collect
www.google-analytics.com/
35 B
96 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=1655181927&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAAEAB~&jid=&gjid=&cid=304155067.1588112088&tid=UA-2257074-1&_gid=1128882449.1588112088&gtm=2wg4f0MGR7P8X&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Utrecht&cd11=UT&cd12=Netherlands&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&z=2136671917
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 04 Apr 2020 15:24:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
2098217
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
modules.de7e888e0955327c1dca.js
script.hotjar.com/
367 KB
70 KB
Script
General
Full URL
https://script.hotjar.com/modules.de7e888e0955327c1dca.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.84.39 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
/
Resource Hash
2c271c4a665faddbe0cc0775cffff81a985f7ee272e43b346d81cb0dc4fda652

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:49 GMT
content-encoding
br
age
29460
status
200
section-io-cache
Hit
content-length
70843
last-modified
Tue, 28 Apr 2020 14:00:26 GMT
etag
"8236059abaf6e318caaa8285194d3c2a"
vary
Accept-Encoding
section-io-origin-status
200
access-control-allow-origin
*
cache-control
max-age=31536000
section-io-origin-time-seconds
0.090
section-io-id
44a7c5e5d9fd2cbf46602e77f1a3d15d
accept-ranges
bytes
content-type
application/javascript
section-origin-responded
true
/
www.google.com/pagead/1p-user-list/950296937/
42 B
119 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/950296937/?random=1588112088391&cv=9&fst=1588111200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg4f0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&async=1&fmt=3&is_vtc=1&random=2860449358&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/950296937/
42 B
110 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/950296937/?random=1588112088391&cv=9&fst=1588111200000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg4f0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&async=1&fmt=3&is_vtc=1&random=2860449358&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 63CA
0
0
Document
General
Full URL
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.32.105 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress5
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.proofpoint.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.proofpoint.com/

Response headers

status
200
date
Tue, 28 Apr 2020 22:14:47 GMT
content-type
text/html
content-length
851
last-modified
Wed, 25 Mar 2020 15:18:29 GMT
etag
"d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control
max-age=31536000
content-encoding
br
section-io-origin-status
200
section-io-origin-time-seconds
0.087
section-origin-responded
true
age
2912817
vary
Accept-Encoding
section-io-cache
Hit
accept-ranges
bytes
section-io-id
a1975339c5618612d8ea06dcf95c7ec4
/
visitor.reactful.com/config/879986/
14 KB
5 KB
XHR
General
Full URL
https://visitor.reactful.com/config/879986/?page=%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex&hash=&referer=&user_id=&hshkgid=3cda79e5-d1f9-4c3c-a290-a2d9117bd2dc&cb_rtfl=_rtfl_jsonp_0
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Referer
https://www.proofpoint.com/
Custom-Vars-Data
eyJyZWdpc3RyeV9jb21wYW55X25hbWUiOiJZSVNQIEIuVi4iLCJyZWdpc3RyeV9jaXR5IjoiVXRyZWNodCIsInJlZ2lzdHJ5X3N0YXRlIjoiVVQiLCJyZWdpc3RyeV96aXBfY29kZSI6IjM1MjYiLCJyZWdpc3RyeV9hcmVhX2NvZGUiOm51bGwsInJlZ2lzdHJ5X2RtYV9jb2RlIjpudWxsLCJyZWdpc3RyeV9jb3VudHJ5IjoiTmV0aGVybGFuZHMiLCJyZWdpc3RyeV9jb3VudHJ5X2NvZGUiOiJOTCIsInJlZ2lzdHJ5X2NvdW50cnlfY29kZTMiOm51bGwsInJlZ2lzdHJ5X2xhdGl0dWRlIjo1Mi4wNywicmVnaXN0cnlfbG9uZ2l0dWRlIjo1LjEsImlzcCI6dHJ1ZSwiaW5mb3JtYXRpb25fbGV2ZWwiOiJCYXNpYyIsImF1ZGllbmNlIjoiQm90IiwiYXVkaWVuY2Vfc2VnbWVudCI6IiIsImlwIjoiMTg1LjIxNy4xNzEuMTIiLCJyZWdpb25fbmFtZSI6IlByb3ZpbmNpZSBVdHJlY2h0In0=
Url-Params-Data
eyJwYWdlIjoiY29udGVudCIsImlkIjoiS0I5MjczNCIsInZpZXdsb2NhbGUiOiJmcl9mciIsImxvY2FsZSI6ImZyX2ZyXFxyXFxuXFxyXFxuU1VNTUFSWVxcclxcbl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX1xcclxcbi0ifQ==
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:51 GMT
content-encoding
gzip
server
Google Frontend
status
200
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
access-control-allow-origin
https://www.proofpoint.com
x-cloud-trace-context
9fe3f49545c86f4cdcf21ff2c39279eb
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
access-control-allow-headers
Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length
4270
expires
Tue, 28 Apr 2020 22:14:51 GMT
pixel;r=490437410;source=gtm;rf=0;a=p-R3wfD8YvtmDvY;url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2F...
pixel.quantserve.com/
35 B
658 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=490437410;source=gtm;rf=0;a=p-R3wfD8YvtmDvY;url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-;fpan=1;fpa=P0-1492870213-1588112088598;ns=0;ce=1;qjs=1;qv=0e9a7da-20191205140709;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=1;et=1588112088598;tzo=-120;ogl=site_name.Proofpoint%2Ctype.website%2Curl.https%3A%2F%2Fwww%252Eproofpoint%252Ecom%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-impost%2Ctitle.Page%20Not%20Found%20%7C%20Proofpoint%20US%2Cdescription.Page%20Not%20Found%20Sorry%252C%20the%20page%20you%20requested%20was%20not%20found%252E%20Perhaps%20you%20would%20li
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.228.74.152 , United Kingdom, ASN27281 (QUANTCAST, US),
Reverse DNS
Software
QS /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Apr 2020 22:14:48 GMT
Server
QS
Strict-Transport-Security
max-age=86400
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control
private, no-cache, no-store, proxy-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
35
Expires
Fri, 04 Aug 1978 12:00:00 GMT
T47Y2VPPABDUBJXFROMZZM.js
s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/
Redirect Chain
  • https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpo...
  • https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
4 KB
2 KB
Script
General
Full URL
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5845e8453fb8ad463202d8314428e13413d953b87a024ab6eedb0e988e620c19

