www.sentinelone.com Open in urlscan Pro
104.26.3.18 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=
Effective URL:
https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1...
Submission: On August 01 via manual (August 1st 2023, 8:22:12 pm UTC) from CA — Scanned from CA

Summary HTTP 202 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 65 IPs in 5 countries across 53 domains to perform 202 HTTP transactions. The main IP is 104.26.3.18, located in and belongs to CLOUDFLARENET, US. The main domain is www.sentinelone.com. The Cisco Umbrella rank of the primary domain is 147229.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 9th 2023. Valid for: a year.

This is the only time www.sentinelone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.17.71.206 104.17.71.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
47	104.26.3.18 104.26.3.18	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6812:a972	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2607:f8b0:402... 2607:f8b0:4020:806::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:402... 2607:f8b0:4020:807::200a	15169 (GOOGLE) (GOOGLE)
1 1	104.66.122.159 104.66.122.159	16625 (AKAMAI-AS) (AKAMAI-AS)
7	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6812:1105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2607:f8b0:402... 2607:f8b0:4020:804::2008	15169 (GOOGLE) (GOOGLE)
2	2606:4700:303... 2606:4700:3037::6815:2d74	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700::68... 2606:4700::6812:d63b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1d26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:402... 2607:f8b0:4020:804::2003	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:402... 2607:f8b0:4020:807::200e	15169 (GOOGLE) (GOOGLE)
1	2600:141b:13:... 2600:141b:13::17d7:82b9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	2607:f8b0:402... 2607:f8b0:4020:804::2002	15169 (GOOGLE) (GOOGLE)
1	3.162.3.96 3.162.3.96	() ()
4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
1	151.101.128.65 151.101.128.65	54113 (FASTLY) (FASTLY)
2	104.77.252.113 104.77.252.113	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.161.213.15 3.161.213.15	() ()
1	162.159.152.17 162.159.152.17	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:26a... 2600:9000:26a0:6e00:11:8a36:7200:93a1	() ()
9	23.33.40.206 23.33.40.206	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:26a... 2600:9000:26a0:9000:15:a0d3:77c0:93a1	() ()
2	3.161.209.109 3.161.209.109	() ()
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
6	34.193.114.176 34.193.114.176	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:9000:269... 2600:9000:269f:8200:2:53b2:240:93a1	() ()
5 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700:303... 2606:4700:3031::ac43:d595	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
6 9	50.17.228.238 50.17.228.238	14618 (AMAZON-AES) (AMAZON-AES)
2	3.162.3.9 3.162.3.9	() ()
1	52.4.10.49 52.4.10.49	14618 (AMAZON-AES) (AMAZON-AES)
1	3.162.3.117 3.162.3.117	() ()
1	2600:1400:d::... 2600:1400:d::1721:ee69	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 5	2607:f8b0:402... 2607:f8b0:4020:805::2004	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:402... 2607:f8b0:4020:807::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
2	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	54.211.223.24 54.211.223.24	14618 (AMAZON-AES) (AMAZON-AES)
2	18.232.216.40 18.232.216.40	14618 (AMAZON-AES) (AMAZON-AES)
1	52.212.193.58 52.212.193.58	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
3	2a02:6ea0:c45... 2a02:6ea0:c454::1	60068 (CDN77 ^_^) (CDN77 ^_^)
1	172.217.13.98 172.217.13.98	15169 (GOOGLE) (GOOGLE)
1 2	172.217.13.134 172.217.13.134	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c19::9c	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:1005	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1 2	34.200.65.202 34.200.65.202	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	172.217.13.194 172.217.13.194	15169 (GOOGLE) (GOOGLE)
2 3	68.67.160.117 68.67.160.117	29990 (ASN-APPNEX) (ASN-APPNEX)
1	13.225.195.97 13.225.195.97	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:402... 2607:f8b0:4020:805::2002	15169 (GOOGLE) (GOOGLE)
1	54.235.212.140 54.235.212.140	14618 (AMAZON-AES) (AMAZON-AES)
1	35.186.247.156 35.186.247.156	15169 (GOOGLE) (GOOGLE)
6	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
8	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1 4	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
1 1	54.83.175.63 54.83.175.63	14618 (AMAZON-AES) (AMAZON-AES)
1	52.71.200.83 52.71.200.83	14618 (AMAZON-AES) (AMAZON-AES)
2 2	44.199.114.142 44.199.114.142	14618 (AMAZON-AES) (AMAZON-AES)
202	65

1 104.17.71.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go2.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 104.26.3.18 (None, )

ASN13335 (CLOUDFLARENET, US)

www.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:a972 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4020:806::200e (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:807::200a (Montreal, Canada)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.66.122.159 (Stockholm, Sweden) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-66-122-159.deploy.static.akamaitechnologies.com

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.17.72.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:1105 (United States)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4020:804::2008 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3037::6815:2d74 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.calibermind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:d63b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1d26 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4020:804::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4020:807::200e (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:82b9 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4020:804::2002 (Montreal, Canada) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.162.3.96 (United States)

ASN- ()
PTR: server-3-162-3-96.yul62.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.128.65 (United States)

ASN54113 (FASTLY, US)

tag.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.77.252.113 (Boston, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-77-252-113.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.161.213.15 (United States)

ASN- ()
PTR: server-3-161-213-15.yul62.r.cloudfront.net

munchkin.brightfunnel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.159.152.17 (None, )

ASN13335 (CLOUDFLARENET, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:26a0:6e00:11:8a36:7200:93a1 (United States)

ASN- ()

cdn.abrankings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.33.40.206 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-33-40-206.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:26a0:9000:15:a0d3:77c0:93a1 (United States)

ASN- ()

www.clickcease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.161.209.109 (United States)

ASN- ()
PTR: server-3-161-209-109.yul62.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.193.114.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-114-176.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:269f:8200:2:53b2:240:93a1 (United States)

ASN- ()

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 5 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:d595 (United States)

ASN13335 (CLOUDFLARENET, US)

e.calibermind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 50.17.228.238 (Ashburn, United States) 6 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-17-228-238.compute-1.amazonaws.com

pixel-geo.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.162.3.9 (United States)

ASN- ()
PTR: server-3-162-3-9.yul62.r.cloudfront.net

api.brightfunnel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.4.10.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-10-49.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.162.3.117 (United States)

ASN- ()
PTR: server-3-162-3-117.yul62.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:d::1721:ee69 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4020:805::2004 (Montreal, Canada) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4020:807::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.211.223.24 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-211-223-24.compute-1.amazonaws.com

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.232.216.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-216-40.compute-1.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.193.58 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-193-58.eu-west-1.compute.amazonaws.com

collector-5527.tvsquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6ea0:c454::1 (New York, United States)

ASN60068 (CDN77 ^_^, GB)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.13.98 (United States)

ASN15169 (GOOGLE, US)
PTR: yul02s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.13.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: yul02s05-in-f6.1e100.net

13115870.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c19::9c (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

327-mnm-087.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.200.65.202 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-65-202.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.13.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: yul03s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.160.117 (New York, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.195.97 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-195-97.yul62.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:805::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.235.212.140 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-235-212-140.compute-1.amazonaws.com

ga.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 15.197.193.217 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.83.175.63 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-175-63.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.71.200.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-200-83.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.199.114.142 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-199-114-142.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	sentinelone.com go2.sentinelone.com — Cisco Umbrella Rank: 605586 www.sentinelone.com — Cisco Umbrella Rank: 147229 go.sentinelone.com — Cisco Umbrella Rank: 279487	965 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 5514 c.6sc.co — Cisco Umbrella Rank: 8744 ipv6.6sc.co — Cisco Umbrella Rank: 5717 b.6sc.co — Cisco Umbrella Rank: 3597	18 KB
9	prfct.co 6 redirects pixel-geo.prfct.co — Cisco Umbrella Rank: 17715	4 KB
9	qualified.com js.qualified.com — Cisco Umbrella Rank: 20745 app.qualified.com — Cisco Umbrella Rank: 21355 assets.qualified.com — Cisco Umbrella Rank: 22698	925 KB
8	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 504	26 KB
8	doubleclick.net 3 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 13115870.fls.doubleclick.net — Cisco Umbrella Rank: 595400 stats.g.doubleclick.net — Cisco Umbrella Rank: 114 cm.g.doubleclick.net — Cisco Umbrella Rank: 239	8 KB
7	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 384 www.linkedin.com — Cisco Umbrella Rank: 543 px4.ads.linkedin.com — Cisco Umbrella Rank: 5993	6 KB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 360	114 KB
6	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	361 B
6	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3 adservice.google.com — Cisco Umbrella Rank: 118	1 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3274	11 KB
6	adsrvr.org 1 redirects js.adsrvr.org — Cisco Umbrella Rank: 1468 insight.adsrvr.org — Cisco Umbrella Rank: 612 match.adsrvr.org — Cisco Umbrella Rank: 379	7 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 58	82 KB
6	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 3887 onesignal.com — Cisco Umbrella Rank: 1358 img.onesignal.com — Cisco Umbrella Rank: 7160	85 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	490 KB
5	google.ca www.google.ca — Cisco Umbrella Rank: 8711	754 B
4	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 5878 api.omappapi.com — Cisco Umbrella Rank: 6101	28 KB
4	bing.com bat.bing.com — Cisco Umbrella Rank: 383	13 KB
4	gstatic.com fonts.gstatic.com	79 KB
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 461 ib.adnxs.com — Cisco Umbrella Rank: 245	2 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 170	241 KB
3	brightfunnel.com munchkin.brightfunnel.com — Cisco Umbrella Rank: 46944 api.brightfunnel.com — Cisco Umbrella Rank: 50711	8 KB
3	calibermind.com cdn.calibermind.com — Cisco Umbrella Rank: 45084 e.calibermind.com — Cisco Umbrella Rank: 42564	60 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 216	2 KB
2	krxd.net 1 redirects usermatch.krxd.net — Cisco Umbrella Rank: 1705 beacon.krxd.net — Cisco Umbrella Rank: 640	219 B
2	openx.net 1 redirects us-u.openx.net — Cisco Umbrella Rank: 482	501 B
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 321	492 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9651	578 B
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 688	842 B
2	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 876	752 B
2	abrankings.com cdn.abrankings.com — Cisco Umbrella Rank: 66838	8 KB
2	quora.com a.quora.com — Cisco Umbrella Rank: 8946 q.quora.com — Cisco Umbrella Rank: 3936	15 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3724	7 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 759 script.hotjar.com — Cisco Umbrella Rank: 988	60 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 92	65 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 302	468 B
1	sentry.io sentry.io — Cisco Umbrella Rank: 214	292 B
1	clearbit.com ga.clearbit.com — Cisco Umbrella Rank: 53068	1 KB
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 380	767 B
1	mktoresp.com 327-mnm-087.mktoresp.com — Cisco Umbrella Rank: 518972	318 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 163	2 KB
1	tvsquared.com collector-5527.tvsquared.com — Cisco Umbrella Rank: 637025	190 B
1	t.co t.co — Cisco Umbrella Rank: 525	376 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 1510	637 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 713	15 KB
1	clickcease.com www.clickcease.com — Cisco Umbrella Rank: 11209	54 KB
1	marinsm.com tag.marinsm.com — Cisco Umbrella Rank: 42255	4 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1368	8 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 795	5 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 634	295 B
1	typography.com 1 redirects cloud.typography.com — Cisco Umbrella Rank: 7685	445 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 79	1 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1241	48 KB
202	53