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
CrWRB59eU2p2YdPLeobyAOUsIoRnUeyf
Content-Encoding
gzip
ETag
"fb5bf8932022bf0d652c73d5f80ec463"
x-amz-request-id
94DCBA02E56753BF
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
1529
x-amz-id-2
50EemwuAMUoEHhg3fp/N48h5Ogh9kDAZEYvAEDH5mF1He1c72bhw9zKbNEzVl36EroC5mKd3iSs=
Last-Modified
Tue, 04 Feb 2020 02:23:07 GMT
Server
AmazonS3
Date
Tue, 28 Apr 2020 22:14:48 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

date
Tue, 28 Apr 2020 22:14:48 GMT
x-segment-display-name
Visitors to Unsegmented Pages
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
302
content-length
0
pragma
no-cache
x-conversion-value
0.00
server
nginx/1.16.1
x-rule
*
x-segment-eid
T47Y2VPPABDUBJXFROMZZM
location
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
cache-control
no-store, no-cache, must-revalidate
x-pixel-eid
YV5KYXXEJZATZCT37YRTMK
x-segment-name
*
x-advertisable-eid
7YJ7XZCLMRHSVCXIHB5HIT
x-conversion-currency
fbevents.js
connect.facebook.net/en_US/
126 KB
30 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
30466
x-xss-protection
0
pragma
public
x-fb-debug
HuM/IPSQj6lpYWI9rMW7bHkvBpBHMFzSn+ruoHQpaDEDwS983ugaeufAxAn9qhpyaduYo5ngtyd6Hd7hiYoxbQ==
x-fb-trip-id
1850256238
x-frame-options
DENY
date
Tue, 28 Apr 2020 22:14:48 GMT, Tue, 28 Apr 2020 22:14:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
sendrolling.js
s.adroll.com/j/
9 KB
3 KB
Script
General
Full URL
https://s.adroll.com/j/sendrolling.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding
gzip
ETag
"15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id
D373BDDB893E575E
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2039
x-amz-id-2
XqO1wRxhQLE4QFFRqtF9/83wFF4kohDuQitS60oDt2WfBKh8tJ7/oV8RacTG09xzkB1mcIYtrnQ=
Last-Modified
Mon, 03 Feb 2020 20:32:06 GMT
Server
AmazonS3
Date
Tue, 28 Apr 2020 22:14:48 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain
  • https://d.adroll.com/cm/aol/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-dis...
  • https://pixel.advertising.com/ups/55980/sync?uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
  • https://pixel.advertising.com/ups/55980/sync?uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPacb20572-899d-11ea-a360-06...
0
977 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55980/sync?uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPacb20572-899d-11ea-a360-06b408aa5bf6
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.156.0.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/7.1.2.106 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 22:14:48 GMT
Server
ATS/7.1.2.106
Connection
keep-alive
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