	Domain	Requested by
47	www.sentinelone.com	go2.sentinelone.com www.sentinelone.com
9	pixel-geo.prfct.co	6 redirects www.sentinelone.com
8	js-agent.newrelic.com	www.sentinelone.com
7	assets.qualified.com	www.sentinelone.com app.qualified.com
7	b.6sc.co	www.sentinelone.com
7	go.sentinelone.com	www.sentinelone.com go.sentinelone.com
7	cdn.cookielaw.org	www.sentinelone.com cdn.cookielaw.org
6	www.facebook.com	www.sentinelone.com
6	tags.srv.stackadapt.com	go2.sentinelone.com tags.srv.stackadapt.com munchkin.brightfunnel.com
6	www.google-analytics.com	www.googletagmanager.com munchkin.brightfunnel.com www.sentinelone.com
6	www.googletagmanager.com	www.sentinelone.com www.googleoptimize.com www.googletagmanager.com
5	www.google.ca	www.sentinelone.com
5	www.google.com	1 redirects www.sentinelone.com
4	px.ads.linkedin.com	4 redirects
4	bat.bing.com	www.googletagmanager.com bat.bing.com www.sentinelone.com
4	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
4	fonts.gstatic.com	fonts.googleapis.com
3	match.adsrvr.org	js.adsrvr.org
3	a.omappapi.com	cdn.cookielaw.org a.omappapi.com
3	connect.facebook.net	go2.sentinelone.com connect.facebook.net
3	onesignal.com	cdn.onesignal.com
2	dpm.demdex.net	2 redirects
2	secure.adnxs.com	1 redirects www.sentinelone.com
2	us-u.openx.net	1 redirects www.sentinelone.com
2	ups.analytics.yahoo.com	1 redirects www.sentinelone.com
2	13115870.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	epsilon.6sense.com	munchkin.brightfunnel.com
2	analytics.twitter.com	www.sentinelone.com
2	api.brightfunnel.com	munchkin.brightfunnel.com
2	px4.ads.linkedin.com	www.sentinelone.com
2	cdn.linkedin.oribi.io	snap.licdn.com
2	js.adsrvr.org	www.googletagmanager.com match.adsrvr.org
2	cdn.abrankings.com	www.googletagmanager.com munchkin.brightfunnel.com
2	munchkin.marketo.net	go2.sentinelone.com munchkin.marketo.net
2	www.youtube.com	www.sentinelone.com www.youtube.com
2	cdn.onesignal.com	www.sentinelone.com cdn.onesignal.com
2	cdn.calibermind.com	www.sentinelone.com
1	img.onesignal.com
1	ib.adnxs.com	1 redirects
1	beacon.krxd.net	js.adsrvr.org
1	usermatch.krxd.net	1 redirects
1	bam.nr-data.net	munchkin.brightfunnel.com
1	insight.adsrvr.org	1 redirects
1	sentry.io	assets.qualified.com
1	ga.clearbit.com	www.googletagmanager.com
1	adservice.google.com	13115870.fls.doubleclick.net
1	api.omappapi.com	munchkin.brightfunnel.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	www.sentinelone.com
1	327-mnm-087.mktoresp.com	munchkin.marketo.net
1	stats.g.doubleclick.net	munchkin.brightfunnel.com
1	www.googleadservices.com	www.googletagmanager.com
1	collector-5527.tvsquared.com	go2.sentinelone.com
1	app.qualified.com	js.qualified.com
1	t.co	www.sentinelone.com
1	ipv6.6sc.co	munchkin.brightfunnel.com
1	c.6sc.co	munchkin.brightfunnel.com
1	script.hotjar.com	static.hotjar.com
1	q.quora.com	www.sentinelone.com
1	alb.reddit.com	www.sentinelone.com
1	e.calibermind.com	cdn.calibermind.com
1	www.linkedin.com	1 redirects
1	static.ads-twitter.com	go2.sentinelone.com
1	www.clickcease.com	go2.sentinelone.com
1	j.6sc.co	go2.sentinelone.com
1	a.quora.com	go2.sentinelone.com
1	munchkin.brightfunnel.com	go2.sentinelone.com
1	tag.marinsm.com	go2.sentinelone.com
1	www.redditstatic.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	snap.licdn.com	www.sentinelone.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	js.qualified.com	www.sentinelone.com
1	cloud.typography.com	1 redirects
1	fonts.googleapis.com	www.sentinelone.com
1	www.googleoptimize.com	www.sentinelone.com
1	go2.sentinelone.com
202	77

This site contains links to these domains. Also see Links.

Domain
onecon.io
jp.sentinelone.com
de.sentinelone.com
es.sentinelone.com
fr.sentinelone.com
it.sentinelone.com
nl.sentinelone.com
kr.sentinelone.com
community.sentinelone.com
partners.sentinelone.com
investors.sentinelone.com
www.dataset.com
www.facebook.com
twitter.com
www.linkedin.com
reddit.com
www.malware-traffic-analysis.net
attack.mitre.org
warnerchad.medium.com
docs.microsoft.com
goo.gl
cookiepedia.co.uk
www.onetrust.com

Subject Issuer	Validity	Valid
go2.sentinelone.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
sentinelone.com Cloudflare Inc ECC CA-3	`2023-04-09` - `2024-04-08`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
go.sentinelone.com Cloudflare Inc ECC CA-3	`2023-04-22` - `2024-04-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
calibermind.com E1	`2023-06-26` - `2023-09-24`	3 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-12` - `2023-10-08`	6 months	crt.sh
tag.marinsm.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-01` - `2024-08-01`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
*.brightfunnel.com Amazon RSA 2048 M02	`2023-02-28` - `2024-02-12`	a year	crt.sh
quora.com R3	`2023-06-21` - `2023-09-19`	3 months	crt.sh
cdn.abrankings.com Amazon RSA 2048 M02	`2023-03-19` - `2024-04-16`	a year	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
clickcease.com Amazon RSA 2048 M02	`2022-10-27` - `2023-11-25`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-02-27` - `2023-11-07`	8 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-19` - `2023-10-15`	6 months	crt.sh
*.quora.com R3	`2023-07-12` - `2023-10-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2023-02-01` - `2024-02-01`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-31` - `2024-01-30`	a year	crt.sh
app.qualified.com R3	`2023-07-22` - `2023-10-20`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-24` - `2024-06-21`	a year	crt.sh
*.tvsquared.com Amazon RSA 2048 M02	`2023-07-02` - `2024-07-30`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-11` - `2023-08-09`	3 months	crt.sh
a.omappapi.com R3	`2023-07-09` - `2023-10-07`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
*.prfct.co GlobalSign RSA OV SSL CA 2018	`2022-10-28` - `2023-11-29`	a year	crt.sh
api.opmnstr.com Amazon RSA 2048 M01	`2023-03-01` - `2024-02-08`	a year	crt.sh
clearbit.com Amazon RSA 2048 M02	`2022-10-18` - `2023-11-16`	a year	crt.sh
sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-06` - `2024-07-06`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2023-04-14` - `2024-04-12`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Frame ID: 3E14E3F67D35CCB41F7BD5D5665A69DF
Requests: 192 HTTP requests in this frame

Frame: https://go.sentinelone.com/index.php/form/XDFrame
Frame ID: F3DB8F75DFF2D5D585B6FAC101FBB3D2
Requests: 2 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/ZQoyHXFTqngPcfcB/messenger?uuid=c405e29e-fe25-4be1-8caf-f8f7d9809752
Frame ID: 600E12F461A21F5B30648BEF0C8326E4
Requests: 9 HTTP requests in this frame

Frame: https://13115870.fls.doubleclick.net/activityi;dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Frame ID: 5FCC5F546E90CEB0A13519775FC37AFD
Requests: 2 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/upb/?adv=vfu9xa7&ref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&upid=jskiafk&upv=1.1.0
Frame ID: 7C7099F753BDD854D80C3A8B6AD02D1A
Requests: 2 HTTP requests in this frame

Frame: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
Frame ID: FCD2A7810611C5EFD349515777D78640
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
Frame ID: 10C5725B63CFFBB5F331CCD943527D5B
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=6920430625960981827&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
Frame ID: D5EEE99D2859CA105861F5F887F483A4
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 5B70AAC0CB5FE6946CE5DF2D5A157C15
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 5A81CC4BE965D641FA66B6ECF9F62749
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Deconstructing PowerShell Obfuscation in Malspam Campaigns - SentinelOneBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiV... Page URL
https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