status
302
date
Tue, 28 Apr 2020 22:14:48 GMT
location
https://ups.analytics.yahoo.com/ups/55980/sync?uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPacb20572-899d-11ea-a360-06b408aa5bf6
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://d.adroll.com/cm/index/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-d...
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expiration=1619648088
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expiration=1619648088&C=1
43 B
1003 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expiration=1619648088&C=1
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Apr 2020 22:14:48 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 28 Apr 2020 22:14:48 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 28 Apr 2020 22:14:48 GMT
Server
Apache
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expiration=1619648088&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
333
Expires
Tue, 28 Apr 2020 22:14:48 GMT
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://d.adroll.com/cm/n/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distr...
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expires=365
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expires=365
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.136 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
8f052d4f888ae4e0626c5f819879cacd
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&expires=365
cache-control
no-store, no-cache, must-revalidate
content-length
124
cookie-sync
sync.outbrain.com/
Redirect Chain
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposte...
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&rdrctExp=true
0
452 B
Image
General
Full URL
https://sync.outbrain.com/cookie-sync?p=adroll&uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&rdrctExp=true
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-TraceId
6758674a671a685e09ae18081768229c
Date
Tue, 28 Apr 2020 22:14:49 GMT
Content-Length
0

Redirect headers

Location
https://sync.outbrain.com/cookie-sync?p=adroll&uid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&rdrctExp=true
Date
Tue, 28 Apr 2020 22:14:49 GMT
X-TraceId
5d726432c4f01233f37f5bdb3c588801
Content-Length
0
Pug
simage2.pubmatic.com/AdServer/
Redirect Chain
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposte...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...
1 B
543 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Cnection
close
Pragma
no-cache
Date
Tue, 28 Apr 2020 22:14:48 GMT
X-lat
Pug22055:0:462
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control
no-store, no-cache, private
Content-Type
text/html; charset=utf-8
Content-Length
1

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
cache-control
no-store, no-cache, must-revalidate
content-length
220
in
d.adroll.com/cm/r/
Redirect Chain
  • https://d.adroll.com/cm/r/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distr...
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
  • https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
42 B
498 B
Image
General
Full URL
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.245.120 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-245-120.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
server
nginx/1.16.1
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42

Redirect headers

date
Tue, 28 Apr 2020 22:14:48 GMT
referrer-policy
no-referrer-when-downgrade
server
ATS
age
0
status
302
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
p3p
policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
/
trc.taboola.com/sg/adroll-network/1/rtb-h/
Redirect Chain
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter...
  • https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
0
281 B
Image
General
Full URL
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.113.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Tue, 28 Apr 2020 22:14:48 GMT
via
1.1 varnish
server
nginx
x-timer
S1588112089.921562,VS0,VE8
x-cache
MISS
status
204
x-cache-hits
0
accept-ranges
bytes
x-served-by
cache-hhn4076-HHN

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://trc.taboola.com/sg/adroll-network/1/rtb-h/?taboola_hm=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
cache-control
no-store, no-cache, must-revalidate
content-length
111
xuid
eb2.3lift.com/
Redirect Chain
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-impos...
  • https://eb2.3lift.com/xuid?mid=4714&xuid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&dongle=c85e
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
37 B
353 B
Image
General
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.58.189.189 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-58-189-189.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 28 Apr 2020 22:14:49 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

status
302
date
Tue, 28 Apr 2020 22:14:48 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
location
/xuid?ld=1&mid=4714&xuid=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://d.adroll.com/cm/b/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distr...
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
43 B
379 B
Image
General
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.35.19 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-35-19.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Tue, 28 Apr 2020 22:14:49 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

status
302
date
Tue, 28 Apr 2020 22:14:48 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
location
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
setuid
ib.adnxs.com/
Redirect Chain
  • https://d.adroll.com/cm/x/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distr...
  • https://ib.adnxs.com/setuid?entity=172&code=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=172&code=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.50 , Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.13.4 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Apr 2020 22:14:50 GMT
X-Proxy-Origin
185.217.171.12; 185.217.171.12; 728.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.106:80
AN-X-Request-Uuid
51ad593b-5a0a-4850-b907-988d6b0ad8e8
Server
nginx/1.13.4
P3P
policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://ib.adnxs.com/setuid?entity=172&code=OTdlMWNkOGE2NGNlYjExMmZiYTAyZjIyZTdkMzFjNjg
cache-control
no-store, no-cache, must-revalidate
content-length
93
377928.gif
idsync.rlcdn.com/
Redirect Chain
  • https://d.adroll.com/cm/l/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distr...
  • https://idsync.rlcdn.com/377928.gif?partner_uid=97e1cd8a64ceb112fba02f22e7d31c68
0
62 B
Image
General
Full URL
https://idsync.rlcdn.com/377928.gif?partner_uid=97e1cd8a64ceb112fba02f22e7d31c68
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.8.149 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
149.8.241.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
204
date
Tue, 28 Apr 2020 22:14:49 GMT
via
1.1 google
alt-svc
clear

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:48 GMT
server
nginx/1.16.1
status
302
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://idsync.rlcdn.com/377928.gif?partner_uid=97e1cd8a64ceb112fba02f22e7d31c68
cache-control
no-store, no-cache, must-revalidate
content-length
86
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://d.adroll.com/cm/o/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distr...
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=97e1cd8a64ceb112fba02f22e7d31c68
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=97e1cd8a64ceb112fba02f22e7d31c68
43 B
183 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=97e1cd8a64ceb112fba02f22e7d31c68
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.120.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
147.120.95.34.bc.googleusercontent.com
Software
OXGW/16.184.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:49 GMT
via
1.1 google
server
OXGW/16.184.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
status
200
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Tue, 28 Apr 2020 22:14:49 GMT
via
1.1 google
server
OXGW/16.184.0
status
302
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=97e1cd8a64ceb112fba02f22e7d31c68
alt-svc
clear
content-length
0
in
d.adroll.com/cm/g/
Redirect Chain
  • https://d.adroll.com/cm/g/out?adroll_fpc=70e4d6e860b8f938955dc1317ac7f477-1588112088634&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distr...
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=l-HNimTOsRL7oC8i59McaA
  • https://d.adroll.com/cm/g/in
42 B
534 B
Image
General
Full URL
https://d.adroll.com/cm/g/in
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.245.120 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-17-245-120.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:49 GMT
server
nginx/1.16.1
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
status
200
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42
x-result
g.-1.-1.-1

Redirect headers

pragma
no-cache
date
Tue, 28 Apr 2020 22:14:49 GMT
server
HTTP server (unknown)
status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.adroll.com/cm/g/in
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
225
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
389545881899618
connect.facebook.net/signals/config/
447 KB
113 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/389545881899618?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
de01cfa09868330494bbf2a8157156aee6f827675d3f050c4b2ddbcf758e0d41
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
/WNcr8aKHvulai3hNZO4CAP8zgbq7U0QLRenu0Mveay2OnNx7HU+pSTqSYyGuob/9vXamEsyi1DJs2PvFK97mg==
x-fb-trip-id
1850256238
x-frame-options
DENY
date
Tue, 28 Apr 2020 22:14:48 GMT, Tue, 28 Apr 2020 22:14:48 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
248 B
Image
General
Full URL
https://www.facebook.com/tr/?id=389545881899618&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-&rl=&if=false&ts=1588112088852&cd[segment_eid]=T47Y2VPPABDUBJXFROMZZM&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=29&fbp=fb.1.1588112088850.1253697288&it=1588112088761&coo=false&rqm=GET
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:48 GMT, Tue, 28 Apr 2020 22:14:48 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Tue, 28 Apr 2020 22:14:48 GMT
nr-1167.min.js
js-agent.newrelic.com/
26 KB
10 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-1167.min.js
Requested by
Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index?page=content&id=KB92734&viewlocale=fr_fr&locale=fr_fr\r\n\r\nSUMMARY\r\n___________________________________________________\r\n-
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f4ae8a2c83e0a851fd331bbf34d7a6f9184b3e31b6f2e681e8377fb8a8edc10f