202
Requests

95 %
HTTPS

41 %
IPv6

53
Domains

77
Subdomains

65
IPs

5
Countries

3523 kB
Transfer

10172 kB
Size

72
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: https://onecon.io/
Title: Register Now

Search URL Search Domain Scan URL

URL: https://jp.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/
Title: 日本語

Search URL Search Domain Scan URL

URL: https://de.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://es.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/
Title: Español

Search URL Search Domain Scan URL

URL: https://fr.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/
Title: Français

Search URL Search Domain Scan URL

URL: https://it.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/
Title: Italiano

Search URL Search Domain Scan URL

URL: https://nl.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/
Title: Dutch

Search URL Search Domain Scan URL

URL: https://kr.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/
Title: 한국어

Search URL Search Domain Scan URL

URL: https://community.sentinelone.com/
Title: SentinelOne Community Community Login

Search URL Search Domain Scan URL

URL: https://partners.sentinelone.com/English/
Title: Channel Partners Deliver the Right Solutions, Together

Search URL Search Domain Scan URL

URL: https://investors.sentinelone.com/
Title: Investor Relations Financial Information & Events

Search URL Search Domain Scan URL

URL: https://www.dataset.com/
Title: DataSet The Live Data Platform

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/&text=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/

Search URL Search Domain Scan URL

URL: https://twitter.com/vxunderground
Title: vx-underground

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/ankithbharadwaj/
Title: Ankith Bharadwaj

Search URL Search Domain Scan URL

URL: https://twitter.com/bherund
Title: @bherund

Search URL Search Domain Scan URL

URL: https://www.malware-traffic-analysis.net/2022/01/04/index.html
Title: here

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027/
Title: T1027: Obfuscated Files or Information

Search URL Search Domain Scan URL

URL: https://warnerchad.medium.com/how-to-defang-urls-ip-addresses-email-addresses-e7d4a57a7840
Title: defanged

Search URL Search Domain Scan URL

URL: https://www.malware-traffic-analysis.net/2021/08/05/index.html
Title: here

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1140/
Title: T1140: Deobfuscate/Decode Files or Information

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1497/003/
Title: T1497.003: Virtualization/Sandbox Evasion: Time Based Evasion

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1197/
Title: BITS

Search URL Search Domain Scan URL

URL: https://www.malware-traffic-analysis.net/2021/01/06/index.html
Title: here

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1564/003/
Title: T1564.003: Hide Artifacts: Hidden Window

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_special_characters?view=powershell-7.2
Title: escape sequences

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1566/001/
Title: T1566.001:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/001/
Title: T1059.001:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1059/005/
Title: T1059.005:

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1204/002/
Title: T1204.002:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/2886771/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/SentinelOne
Title: Twitter

Search URL Search Domain Scan URL

URL: https://goo.gl/e5C9f4
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SentinelOne
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SentinelOne/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sentinelone/

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU= Page URL
https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://cloud.typography.com/7197018/6979812/css/fonts.css HTTP 302
https://www.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

Request Chain 104

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432890%26time%3D1690921326543%26url%3Dhttps%253A%252F%252Fwww.sentinelone.com%252Fblog%252Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%252F%253Fmkt_tok%253DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&cookiesTest=true&liSync=true&e_ipv6=AQLdsbF4mvI18gAAAYmyw9qzI6l98yJxr3Bp8QImmyf46aUbXS-63MkDIdgCkorpopxtQ4ya

Request Chain 112

https://pixel-geo.prfct.co/tagjs?a_id=56252&source=js_tag HTTP 302
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag

Request Chain 145

https://13115870.fls.doubleclick.net/activityi;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA HTTP 302
https://13115870.fls.doubleclick.net/activityi;dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA

Request Chain 146

https://px.ads.linkedin.com/collect/?pid=432890&conversionId=2402852&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=432890&conversionId=2402852&fmt=gif&e_ipv6=AQI_oC_oMisZ1QAAAYmyw9thBToByLKzUIB7SKm0NHwH7_EpU9_jVzTuF68XfvJvvk9hBgX9

Request Chain 162

https://pixel-geo.prfct.co/cs/?partnerId=twtr HTTP 302
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_LEgw1Bqwl8Y13mSDx

Request Chain 163

https://pixel-geo.prfct.co/cs/?partnerId=yah HTTP 302
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_LEgw1Bqwl8Y13mSDx&_origin=1 HTTP 302
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_LEgw1Bqwl8Y13mSDx&_origin=1&verify=true

Request Chain 164

https://pixel-geo.prfct.co/cs/?partnerId=opx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_LEgw1Bqwl8Y13mSDx HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_LEgw1Bqwl8Y13mSDx

Request Chain 165

https://pixel-geo.prfct.co/cs/?partnerId=rbcn HTTP 302
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_LEgw1Bqwl8Y13mSDx

Request Chain 166

https://pixel-geo.prfct.co/cs/?partnerId=goo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfTEVndzFCcXdsOFkxM21TRHg HTTP 302
https://pixel-geo.prfct.co/cb?partnerId=goo

Request Chain 168

https://secure.adnxs.com/seg?t=2&add=4530935 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

Request Chain 171

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/?random=1488187158&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&label=P7U6CJqLydsBEKDAz84D&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&value=0&auid=1695687676.1690921326&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=b2nJZOn6HLqXoPMPgOKI2AM&sscte=1&crd=&eitems=ChEI8NqipgYQ6Mj-nbmb14-oARIdAPLPfzcBTwm5uCyZt7a19QJSbv5Uz2EEXxwqu-k&pscrd=Ek5DaEFJOE5xaXBnWVE2djd1b19UdnhQZDRFaVlBZVJjREotY21IeEl5N0FtU204Q3ZXMWk3aERTbGNqYnc4ejdHVml5cG96VFZSaTgwQkEaWENoQUk4TnFpcGdZUXVjckZtWnFwdkwwSUVpNEFyblg5Y0ZRUk9BX3hfZEFzZWlLNTBEQ1NsVUpJTHM0RmxVdDlpMlJjYWZZbFNjR3FTU084RE5PcnhUUTciEwip7sTopLyAAxW6C2gIHQAxAjs HTTP 302
https://www.google.com/pagead/1p-conversion/970186784/?random=1488187158&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&label=P7U6CJqLydsBEKDAz84D&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&value=0&auid=1695687676.1690921326&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJOE5xaXBnWVE2djd1b19UdnhQZDRFaVlBZVJjREotY21IeEl5N0FtU204Q3ZXMWk3aERTbGNqYnc4ejdHVml5cG96VFZSaTgwQkEaWENoQUk4TnFpcGdZUXVjckZtWnFwdkwwSUVpNEFyblg5Y0ZRUk9BX3hfZEFzZWlLNTBEQ1NsVUpJTHM0RmxVdDlpMlJjYWZZbFNjR3FTU084RE5PcnhUUTciEwip7sTopLyAAxW6C2gIHQAxAjs&is_vtc=1&ocp_id=b2nJZOn6HLqXoPMPgOKI2AM&cid=CAQSKQBpAlJWSFqv9GzcLom9kHpBKcEOrIXYDZib98y27UF1m6bQFbXBW_Q1&eitems=ChEI8NqipgYQ6Mj-nbmb14-oARIdAPLPfzdSg4jHTgkL_k0FweFFoJAMrEDzoXMSeDI&random=873637039 HTTP 302
https://www.google.ca/pagead/1p-conversion/970186784/?random=1488187158&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&label=P7U6CJqLydsBEKDAz84D&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&value=0&auid=1695687676.1690921326&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJOE5xaXBnWVE2djd1b19UdnhQZDRFaVlBZVJjREotY21IeEl5N0FtU204Q3ZXMWk3aERTbGNqYnc4ejdHVml5cG96VFZSaTgwQkEaWENoQUk4TnFpcGdZUXVjckZtWnFwdkwwSUVpNEFyblg5Y0ZRUk9BX3hfZEFzZWlLNTBEQ1NsVUpJTHM0RmxVdDlpMlJjYWZZbFNjR3FTU084RE5PcnhUUTciEwip7sTopLyAAxW6C2gIHQAxAjs&is_vtc=1&ocp_id=b2nJZOn6HLqXoPMPgOKI2AM&cid=CAQSKQBpAlJWSFqv9GzcLom9kHpBKcEOrIXYDZib98y27UF1m6bQFbXBW_Q1&eitems=ChEI8NqipgYQ6Mj-nbmb14-oARIdAPLPfzdSg4jHTgkL_k0FweFFoJAMrEDzoXMSeDI&random=873637039&ipr=y

Request Chain 191

https://insight.adsrvr.org/track/up?adv=vfu9xa7&ref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&upid=jskiafk&upv=1.1.0 HTTP 302
https://match.adsrvr.org/track/upb/?adv=vfu9xa7&ref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&upid=jskiafk&upv=1.1.0

Request Chain 201

https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6

Request Chain 202

https://dpm.demdex.net/ibs:dpid=903&dpuuid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam

Request Chain 203

https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=6920430625960981827&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6

202 HTTP transactions
11 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 302 MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=
go2.sentinelone.com/ 584 B
1 KB 178ms
111ms Document
text/html 104.17.71.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-Td0jYLzxf2qc1PrmXWdSlLssXYrvbCBejchyBsZIXyw=';object-src 'none';form-action:'none';frame-src:'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private, no-cache, no-store, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 7f00ca6f5e9ba22e-YYZ
content-security-policy: default-src 'self'; img-src 'self';script-src 'self' 'sha256-Td0jYLzxf2qc1PrmXWdSlLssXYrvbCBejchyBsZIXyw=';object-src 'none';form-action:'none';frame-src:'none'
content-type: text/html;charset=UTF-8
date: Tue, 01 Aug 2023 20:22:00 GMT
referrer-policy: strict-origin
server: cloudflare
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-request-id: 9af13648e3c7793d