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:49 GMT
content-encoding
gzip
x-amz-request-id
9F168BA697B778D0
x-cache
HIT
status
200
content-length
10178
x-amz-id-2
yYgBioLjCplIhDxMZm/PKonf0xZGo/IH9CxBrQAf8lWo1+WyLnApygFOHARQZ+4eJQtQu20EMwQ=
x-served-by
cache-hhn4038-HHN
last-modified
Fri, 07 Feb 2020 23:39:55 GMT
server
AmazonS3
x-timer
S1588112089.290894,VS0,VE0
etag
"8155781ab74e51eee2ead2c1d5902e63"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
12560
adsct
analytics.twitter.com/i/
31 B
652 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nyk4d&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fta2101-plays-government-imposter-distribute-malware-german-italian-and-us.%2Fr%2Fnhttps%3A%2F%2Fkc.mcafee.com%2Fcorporate%2Findex%3Fpage%3Dcontent%26id%3DKB92734%26viewlocale%3Dfr_fr%26locale%3Dfr_fr%5Cr%5Cn%5Cr%5CnSUMMARY%5Cr%5Cn___________________________________________________%5Cr%5Cn-
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 22:14:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
114
pragma
no-cache
last-modified
Tue, 28 Apr 2020 22:14:49 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
ddd77b5ee874c56d25652d0e61ad4643
x-transaction
00be9b3400a88b7c
expires
Tue, 31 Mar 1981 05:00:00 GMT
index.html
js.driftt.com/deploy/assets/ Frame 2EC5
0
0
Document
General
Full URL
https://js.driftt.com/deploy/assets/index.html
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1588112100000/5dfsgn7m2kst.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.89.91 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-89-91.fra50.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
js.driftt.com
:scheme
https
:path
/deploy/assets/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.proofpoint.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://www.proofpoint.com/

Response headers

status
200
content-type
text/html; charset=utf-8
content-length
894
server
nginx
last-modified
Tue, 28 Apr 2020 21:15:37 GMT
x-amz-server-side-encryption
AES256
accept-ranges
bytes
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 28 Apr 2020 22:14:49 GMT
etag
"075ae2b435b075965aabb0a8f10102e6"
cache-control
max-age=10
x-cache
Hit from cloudfront
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
nC9BV_ufYP0yL2Fu6kfK35UfdxEfaEmcECZrqN9u0Kxsjs7Ozdztxg==
0ae22ad83e
bam.nr-data.net/1/
57 B
275 B
Script
General
Full URL
https://bam.nr-data.net/1/0ae22ad83e?a=431033880&v=1167.2a4546b&to=bgQBYERQXBBWVBFbDldOIldCWF0NGHMXRxFYDT9aWVVXP3RYC0YTVg0PUURtfAxTUjNbBE4iDFpCQ10PW1IXH19PCAZD&rst=2864&ref=https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index&ap=493&be=1439&fe=2839&dc=1827&perf=%7B%22timing%22:%7B%22of%22:1588112086442,%22n%22:0,%22f%22:0,%22dn%22:0,%22dne%22:26,%22c%22:26,%22s%22:34,%22ce%22:47,%22rq%22:47,%22rp%22:1433,%22rpe%22:1606,%22dl%22:1436,%22di%22:1827,%22ds%22:1827,%22de%22:1849,%22dc%22:2838,%22l%22:2838,%22le%22:2840%7D,%22navigation%22:%7B%7D%7D&fp=1557&fcp=1557&at=QkMCFgxKTx4%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1167.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.21 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-9.nr-data.net
Software
/
Resource Hash
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Length
57
Content-Type
text/javascript;charset=ISO-8859-1
8142fc18-7ad2-4e50-9010-982d35ea1378
https://www.proofpoint.com/
14 KB
0
Script
General
Full URL
blob:https://www.proofpoint.com/8142fc18-7ad2-4e50-9010-982d35ea1378
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Length
14520
Content-Type
text/html
/
tracking.reactful.com/tracking/879986/
6 B
120 B
XHR
General
Full URL
https://tracking.reactful.com/tracking/879986/
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 28 Apr 2020 22:14:51 GMT
content-encoding
gzip
server
Google Frontend
status
200
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
612034882121942dd332b7b05fa9fd35
cache-control
no-cache
content-length
26
css
fonts.googleapis.com/
25 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 28 Apr 2020 22:14:51 GMT
server
ESF
date
Tue, 28 Apr 2020 22:14:51 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 28 Apr 2020 22:14:51 GMT
mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic
Origin
https://www.proofpoint.com