GET
H2 200 Primary Request / Show response
www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/ 149 KB
37 KB 3441ms
3389ms Document
text/html 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA

Requested by

Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a30bb88da5b980681d89e730a34253d939ce2154f3d211f2c98fde3927ada334

Security Headers

Name	Value
Content-Security-Policy	object-src 'none'; script-src 'unsafe-eval' https://snap.licdn.com/ https://cdn.calibermind.com/ https://a.quora.com/ https://app.cdn.lookbookhq.com/ https://connect.facebook.net/ https://ct.capterra.com/ https://ga.clearbit.com/ https://js.adsrvr.org/ https://munchkin.brightfunnel.com/ https://munchkin.marketo.net/ https://static.ads-twitter.com/ 'unsafe-inline' http://schema.org https://.cloudfront.net/ https://.googletagmanager.com https://a.omappapi.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://cdn.abrankings.com https://cdn.abrankings.com/ https://cdn.cookielaw.org/ https://cdn.datatables.net/ https://cdn.jsdelivr.net/ https://cdn.onesignal.com/ https://cdnjs.cloudflare.com/ https://cloud.typography.com/ https://code.jquery.com/ https://collector-5527.tvsquared.com/ https://fonts.googleapis.com/ https://go.sentinelone.com/ https://googleads.g.doubleclick.net/ https://j.6sc.co/ https://js.maxmind.com/ https://js.qualified.com/ https://onesignal.com/ https://pixel-geo.prfct.co/ https://platform-api.sharethis.com/ https://platform.twitter.com/ https://pt.ispot.tv/ https://pubads.g.doubleclick.net/ https://px.spiceworks.com/ https://script.hotjar.com/ https://scripts.demandbase.com/ https://sentinelone.com https://ssl.google-analytics.com https://staging.s1preview.com/ https://static.hotjar.com/ https://tag.marinsm.com/ https://ws.qualified.com/ https://www.clickcease.com/ https://www.google-analytics.com https://www.google-analytics.com/ https://www.google.com/* https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/* https://www.redditstatic.com/ https://www.vantajs.com/ https://www.youtube.com/ https://yoast.com/ https://www.google.com/ https://qualified.com/ https://www.vantajs.com/ https://js.maxmind.com/ https://cdn.onesignal.com/ https://cdn.datatables.net/ https://platform-api.sharethis.com/ https://yoast.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/ https://js-agent.newrelic.com/ https://www.sentinelone.com/ https://boards.greenhouse.io/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ https://bam.nr-data.net/ https://cdn.linkedin.oribi.io/ https://fr.sentinelone.com/ https://it.sentinelone.com/ https://jp.sentinelone.com/ https://de.sentinelone.com/ https://it.sentinelone.com/ https://es.sentinelone.com/ https://nl.sentinelone.com/ https://kr.sentinelone.com/ https://www.google.it/ https://www.google.co.jp/ https://www.google.de/ https://ar.sentinelone.com/ https://www.google.es/ https://www.google.fr/ https://www.google.nl/ https://sonix.ai https://bam.nr-data.net/ https://docs.google.com/ https://apis.google.com/js/api.js/ https://accounts.google.com/ https://.googleapis.com .google.com https://*.gstatic.com https://sheets.googleapis.com/ https://tags.srv.stackadapt.com/events.js; frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://go2.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=60
cf-cache-status: MISS
cf-ray: 7f00ca707f925425-YYZ
content-encoding: br
content-security-policy: object-src 'none'; script-src 'unsafe-eval' https://snap.licdn.com/ https://cdn.calibermind.com/ https://a.quora.com/ https://app.cdn.lookbookhq.com/ https://connect.facebook.net/ https://ct.capterra.com/ https://ga.clearbit.com/ https://js.adsrvr.org/ https://munchkin.brightfunnel.com/ https://munchkin.marketo.net/ https://static.ads-twitter.com/ 'unsafe-inline' http://schema.org https://*.cloudfront.net/ https://*.googletagmanager.com https://a.omappapi.com/ https://analytics.twitter.com/ https://bat.bing.com/ https://cdn.abrankings.com https://cdn.abrankings.com/ https://cdn.cookielaw.org/ https://cdn.datatables.net/ https://cdn.jsdelivr.net/ https://cdn.onesignal.com/ https://cdnjs.cloudflare.com/ https://cloud.typography.com/ https://code.jquery.com/ https://collector-5527.tvsquared.com/ https://fonts.googleapis.com/ https://go.sentinelone.com/ https://googleads.g.doubleclick.net/ https://j.6sc.co/ https://js.maxmind.com/ https://js.qualified.com/ https://onesignal.com/ https://pixel-geo.prfct.co/ https://platform-api.sharethis.com/ https://platform.twitter.com/ https://pt.ispot.tv/ https://pubads.g.doubleclick.net/ https://px.spiceworks.com/ https://script.hotjar.com/ https://scripts.demandbase.com/ https://sentinelone.com https://ssl.google-analytics.com https://staging.s1preview.com/ https://static.hotjar.com/ https://tag.marinsm.com/ https://ws.qualified.com/ https://www.clickcease.com/ https://www.google-analytics.com https://www.google-analytics.com/ https://www.google.com/* https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/* https://www.redditstatic.com/ https://www.vantajs.com/ https://www.youtube.com/ https://yoast.com/ https://www.google.com/ https://qualified.com/ https://www.vantajs.com/ https://js.maxmind.com/ https://cdn.onesignal.com/ https://cdn.datatables.net/ https://platform-api.sharethis.com/ https://yoast.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/ https://js-agent.newrelic.com/ https://www.sentinelone.com/ https://boards.greenhouse.io/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ https://bam.nr-data.net/ https://cdn.linkedin.oribi.io/ https://fr.sentinelone.com/ https://it.sentinelone.com/ https://jp.sentinelone.com/ https://de.sentinelone.com/ https://it.sentinelone.com/ https://es.sentinelone.com/ https://nl.sentinelone.com/ https://kr.sentinelone.com/ https://www.google.it/ https://www.google.co.jp/ https://www.google.de/ https://ar.sentinelone.com/ https://www.google.es/ https://www.google.fr/ https://www.google.nl/ https://sonix.ai https://bam.nr-data.net/ https://docs.google.com/ https://apis.google.com/js/api.js/ https://accounts.google.com/ https://*.googleapis.com *.google.com https://*.gstatic.com https://sheets.googleapis.com/ https://tags.srv.stackadapt.com/events.js; frame-ancestors 'self' http://sentinelone.lookbookhq.com https://sentinelone.lookbookhq.com http://sentinelone.pathfactory.com https://sentinelone.pathfactory.com http://assets.sentinelone.com https://assets.sentinelone.com https://app.scalyr.com https://app.eu.scalyr.com localhost;
content-type: text/html; charset=UTF-8
date: Tue, 01 Aug 2023 20:22:04 GMT
expect-ct: enforce; max-age=2592000;
last-modified: Tue, 01 Aug 2023 20:22:04 GMT
link: <https://www.sentinelone.com/wp-json/>; rel="https://api.w.org/", <https://www.sentinelone.com/wp-json/wp/v2/posts/82853>; rel="alternate"; type="application/json", <https://www.sentinelone.com/?p=82853>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NLVesZo0CWeVfKvIAUVrN2YXAceQceVS6%2F2sMR30Ik6nSyCUPo1X5txAQ5JFBpdG344J6pioyfnKQWzrhQuIoDFrAATYk5VOpfSLEb6%2FIKib21Tg2rSg85568DjgX1oFW37GKkg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
x-cache: MISS, MISS, MISS, MISS
x-cache-hits: 0, 0, 0, 0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe2-b-96855f667-fkk6n
x-served-by: cache-chi-kigq8000039-CHI, cache-yyz4565-YYZ, cache-yyz4570-YYZ, cache-yyz4570-YYZ
x-styx-req-id: 125f72d3-30a9-11ee-b38f-7a72ead39caf
x-timer: S1690921321.051261,VS0,VE3333
x-xss-protection: 1; mode=block

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 74ms
46ms Script
application/javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Aug 2023 20:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: DflSFdkyRucOaDW0H1U81w==
age: 16987
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6821
x-ms-lease-status: unlocked
last-modified: Mon, 31 Jul 2023 17:14:50 GMT
server: cloudflare
etag: 0x8DB91E9A5FA145D
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 989ca96b-e01e-017a-45e7-c3f4fe000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f00ca85fe9233fa-YUL

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 122 KB
48 KB 93ms
50ms Script
application/javascript 2607:f8b0:4020:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=OPT-W2VRGSJ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

217e86bb45741e9d750012d94982ab4f69aa9376b60ac4ce981e0d98ff40e462

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48335
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 01 Aug 2023 20:22:04 GMT

GET
H2 200 classic-themes.min.css
www.sentinelone.com/wp-includes/css/ 291 B
658 B 54ms
51ms Stylesheet
text/css 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-includes/css/classic-themes.min.css?ver=12c9789c4528a9431963b4b52733d818

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 7, 1728, 0, 0
x-served-by: cache-chi-kigq8000152-CHI, cache-yyz4522-YYZ, cache-yyz4568-YYZ, cache-yyz4568-YYZ
last-modified: Mon, 24 Jul 2023 10:30:11 GMT
server: cloudflare
x-timer: S1690921324.451537,VS0,VE11
etag: W/"64be52b3-123"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bnz3iYfi%2B8aNgdVKE1%2FtQ6yx2Ldtfv%2FHw%2B7jfXJ2ZtIFO2CNN3aWK11WBRitvSfINDuRNSU0czi5LC6Ihs5A5t6bEy1RCKLh9%2Fs9oaLtj98jojXOOkNmKEDjF2D2%2FmHb6qHwhyw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 1cd773d8-2a34-11ee-868b-aae9a8c6b93f
cache-control: max-age=60
cf-ray: 7f00ca85ba3c5425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-drrxl