Response headers

date
Fri, 10 Apr 2020 00:09:41 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:37 GMT
server
sffe
age
1634710
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
9016
x-xss-protection
0
expires
Sat, 10 Apr 2021 00:09:41 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic
Origin
https://www.proofpoint.com

Response headers

date
Sat, 28 Mar 2020 00:54:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
2755200
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
9132
x-xss-protection
0
expires
Sun, 28 Mar 2021 00:54:51 GMT
/
tracking.reactful.com/tracking/879986/
6 B
115 B
XHR
General
Full URL
https://tracking.reactful.com/tracking/879986/
Requested by
Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Tue, 28 Apr 2020 22:14:52 GMT
content-encoding
gzip
server
Google Frontend
status
200
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
x-cloud-trace-context
976bc61b135ca2044cad135f9518a792
cache-control
no-cache
content-length
26
0ae22ad83e
bam.nr-data.net/events/1/
24 B
185 B
XHR
General
Full URL
https://bam.nr-data.net/events/1/0ae22ad83e?a=431033880&v=1167.2a4546b&to=bgQBYERQXBBWVBFbDldOIldCWF0NGHMXRxFYDT9aWVVXP3RYC0YTVg0PUURtfAxTUjNbBE4iDFpCQ10PW1IXH19PCAZD&rst=12865&ref=https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate/index
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1167.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.247.242.21 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
bam-9.nr-data.net
Software
/
Resource Hash

Request headers

Referer
https://www.proofpoint.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
content-type
text/plain

Response headers

Access-Control-Allow-Origin
https://www.proofpoint.com
Access-Control-Allow-Credentials
true
Content-Length
24
Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

146 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| NREUM object| newrelic function| __nr_require object| Modernizr function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| dataLayer object| google_conversion_id object| google_custom_params object| google_remarketing_only function| GooglemKTybQhCsO object| google_conversion_date object| google_conversion_time number| google_conversion_snippets number| google_conversion_first_time object| google_conversion_js_version object| google_conversion_format object| google_enable_display_cookie_match object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_evaluemrc object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_gtag_event_data object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_disable_merchant_reported_conversions object| google_additional_conversion_params object| google_transport_url function| _ function| jQuery undefined| $ object| Backbone object| drupalSettings object| Drupal object| geoip2 function| _toConsumableArray function| BaseClass object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| FontAwesomeConfig object| ___FONT_AWESOME___ object| __algolia function| subscribeToMarketoFormEvent object| MunchkinTracker function| __extends object| Demandbase object| __db function| DBSegment function| ga function| postscribe object| google_tag_manager string| GoogleAnalyticsObject object| uetq string| _linkedin_data_partner_id function| twq function| hj object| _hjSettings object| _qevents object| vimeoGAJS object| _vwo_code number| settings_timer number| _vwo_settings_timer object| _rctfl string| axel number| a function| drift function| driftt string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded function| lintrk boolean| _already_called_lintrk object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| UET function| google_trackConversion object| GooglebQhCsO undefined| b string| _vwo_mt string| _vwo_tm object| vwo_iehack_queue object| twttr function| quantserve function| __qc object| ezt object| _qoptions string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks undefined| adroll_tpc_callback object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| platform boolean| __DRIFTT_WIDGET_INCLUDED__ string| __DRIFT_INSTANCE_ID__ boolean| __DRIFTT_SHOW_WIDGET_ON_BOOT__ boolean| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country number| adroll_xavier_called number| __adroll_xid_ch object| adroll_currency object| adroll_conversion_value object| adroll_conversion_value_in_dollars function| fbq function| _fbq object| adroll_exp_list object| _rctfl_track