GET
H2 200 tp_twitter_plugin.css
www.sentinelone.com/wp-content/plugins/recent-tweets-widget/ 529 B
917 B 44ms
42ms Stylesheet
text/css 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3109fef8b2a9ab71fca698483d2bae36d8fed772517c259dacce872e739bb690

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 7, 3641, 0, 0
x-served-by: cache-chi-kigq8000077-CHI, cache-yyz4547-YYZ, cache-yyz4570-YYZ, cache-yyz4570-YYZ
last-modified: Sun, 23 Jul 2023 19:48:48 GMT
server: cloudflare
x-timer: S1690921324.450032,VS0,VE4
etag: W/"64bd8420-211"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CP7ohwzbK%2BRvhDbIgklZDxSD3o8FMkrPzwXqDtk0OrcnfqKhBNiA5QnaCWu0g9ezoT9F%2FVMan0SD40A1%2BIhCoFgADXU90AMy14iAR7%2FBb6HpnRB2W1e9z7SWV4YKchutWUeuiGU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 1cd833a7-2a34-11ee-98ea-aadf252a565b
cache-control: max-age=60
cf-ray: 7f00ca85ba3e5425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-b278r

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 81ms
41ms Stylesheet
text/css 2607:f8b0:4020:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::200a Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6bc7e5dfe9784d1c955897354de762f1cc8e8d5b65bd40e1320855e8f698ff0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 01 Aug 2023 20:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 20:22:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 01 Aug 2023 20:22:04 GMT

GET
H2

200

2EC96BA1F5C4837D6.css
www.sentinelone.com/fonts/804059/
Redirect Chain

https://cloud.typography.com/7197018/6979812/css/fonts.css
https://www.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

104 KB
78 KB

50ms
50ms

Stylesheet
text/css

104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css

Requested by

Protocol

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba0429c39149c85d1a9b6d03e40a59de57367d1fd22bbab68bee7e0b17c05f2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 16, 196, 0, 0
x-served-by: cache-chi-kigq8000143-CHI, cache-yyz4538-YYZ, cache-yyz4555-YYZ, cache-yyz4555-YYZ
last-modified: Mon, 24 Jul 2023 11:10:46 GMT
server: cloudflare
x-timer: S1690921326.896126,VS0,VE3
etag: W/"64be5c36-1a12c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cWVQbjLGN6kK3tM063jpMwbj8bPq8RgLIuoDHpQlxYFZrrLhn7087t9CoyaEduzx5U4vvIK1lc4w3F4RWZJYhuybxynL5MApYIH5ieJq6rh5gi5ZrY9VSgRg3brOlDJTB5R3c9k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 1cf13374-2a34-11ee-9a0b-2e75559b82ba
cache-control: max-age=60
cf-ray: 7f00ca8ebec25425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-l7gfg

Redirect headers

Date: Tue, 01 Aug 2023 20:22:05 GMT
Last-Modified: Tue, 01 Dec 2020 05:53:09 GMT
Server: AkamaiNetStorage
X-HCo-pid: 16
ETag: "899001ab6b567a7d825fb8979f065c90:1634876148.55923"
Content-Type: text/html
Location: https://www.sentinelone.com/fonts/804059/2EC96BA1F5C4837D6.css
Cache-Control: must-revalidate, private
Connection: keep-alive
Content-Length: 154
Expires: Tue, 01 August 2023 20:22:05 GMT

GET
H2 200 style.min.css
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/ 770 KB
89 KB 60ms
59ms Stylesheet
text/css 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cc7aa1d0e20765408f1a5f78d55f9f366eb1f910fe4da807ccb1cd5ab66c8f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Tue, 30 Jul 2024 11:48:52 GMT
date: Tue, 01 Aug 2023 20:22:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 15, 86, 0, 0
x-served-by: cache-chi-klot8100154-CHI, cache-yyz4528-YYZ, cache-yyz4561-YYZ, cache-yyz4561-YYZ
last-modified: Sun, 30 Jul 2023 11:48:48 GMT
server: cloudflare
x-timer: S1690921324.458423,VS0,VE6
etag: W/"64c64e20-c08f8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PWG6i1xIyTo8%2Bxly7xI39O21ojwEsEhOiC%2Bc7VH6VRngoE6FfhH4RVk9vRFzA3k5w2CS6QF0NHkK7Lp34jNyrx2mUY5iA2vN%2BLEN5q5iiuluynAH3Alc6LYvG3vhbERh78Pzbhk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 0e40eec1-2ecf-11ee-84a2-3e954241eead
cache-control: max-age=60
cf-ray: 7f00ca85ba405425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-7b694cf97c-bh9hf

GET
H2 200 jquery-3.5.1.min.js Show response
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/components/jquery/ 87 KB
32 KB 56ms
54ms Script
application/x-javascript 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/components/jquery/jquery-3.5.1.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 7, 2793, 0, 0
x-served-by: cache-chi-kigq8000074-CHI, cache-yyz4547-YYZ, cache-yyz4583-YYZ, cache-yyz4583-YYZ
last-modified: Sun, 23 Jul 2023 19:48:49 GMT
server: cloudflare
x-timer: S1690921324.450964,VS0,VE8
etag: W/"64bd8421-15d84"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OBW%2FebjmrEGT%2Bn%2BjjUlXofwe3fn9BQJeQMZSNOAIyj9FbMJ%2FSWhv8faALgyrAGvvQSpxa7mXBv5TCiQj2BHiHvpRLJjeRObY1ivNuQBJEofInxE4i8sKctDrvIVr3R9fY3u6TQM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 1cd930a8-2a34-11ee-b81f-9624460b1b13
cache-control: max-age=60
cf-ray: 7f00ca85ba415425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-jfzqd

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ 208 KB
70 KB 115ms
32ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 5822
etag: "c807f5-34099-60062cdee3780"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 7f00ca8639e3a22c-YYZ
expires: Wed, 02 Aug 2023 00:22:04 GMT

GET
H2 200 header.min.js Show response
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/ 164 KB
44 KB 64ms
63ms Script
application/x-javascript 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/header.min.js?ver=1690717730

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0da08befe5a68eec43e1e5598ae8f09c574234a20c164c52c16ed0938712ca5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Tue, 30 Jul 2024 11:48:52 GMT
date: Tue, 01 Aug 2023 20:22:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 16, 595, 0, 0
x-served-by: cache-chi-kigq8000163-CHI, cache-yyz4554-YYZ, cache-yyz4577-YYZ, cache-yyz4577-YYZ
last-modified: Sun, 30 Jul 2023 11:48:47 GMT
server: cloudflare
x-timer: S1690921324.456620,VS0,VE7
etag: W/"64c64e1f-2903b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8PYTX%2B2NZ9vfKUI6L%2FRitgmZBFJI4NKaSWpXUNYqJ7Hd5rHB7Qprome5u0CvlOPlxw1mpJHZNjBl0aE2CzweOjZhfMWc1pmPXhDhuZ49Eoy9f9%2FgvHuFdrUNAU0AZqSAlDGVtM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 0e446fb1-2ecf-11ee-9eb8-5602322aa21b
cache-control: max-age=60
cf-ray: 7f00ca85ba435425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-7b694cf97c-6c52s

GET
H2 200 qualified.js Show response
js.qualified.com/ 751 KB
193 KB 228ms
185ms Script
text/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=ZQoyHXFTqngPcfcB

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a351647a3172d17c0426bb9059dcd9b3d3f01ad35b462c3d8c72dedfb4c7bf01

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:05 GMT
content-encoding: gzip
via: 1.1 spaces-router (devel)
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: MISS
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: febd4b59-87c4-d9a0-ec8b-6d3dc0838f6c
pragma: no-cache
x-runtime: 0.033680
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"a351647a3172d17c0426bb9059dcd9b3"
x-download-options: noopen
vary: Accept,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 7f00ca8a4b904bd0-YUL
expires: Wed, 02 Aug 2023 00:22:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 258 KB
86 KB 90ms
52ms Script
application/javascript 2607:f8b0:4020:804::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KJPGLC9EVP

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cf39ab777e32ac68fb938fc9549f047b8cc8810368235c48dc87d6baf9c485d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88156
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 01 Aug 2023 20:22:05 GMT

GET
H2 200 onecon_logo_white-1.svg
www.sentinelone.com/wp-content/uploads/2023/05/ 4 KB
2 KB 40ms
39ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2023/05/onecon_logo_white-1.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e55c6603a9d23f3febea8ffdd6caf6abb434a00ac66c6f93e963d5c80be06ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Fri, 21 Jun 2024 18:15:19 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 1, 265, 0, 0
x-served-by: cache-chi-kigq8000055-CHI, cache-yyz4552-YYZ, cache-yyz4561-YYZ, cache-yyz4561-YYZ
last-modified: Thu, 25 May 2023 01:20:27 GMT
server: cloudflare
x-timer: S1690921326.545513,VS0,VE3
etag: W/"646eb7db-ea7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MR4Baq%2FRFpudFBePgtklagdQnKwMh7eNY2D63MTi15Z9G8mWku1t2loGcm35Gs3faObcJDJMU2KHPUVoYlsZNrhQw2W15%2BrWoFRHHN1PnNLiOEiXWV5p1QlgQ7xKxVnEB5i6bLw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 94ca9d4b-105f-11ee-9c4a-c2c66469d3ff
cache-control: max-age=60
cf-ray: 7f00ca8c9c4e5425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-7f4f4c4f48-jvdhl

GET
H2 200 search-icon-white.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 681 B
865 B 54ms
54ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon-white.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5466092ef0deb16007dc2e8e61eb345b380ab6663bd3ef41808ffb7360abd61a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 10, 1431, 0, 0
x-served-by: cache-chi-kigq8000141-CHI, cache-yyz4567-YYZ, cache-yyz4523-YYZ, cache-yyz4523-YYZ
last-modified: Mon, 24 Jul 2023 11:10:49 GMT
server: cloudflare
x-timer: S1690921326.597870,VS0,VE4
etag: W/"64be5c39-2a9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sFAZCIZ6OU%2F6UO80yuBlBkmh%2B8DsgXUoM84czrFams8fcuVmKPWj%2BUOBLk6eMqG10vdwM9GFohXwyJO%2FLviUlrDVaF%2BRC97lPdEpiulMJErx2W%2FC3YP%2B1c7a6QPM6q5IKNov%2Fb4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d131b77-2a34-11ee-8009-96164f0cdee0
cache-control: max-age=60
cf-ray: 7f00ca8cdc895425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-cbqln

GET
H2 200 search-icon.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 681 B
866 B 41ms
41ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/search-icon.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

516cbc569d4e8f15ac7917f186a911d85fd0aaca2d0ca074a6583e95486af856

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 8, 1774, 0, 0
x-served-by: cache-chi-kigq8000107-CHI, cache-yyz4575-YYZ, cache-yyz4542-YYZ, cache-yyz4542-YYZ
last-modified: Sun, 23 Jul 2023 19:48:50 GMT
server: cloudflare
x-timer: S1690921326.642301,VS0,VE4
etag: W/"64bd8422-2a9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=07ukbcBnvAxIbujNx1j2y160zhZo8YUdCs%2FXAyF5P68yIjI%2BvBNuU3gZ80ezws8Kh4Le%2BxvV5JjKniftsNIjV85xBchtssv65ikQOvnx865ibHiQURs%2FRG69Ri697HmSqm297nI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d119e38-2a34-11ee-9a0b-2e75559b82ba
cache-control: max-age=60
cf-ray: 7f00ca8d2cf55425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-l7gfg

GET
H2 200 navigation-close.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 667 B
858 B 41ms
41ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd7ec90bdddc830689a2a4e0b9d3864cd99aa688309ce12c36c625bb5c154398

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 8, 1093, 0, 0
x-served-by: cache-chi-kigq8000035-CHI, cache-yyz4562-YYZ, cache-yyz4526-YYZ, cache-yyz4526-YYZ
last-modified: Sun, 23 Jul 2023 19:48:50 GMT
server: cloudflare
x-timer: S1690921326.683264,VS0,VE5
etag: W/"64bd8422-29b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMPj%2FE9f8wCX7CvGvAJiso5ZseLU7GoelTZqYWCxZAEDxrJvzQMw%2FcVIdohT5WCXZx8doDcPxqEqsZq08bbCyyDaMHINb970Q3YJL0EEuBK83%2F7heXMDBIFdZ9mV7GoquvObmS4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d0fdc86-2a34-11ee-8bba-d2afae722c33
cache-control: max-age=60
cf-ray: 7f00ca8d7d465425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-ldfnx

GET
H2 200 navigation-close-dark.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 667 B
930 B 46ms
46ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-close-dark.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de02e745c51299417a1126c3707d033de02baef0f9be8fed07185c1a6b74eac1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Thu, 25 Jul 2024 17:21:02 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 2, 318, 0, 0
x-served-by: cache-chi-klot8100048-CHI, cache-yyz4552-YYZ, cache-yyz4528-YYZ, cache-yyz4528-YYZ
last-modified: Sun, 23 Jul 2023 19:48:50 GMT
server: cloudflare
x-timer: S1690921326.727427,VS0,VE9
etag: W/"64bd8422-29b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBodpHUgNnLDxuDvBbg85983o4xiMPxSnfKrg8alLKxxvD7Q8l5ctG3QQmvQTaM0nCHjQQe4oL2gBTEKIqOlJjwtL1%2FzO%2B%2BxsSUwrxCd3Unm%2BQJtQbvQ%2BzKDpG%2FCptsJyRigIrs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: a15404a1-2b0f-11ee-9685-1e161fcb470d
cache-control: max-age=60
cf-ray: 7f00ca8dbda05425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-nqgld

GET
H2 200 s1-logo-color-light.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 5 KB
2 KB 41ms
41ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/s1-logo-color-light.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3927c309fec9aca7f0dab152c4fbd8e5aa69a1f744a2eda686f01f45d2d3b37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 9, 3435, 0, 0
x-served-by: cache-chi-klot8100164-CHI, cache-yyz4566-YYZ, cache-yyz4520-YYZ, cache-yyz4520-YYZ
last-modified: Sun, 23 Jul 2023 19:48:50 GMT
server: cloudflare
x-timer: S1690921326.771095,VS0,VE4
etag: W/"64bd8422-128c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sNtgQtzVLIchYOOEcsORTn5klo%2Fchjt9qsM2kaH4pqMzimpwtKLxWBiWWVkxlGyYtvugHfDK3gU3wbGv73TWCdelNB3VuoatnLmxdxS3OV4tForBdAE9gpo6q%2BqpCI6F%2BH%2FRqTI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d16d3e5-2a34-11ee-96b4-cac4da3d5372
cache-control: max-age=60
cf-ray: 7f00ca8dfde85425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-9q9pt

GET
H2 200 s1-logo-color.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 4 KB
2 KB 51ms
51ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/s1-logo-color.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef990e608982588e9c0e86de964fefb24d33a5229965c5d9a0f2c6cd9d86c3fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 10, 304, 0, 0
x-served-by: cache-chi-klot8100039-CHI, cache-yyz4532-YYZ, cache-yyz4545-YYZ, cache-yyz4545-YYZ
last-modified: Mon, 24 Jul 2023 11:10:49 GMT
server: cloudflare
x-timer: S1690921326.812496,VS0,VE17
etag: W/"64be5c39-11bb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bAZ69aINHCq33Vi243f1wMrOJygT6mc4ujsab0IVNH6g4yny7TGHiudZLHpGQlMv57mogP%2FEfeguI%2F2rDn1oOdjkKMjhGGEgUZiWNFp5ntYd23i2uklSlxd1PNOnK%2F9%2F4eZhUHI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d132dac-2a34-11ee-9ee0-8667725c9140
cache-control: max-age=60
cf-ray: 7f00ca8e4e2d5425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-f6r7g

GET
H2 200 navigation-arrow-left.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 566 B
843 B 39ms
38ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-left.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

adedd0befd73ee02e5480f500d1c8518bc6ab5ec39f4f06024102f53e8c0a683

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 8, 1727, 0, 0
x-served-by: cache-chi-kigq8000026-CHI, cache-yyz4571-YYZ, cache-yyz4564-YYZ, cache-yyz4564-YYZ
last-modified: Mon, 24 Jul 2023 11:10:49 GMT
server: cloudflare
x-timer: S1690921326.864626,VS0,VE5
etag: W/"64be5c39-236"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9WB4%2BCm6PX%2FgLhdBTzLEbFNCCvAlgKF13IGwOk7b0kOLRMAldK6df9hIB0O6cYpj%2FIEs8mS9nzumsT7p2MTqCLOoM4tWPAShS6v1f%2FPoa024wTiu4l9%2FxegtSv%2FNyyAQa56hzNQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d13fa32-2a34-11ee-b81f-9624460b1b13
cache-control: max-age=60
cf-ray: 7f00ca8e9e9c5425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-jfzqd

GET
H2 200 RE-Walkthrough-Analyzing-A-Sample-Of-Arechclient2-1.jpg
www.sentinelone.com/wp-content/uploads/2023/07/ 100 KB
101 KB 41ms
41ms Image
image/jpeg 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2023/07/RE-Walkthrough-Analyzing-A-Sample-Of-Arechclient2-1.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

845c0dd4dc2bfa87f7e3102da8d9ad8645893a8efada5bcd116e795ec13fdb13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-5f7f6dfd6c-9dxd8
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 17 Jul 2024 14:26:33 GMT
cf-polished: origSize=106041, status=vary_header_present
x-cache: MISS, HIT, MISS
fastly-io-info: ifsz=106041 idim=1200x628 ifmt=jpeg ofsz=106041 odim=1200x628 ofmt=jpeg
fastly-stats: io=1
content-length: 102416
fastly-io-warning: Failed to shrink image
x-served-by: cache-yyz4534-YYZ, cache-yyz4556-YYZ, cache-yyz4556-YYZ
cf-bgj: imgq:100,h2pri
server: cloudflare
x-timer: S1690894337.165890,VS0,VE3
etag: "igXErR19CXUxKhMEFg8FCRhIJ2cYlTbf0gFfyQ+dq14"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NHvPPZD%2BA%2BGz0bnBQyJCeNaCwz1i8VCiIv%2FRKJepVY2dghuvNR%2BIunnhuutxVWW9t%2FKApbdYRr%2Fg5cyWreAAGiRVJL4LDk99rrWhmIkOTU5jW0A51TpBFmVRmFYrASkKG6OgkhI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-styx-req-id: ee00e704-24ad-11ee-af8c-52768f4d7263
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8ededf5425-YYZ
x-cache-hits: 0, 1, 0

GET
H2 200 email-decode.min.js Show response
www.sentinelone.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 20ms
20ms Script
application/javascript 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Fri, 28 Jul 2023 12:04:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
etag: W/"64c3aeda-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UZxlUcablKD%2BIiSkra8DgFH26cT8ox9AC4Bzpz7T1pcmXJRkr%2FHDy%2F2Tw0GFPTUMtGMs3khMnNaXMfHJd5B950enj%2B4wBtQ3IWI2NkLps5%2BJR%2Flj%2BgWK8E6dwygWhBbSk04Op04%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7f00ca86ab705425-YYZ
expires: Thu, 03 Aug 2023 20:22:04 GMT