17 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUkY_ViPhb7riXBxCrGqSFGRIMPaUWIxIM1urCo-OOua6exNcp8nQlfKyZt-
.proofpoint.com/ Name: _fbp
Value: fb.1.1588112088850.1253697288
www.proofpoint.com/ Name: driftt_sid
Value: 5500e4b0-020a-4243-9d48-71fd045b9ff4
.www.proofpoint.com/ Name: __ar_v4
Value: %7C7YJ7XZCLMRHSVCXIHB5HIT%3A20200428%3A1%7CYV5KYXXEJZATZCT37YRTMK%3A20200428%3A1%7CT47Y2VPPABDUBJXFROMZZM%3A20200428%3A1
.proofpoint.com/ Name: _hjid
Value: be4eb80b-87f6-4977-a1bd-8765ddec0f52
.proofpoint.com/ Name: _ga
Value: GA1.2.304155067.1588112088
.www.proofpoint.com/ Name: __adroll_fpc
Value: 70e4d6e860b8f938955dc1317ac7f477-1588112088634
www.proofpoint.com/ Name: driftt_aid
Value: be7e3cbe-ac4c-4e07-aff2-e371b2c0d502
.proofpoint.com/ Name: _vwo_uuid_v2
Value: D0044DDB650738DD1DAC8B2F067E7C9DB|a72c485456651ac8c430bfd21b74bc76
.proofpoint.com/ Name: _gat_UA-2257074-1
Value: 1
.proofpoint.com/ Name: __qca
Value: P0-1492870213-1588112088598
.proofpoint.com/ Name: incap_ses_246_177663
Value: VyeyET7geTncN0C+LfhpA9eqqF4AAAAAT5cryER/7jPIJMN3QvvqKQ==
.proofpoint.com/ Name: _gid
Value: GA1.2.1128882449.1588112088
www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us./r/nhttps://kc.mcafee.com/corporate Name: pp_user_country
Value: de
.proofpoint.com/ Name: visid_incap_177663
Value: ohAK0KWgTs27OmtapVUZbdeqqF4AAAAAQUIPAAAAAAD1CIf4tuCbkIC2HqEVshLR
.www.proofpoint.com/ Name: _rtfl_s_handshake_guid
Value: 3cda79e5-d1f9-4c3c-a290-a2d9117bd2dc
.proofpoint.com/ Name: _uetsid
Value: _uet51561ab1-cd93-50b9-2386-e9450179bc43