GET
H2 200 Deconstructing-PowerShell-Obfuscation-in-Malspam-Campaigns.jpg
www.sentinelone.com/wp-content/uploads/2023/07/ 90 KB
91 KB 39ms
39ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2023/07/Deconstructing-PowerShell-Obfuscation-in-Malspam-Campaigns.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af78c92d1c9ebb385715cb003c379d93ab9c1d250e0bf03e67416e2495e33b5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-9q9pt
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 2, 0, 1, 0
x-cache: HIT, MISS, HIT, MISS
fastly-io-info: ifsz=101808 idim=1200x628 ifmt=jpeg ofsz=92330 odim=1200x628 ofmt=webp
fastly-stats: io=1
content-length: 92330
x-served-by: cache-chi-klot8100062-CHI, cache-yyz4573-YYZ, cache-yyz4581-YYZ, cache-yyz4581-YYZ
server: cloudflare
x-timer: S1690905668.562337,VS0,VE3
etag: "G13ljolnjlRzKV3Kr0Vt34s7dmCvXEBPsp/6OlB0k0M"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0rnlJnkL%2BImSvM%2B3ONYT2nqarJX9%2Ft%2BKLXkeJMCqFVAoRWlggjhyE9PLPzGHbCfS30u1ZvmmGqqmXM9qPLk5FB70suRXf%2BjvUWyOEqe2TEQR9LfVXOnagrpxZkYndhzXg67JZA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 3b1921e9-2a13-11ee-96b4-cac4da3d5372
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8f0f115425-YYZ
expires: Wed, 24 Jul 2024 11:14:17 GMT

GET
H2 200 Blog_CTA_03.jpg
www.sentinelone.com/wp-content/uploads/2021/03/ 5 KB
6 KB 42ms
42ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2021/03/Blog_CTA_03.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d615c2d72c6eba72dac6ab0a82e4eedc2d9b8385564ac5dde2bfbdb2b8328e72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-579886598f-fnt6g
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 0, 0, 4, 0
x-cache: MISS, MISS, HIT, MISS
fastly-io-info: ifsz=13976 idim=395x263 ifmt=jpeg ofsz=5562 odim=395x263 ofmt=webp
fastly-stats: io=1
content-length: 5562
x-served-by: cache-chi-kigq8000091-CHI, cache-yyz4564-YYZ, cache-yyz4556-YYZ, cache-yyz4556-YYZ
server: cloudflare
x-timer: S1690309382.437218,VS0,VE2
etag: "tH/DsY2C6Aa61aBu2JxBkK+4YWG4o+OecI9y5OYh9cg"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FyYyGagsqU%2FpDRCnwY%2BfEjXu%2BHPb2ZS3Vc2hJTiJUjt6GQfDnLDVwIiGWVqVhtdI1W04oL9t9rOFsIzD%2BxjdBfZVqsj8IE%2FwTwqwCw3RrW%2BGEn%2Bq69P4qRE2%2B3F2HJ796DVhjSA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: aba86c25-23cf-11ee-bfa0-fa29b1107d35
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8f2f2a5425-YYZ
expires: Tue, 16 Jul 2024 11:55:34 GMT

GET
H2 200 labs_blog_cta.png
www.sentinelone.com/wp-content/uploads/2022/04/ 75 KB
75 KB 47ms
42ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/04/labs_blog_cta.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1889a166868ccca5314e22186fc416f938410c12de89464630e1404e07fd702c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-7f4f4c4f48-2dtxn
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 0, 0, 1, 0
x-cache: MISS, MISS, HIT, MISS
fastly-io-info: ifsz=108763 idim=395x263 ifmt=png ofsz=76362 odim=395x263 ofmt=webp
fastly-stats: io=1
content-length: 76362
x-served-by: cache-chi-klot8100110-CHI, cache-yyz4577-YYZ, cache-yyz4538-YYZ, cache-yyz4538-YYZ
server: cloudflare
x-timer: S1690849963.352302,VS0,VE5
etag: "L86dB9kgqbsGY3a2XRIios0nJjwyCckbWipDj5ioxvs"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VipP%2BXJ2fUZ1HQeVqbCIvcA1UOqwT%2FnDiHs%2FHakbTLNS8I6Ejz9wZhxT95DGuj5bOq3j%2FUbca7M5%2Bi3ed2S%2BfiOuHldqgKw2es%2FioMzvnDw0lwBfc3FYi6GZeXeWrkvZqj4MRuQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 2bb2641f-1a72-11ee-8326-dac96f3a5cf4
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8f6f775425-YYZ
expires: Thu, 04 Jul 2024 13:53:35 GMT

GET
H2 200 mitre_blog_cta.jpg
www.sentinelone.com/wp-content/uploads/2022/04/ 15 KB
16 KB 53ms
48ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/04/mitre_blog_cta.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48e2fe28b8bcedee572ee23f3a1e447f90560494b097777616415ace709f4ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-76b44d5747-2vms7
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 1, 10, 0
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=16685 idim=395x263 ifmt=jpeg ofsz=15330 odim=395x263 ofmt=webp
fastly-stats: io=1
content-length: 15330
x-served-by: cache-chi-kigq8000020-CHI, cache-yyz4525-YYZ, cache-yyz4536-YYZ, cache-yyz4536-YYZ
server: cloudflare
x-timer: S1690309513.149423,VS0,VE2
etag: "HuS6qEUR67qkScXG+Z+izbCxqnC79o8UNudONCBzDp0"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJw1rDIaEYwjBkECr5NK8N82a5pExWCSL9kHLzlnFA7oCgGxLwDbqjYhVKI1l1HdK5V%2Fw%2FUsv7%2B%2FCsMwzakzoen3%2FBD15iFlLSEGBtwb3WWYTH4PSgEshGa2Bs3mr4pTNOnvvt4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 7d7862b7-f426-11ed-9b0e-ee61440189ef
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8f6f785425-YYZ
expires: Thu, 16 May 2024 20:16:06 GMT

GET
H2 200 footer-logo.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
1 KB 52ms
47ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/footer-logo.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60f4893aeccee80d922be14d7aebb526a19c775ebe54df72282870891ef59b3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Fri, 26 Jul 2024 18:43:29 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 2, 1390, 0, 0
x-served-by: cache-chi-kigq8000078-CHI, cache-yyz4534-YYZ, cache-yyz4521-YYZ, cache-yyz4521-YYZ
last-modified: Wed, 26 Jul 2023 14:33:21 GMT
server: cloudflare
x-timer: S1690921326.996176,VS0,VE4
etag: W/"64c12eb1-66c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yicOBe5EJFpM6GR5p8SGTVbpEAIEQXF8syTpuJBhkMd2oO88RcQNnhH1JjSFt4GJxsVTdtBbcyW30%2BCLAF1lpWAw7w5oxFEB%2BqUtLjNe6VvXnP9Y5Y9qUjRNBFfQAwYrYKOWg6k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 509310b1-2be4-11ee-8a1c-cec4ff3005f9
cache-control: max-age=60
cf-ray: 7f00ca8f6f7c5425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-bjrnx

GET
H2 200 social-twitter-white.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
2 KB 65ms
60ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-twitter-white.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a5d0f939c5224a8efb5b96759dd0509360b5d071774bb702f788f37a00a8426

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 3, 2043, 0, 0
x-served-by: cache-chi-kigq8000133-CHI, cache-yyz4566-YYZ, cache-yyz4576-YYZ, cache-yyz4576-YYZ
last-modified: Mon, 24 Jul 2023 14:54:37 GMT
server: cloudflare
x-timer: S1690921326.996752,VS0,VE19
etag: W/"64be90ad-7e1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GALnGcggxHs0a%2BfE5JzPR6m0nT8LYl%2BaqL7PQUwZtmmKTwg13ZeFVQDraQAviz7%2FgGndbxmbERs9hrN9RgHGIvLn%2Bm0xHy2Xd3RfoyUKZNTV0DVnbMpLRcDIbAZIPg3XYicHv8A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d130327-2a34-11ee-8b29-1af6ad4e81b0
cache-control: max-age=60
cf-ray: 7f00ca8f6f7e5425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-47z9g

GET
H2 200 social-facebook-white.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
1 KB 51ms
46ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-facebook-white.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3302b8fa7dc8d62e1758af8ae584b8fc91d489e44d3e32485d41c0fc93f439f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 8, 899, 0, 0
x-served-by: cache-chi-klot8100179-CHI, cache-yyz4562-YYZ, cache-yyz4528-YYZ, cache-yyz4528-YYZ
last-modified: Mon, 24 Jul 2023 14:54:37 GMT
server: cloudflare
x-timer: S1690921326.997285,VS0,VE5
etag: W/"64be90ad-6ba"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4GsYLvkG3awCWxWkNWqiZfBfwUEjSnnCr6zkDYSX5rsS7biZtpwTR4XOVt56FtkZ9GAwL8%2BhAnQuzKyPgTQ7KmYhyNxyeOmALNBy1cWlUBuw3N4aMVV0I5G99Crp%2FLS7gdlRU4s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d13362d-2a34-11ee-96b4-cac4da3d5372
cache-control: max-age=60
cf-ray: 7f00ca8f6f835425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-9q9pt

GET
H2 200 social-linkedin-white.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
1 KB 61ms
56ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-linkedin-white.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eae2c34014a512a5bebe4a87261c00c87807d4d185dfe1bc0cc09eae0592e6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 13:23:27 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 10, 1895, 0, 0
x-served-by: cache-chi-kigq8000086-CHI, cache-yyz4542-YYZ, cache-yyz4578-YYZ, cache-yyz4578-YYZ
last-modified: Mon, 24 Jul 2023 11:10:49 GMT
server: cloudflare
x-timer: S1690921326.010232,VS0,VE4
etag: W/"64be5c39-90f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CAmF44SSuKIasFtFJ6BTUcVtW9SdZmnz4z3GzzL9uZlr5xBHcZDTvHuWk%2FraovdQaPC7MWhfYaNQv6giPU%2FiE6ltNL82w0SzLRzRUH4ruNY5yGL4%2BoVLz1egsD5LlRQM9i21Ous%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 4640ac35-2a25-11ee-9ee0-8667725c9140
cache-control: max-age=60
cf-ray: 7f00ca8f6f855425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-f6r7g

GET
H2 200 social-youtube-white.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 1 KB
1 KB 69ms
64ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/social-youtube-white.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ee6321fadd1f1471732c38d5965e5bc125d5da86d1a769f506d4bbc752d1331