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4788165.fls.doubleclick.net
ad.doubleclick.net
ads.avct.cloud
ads.avocet.io
ads.yahoo.com
adservice.google.com
analytics.twitter.com
api.company-target.com
attr.ml-api.io
bam.nr-data.net
bat.bing.com
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dev.visualwebsiteoptimizer.com
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
fonts.gstatic.com
geoip-js.com
googleads.g.doubleclick.net
gwmtracking.com
ib.adnxs.com
idsync.rlcdn.com
js-agent.newrelic.com
js.driftt.com
match.prod.bidr.io
munchkin.marketo.net
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
px.ads.linkedin.com
rules.quantcount.com
s.adroll.com
s.ml-attr.com
script.hotjar.com
scripts.demandbase.com
secure.adnxs.com
secure.quantserve.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync.outbrain.com
t.co
tracking.g2crowd.com
tracking.reactful.com
trc.taboola.com
ups.analytics.yahoo.com
us-u.openx.net
vars.hotjar.com
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.proofpoint.com
x.bidswitch.net
104.244.42.133
104.244.42.195
13.225.73.113
13.225.73.37
13.225.73.6
143.204.89.126
143.204.89.91
147.75.32.105
147.75.32.13
147.75.84.39
151.101.112.157
151.101.113.44
151.101.114.110
162.247.242.21
172.217.18.6
18.156.0.31
185.33.220.145
185.33.221.50
185.64.189.110
2.18.234.21
216.200.122.11
216.58.205.226
216.58.208.34
23.210.248.216
2600:9000:21f3:9e00:6:44e3:f8c0:93a1
2606:4700::6812:1bbe
2606:4700::6812:bef
2620:1ec:c11::200
2a00:1288:f03d:1fa::4000
2a00:1450:4001:809::2002
2a00:1450:4001:816::200a
2a00:1450:4001:81d::200e
2a00:1450:4001:81f::2004
2a00:1450:4001:820::2003
2a00:1450:4001:820::2013
2a00:1450:4001:825::2002
2a00:1450:4001:825::2003
2a00:1450:4001:825::2008
2a00:1450:400c:c08::9b
2a02:26f0:6c00:296::25ea
2a02:e980:107::cf
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:f500:11:101::b93f:9001
2a05:f500:11:101::b93f:9005
34.250.26.209
34.95.120.147
34.96.102.137
35.241.8.149
52.16.182.42
52.17.245.120
52.215.1.63
52.57.35.19
52.58.189.189
54.93.143.252
68.67.153.60
69.173.144.136
70.42.32.31
88.221.60.75
91.228.74.152
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
0690bd7bd5dff9a6d837f086adea7a573dd523da0195ba086f8b38df995aaf33
0796293ec526d0aa2afcd3a403c1c8b5707863314cf4db4d1bac426ead264416
079e218ad07f42523479d475b4973a6e386ba95209ee964c04c1a6eb6186bda3
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
1c4631c77522b732edeba876cc705e403754d610d035ba70e9dcb2176c88e458
1dc7010e3ba823724e577311b6933f6fbccc0c7f6419fee83b758e11b735eaf5
1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a
1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70
2c271c4a665faddbe0cc0775cffff81a985f7ee272e43b346d81cb0dc4fda652
2cfe7c393d823154ee86def4c4eeeff7520b903871d93073ef7ad566a07ea92d
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
31d3b087d4e992b80db3a2e9f4b4c78d989400e0fd87027a6b4e5aadf2415ae5
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3fff4d39d7b6373df4d2da37edcfc221707441dc8ca8b36c753cb2dd1c790239
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4
4a9abec4e9f9962a1b4ac3f8c3f637be75b3dd39e37a670ca8a33c3c4f9eb2bc
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f3fc31f17996bdcd89a0b6358ef30b10a4d5b8e436dcd786082965f868f3bd8
509e9601aa4504a1ad09b9cfc58415c5402cdc3e4ec0f44146870a3d9c3719da
51f57a3c7d8a7beb3e7d75e5c9efc04404b4270688be21d6570b423731c9ffaf
5451119aa5fd566ad1bc22ab81193be0154f0e80c69a1b5d9c99d217f5737e3a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5845e8453fb8ad463202d8314428e13413d953b87a024ab6eedb0e988e620c19
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5c2dcc7280f9f75b2123f8512238e0fb4598e19f1d4da2206d37e613696b50f2
5f967fd41346c0fc1b9b44fa69c52bf1e754420c59c8017cefb0a14a764cafa4
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b
785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8501e92bdd78cd8e05c8b101891d49c87df8a1b82b3bbfa475c83c14f4f483cf
87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
93fa8b2f6e13b1ac02946cf42cebafaa637e07feb93b926eace76fd5128df564
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
ab7954e1447f64d179eaec1e53a64438f59fc59a3d701897acab070e1138f849
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b8eff877bb3c6f92199e81788b22b43f1c11dbf4a7fc8b381cab815ba6a2a35d
b992f31c27f071a3d45841e24bf889829628caeb20e1dfa426a84969705d6443
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c0269ba28d9ec51948de3000f364e6890e8a369ab832b4deb572415845a39712
c16187e4fc3376f1e9af34703979d3f9d9cca87067adc4a63d2c0cefa5828248
c4a220432424eb8109e2cc0bf6855e684148e606337f706ba226873fdc003a66
c7d7214a0b940c1ffcbd64689a576c5847b42e886da3ad9ea45bc4cda214bac8
c8de55874475c175335f0c6fc79e975cc9325630e3641389c18ae7ae5ab9a981
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a
cc80114d90c7ecae126be5d8af9df7789184890dd1f2aca8d07eb60d96bf5d17
ceb810209db25558f5023859835a13c7ca43a7f77feff6752b042b2a8e9b00bc
cee2bb03171a567a8cd35860be7c776aac49ca6c77516bcc30add40d53a08a01
cef5e7a8bbafdc0187cc3bd50db0417a3ed578deec09d93fe306bddf30a9ba43
d1c6032b67262b3855f2ae2702f0497cf50f3caf6ce5211641f1756ee3a4332b
d43e3abd2704bd958444aa0b7544900b1e13fc70ba557c32167cf8806f406fae
de01cfa09868330494bbf2a8157156aee6f827675d3f050c4b2ddbcf758e0d41
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0b6d26489191155d30162f050cf2a964afb8cf054e3f59e7f710942a9a12293
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8d7c60749c1d62942a8e0a6f901800bd14ff3094251373626cd99a8875c6391
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f156ae940f7e272f1319e3a835871f632bc4275105f4882685a3435d7ed4e3fb
f4ae8a2c83e0a851fd331bbf34d7a6f9184b3e31b6f2e681e8377fb8a8edc10f
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
fa073b185f34f50f1eadab017755057bf1831a50cd86cf2fb6587c3564ee131d
fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd
fab816e037c0f67ab424c67234af03471c66a13357d6e187ecb238a2eac62a04
fe029c6cb1d4cb22e10acd3b28c0ad29c70214c4825c9f6daac95698f71373f2
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a