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:40 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 9, 1747, 0, 0
x-served-by: cache-chi-klot8100145-CHI, cache-yyz4551-YYZ, cache-yyz4557-YYZ, cache-yyz4557-YYZ
last-modified: Mon, 24 Jul 2023 11:10:49 GMT
server: cloudflare
x-timer: S1690921326.996712,VS0,VE15
etag: W/"64be5c39-492"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cneTE0usAGMlVDcc9AR2vS4Rv3ShKskMwsNfeVgr2etQnWRE269LK69h9NM5yBFP1BFdoDW7rFT4Oo6Fk9E8mMsYEmXOJn5IM8XX8ZuQqoEzCFG4FrKqqRnIYoS8%2BkjDTGt9zrU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d13b262-2a34-11ee-98ea-aadf252a565b
cache-control: max-age=60
cf-ray: 7f00ca8f6f895425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-b278r

GET
H2 200 identifyEmail.latest.js Show response
cdn.calibermind.com/js/ 838 B
1 KB 390ms
24ms Script
application/javascript 2606:4700:3037::6815:2d74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.calibermind.com/js/identifyEmail.latest.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:2d74 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cda851ced6071adcde40501c1c09e21fd48be1594567337f82711a6371b9779c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:04 GMT
content-security-policy: default-src 'self'
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 55124
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 30 Jun 2023 17:07:12 GMT
server: cloudflare
etag: W/"649f0bc0-346"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HHtBJ7MKUeOSn9aqiMLB26BBW0JZvfSAn%2BNItwYE6d5MFLnRklCCeW141e%2FDATIUs33a0C8DQZbK%2Ftrr8ktxJou3YlHjYQKX6V1R%2BM6O9GlTJ3lbedIjwm01qcS45frjMMi%2FLUG2vpnr%2Fzz5VwqJpEAo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=86400, stale-if-error=3600
cf-ray: 7f00ca890b9936b5-YYZ

GET
H2 200 clipboard.min.js Show response
www.sentinelone.com/wp-includes/js/ 9 KB
4 KB 53ms
53ms Script
application/x-javascript 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-includes/js/clipboard.min.js?ver=2.0.11

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

700c8bd73d93522ca53cdc35e2a71e96caf7c344bc7a8391f3af90c10b917033

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:59 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 13, 125, 0, 0
x-served-by: cache-chi-klot8100067-CHI, cache-yyz4565-YYZ, cache-yyz4574-YYZ, cache-yyz4574-YYZ
last-modified: Mon, 24 Jul 2023 11:10:50 GMT
server: cloudflare
x-timer: S1690921325.013125,VS0,VE14
etag: W/"64be5c3a-2331"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wtMCOEAHvRsToPu%2BUGsiNDi55crx3K3ynZP9Ip1lK%2FrqZR9c6w9sIcQwptOQC02RiTf9L1nYBIiV2oWr3FBO7LVNrLdvDGoSHDhjBmEmGFU%2F%2B2qVLoE88qY5PWy49PRW%2FuATgQE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 27e57a94-2a34-11ee-9a0b-2e75559b82ba
cache-control: max-age=60
cf-ray: 7f00ca8938275425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-l7gfg

GET
H2 200 footer.min.js Show response
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/ 127 KB
44 KB 58ms
57ms Script
application/x-javascript 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1690717730

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f1b053798feca0d6310c9f463fa883f374d4ad73d5cc54e4d1160762a87ca96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Tue, 30 Jul 2024 11:48:52 GMT
date: Tue, 01 Aug 2023 20:22:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 15, 159, 0, 0
x-served-by: cache-chi-klot8100043-CHI, cache-yyz4539-YYZ, cache-yyz4576-YYZ, cache-yyz4576-YYZ
last-modified: Sun, 30 Jul 2023 11:48:50 GMT
server: cloudflare
x-timer: S1690921325.065938,VS0,VE16
etag: W/"64c64e22-1fc80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kpoAE9Ec4veqa1LADf7xwxO0axEmicuOrLvKo71CUS8gPN63YbYMwgMOhCBryy9kB0wObMIqJxMeWuYYRW4haLPC9KRtajrRvEfryTJyqwVuwgFGJ0JdCqjF1TjzqLIx5A608EU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 0e561af1-2ecf-11ee-95ca-c6768097ce33
cache-control: max-age=60
cf-ray: 7f00ca8998a85425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-96855f667-82d44

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 91ms
49ms Script
application/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=12c9789c4528a9431963b4b52733d818

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0d7eace6de7a123701ad163455f50ea9f6f51c5985a49f4d1f6e797009fbdb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
etag: W/"2a3bbde818bef34d53a0df862ead5d5f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7f00ca8f99174bb9-YUL
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Fri, 04 Aug 2023 20:22:06 GMT

GET
H2 200 02ad5672-6494-4b20-a5ae-7d131a0f4f9c.json Show response
cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/ 4 KB
2 KB 55ms
32ms XHR
application/x-javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/02ad5672-6494-4b20-a5ae-7d131a0f4f9c.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95f35e1959ce4156ff0c8342109ccbf64e6bbe029221053fed01d0e54e66be92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Aug 2023 20:22:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 83405
content-md5: CqPSDQgRayZT5/dw1EENjQ==
content-length: 1450
x-ms-lease-status: unlocked
last-modified: Fri, 10 Sep 2021 19:25:19 GMT
server: cloudflare
etag: 0x8D97490BA2F1567
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2e907f89-801e-00a2-5be1-5a157a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f00ca865c7b715a-YUL
expires: Wed, 02 Aug 2023 20:22:04 GMT

GET
H2 200 a.js Show response
cdn.calibermind.com/ 213 KB
59 KB 36ms
31ms Script
application/javascript 2606:4700:3037::6815:2d74
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.calibermind.com/a.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:2d74 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0647d8975d5c92ea700e635befca523c5aac18754b8454d954909fe070e68cc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:05 GMT
content-security-policy: default-src 'self'
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 23636
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 30 Jun 2023 17:05:30 GMT
server: cloudflare
etag: W/"649f0b5a-354c2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQ8aaA1PbpTRi1o%2B6riqYRRInO0cPSrEp%2FWGRFR0%2BfDpjRwaG815oWt%2FqcWnrl845exaA%2Bqgx1nEIcLBsnjRxIJgVYuI4YeLTe6DvB%2Fw7ie7cVk9G2u6%2F%2BPo9nHxwuVOiNwe7IvaopVBBcEH3HFbo2CK"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=86400, stale-if-error=3600
cf-ray: 7f00ca8f6b9136b5-YYZ

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
295 B 66ms
38ms XHR
application/json 2606:4700::6812:1d26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d26 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 7f00ca86c8637148-YUL
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.23.0/ 312 KB
75 KB 41ms
37ms Script
application/javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: joMckLq8BtEunD8NH/4XVA==
age: 41609
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 76366
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:58 GMT
server: cloudflare
etag: 0x8D96DBF6CBEE741
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 90828af6-301e-00d6-58e1-5a933c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f00ca8f580233fa-YUL

GET
H2 200 zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 19 KB
19 KB 87ms
12ms Font
font/woff2 2607:f8b0:4020:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 01:06:42 GMT
x-content-type-options: nosniff
age: 587724
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19156
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:04:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Jul 2024 01:06:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 258 KB
86 KB 56ms
52ms Script
application/javascript 2607:f8b0:4020:804::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-KJPGLC9EVP&l=dataLayer&cx=c

Requested by

Host: www.googleoptimize.com
URL: https://www.googleoptimize.com/optimize.js?id=OPT-W2VRGSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

545ce5917bd0857110304d9c156a2e1e9f066584e984c69b02485b8c96589b43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88068
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 01 Aug 2023 20:22:06 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 420 KB
111 KB 78ms
75ms Script
application/javascript 2607:f8b0:4020:804::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

906a788516ee8c30af9c1737e5daa58aafa9c00c3fbb031a2da1ff4ad22455c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113505
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 01 Aug 2023 20:22:06 GMT

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 globe-light.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 729 B
911 B 48ms
48ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/globe-light.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f784bdae89887d6c9a1d2452ca83d2444ff4d4a12a1a2484ab2ff6b370912408

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:10:04 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 12, 86, 0, 0
x-served-by: cache-chi-kigq8000100-CHI, cache-yyz4574-YYZ, cache-yyz4523-YYZ, cache-yyz4523-YYZ
last-modified: Sun, 23 Jul 2023 19:48:50 GMT
server: cloudflare
x-timer: S1690921326.067490,VS0,VE4
etag: W/"64bd8422-2d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oLlEDLShASH1C5hrxO%2BmnMA3c5oJETyc2fFB0qreLvvgJG1xUI0EYetAqeU5giQCy4adYRhKyX7XbP2kShybunxGr6Wn3wlzBQwzYiIH%2B2rbYOrtBJU%2BQRwKzrkpGBmUxtulh7s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 2b5a3735-2a34-11ee-8b29-1af6ad4e81b0
cache-control: max-age=60
cf-ray: 7f00ca8fd8135425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-47z9g

GET
H2 200 navigation-arrow-down-light.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 663 B
969 B 53ms
53ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-down-light.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c483a1caf094b8e3a922a5773e342df31d68ef351f6b35af4bbac9dd0aefcdd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:10:03 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 13, 115, 0, 0
x-served-by: cache-chi-klot8100084-CHI, cache-yyz4545-YYZ, cache-yyz4537-YYZ, cache-yyz4537-YYZ
last-modified: Mon, 24 Jul 2023 10:30:09 GMT
server: cloudflare
x-timer: S1690921326.069728,VS0,VE16
etag: W/"64be52b1-297"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=69Lx2LY70YW6RHCYFO%2FNWmlkldOtrjPdBufnJTBVps%2Fe6VerDXyvFQagLa16C%2Fs4PkGYQKy2BS8ZGOBRApXheVCGiApXUKuy%2FLwkV2stJEmykhit8DqhdI4aBhLyxzb%2FiINQcQo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 2a3e6689-2a34-11ee-a40f-223da07c2cee
cache-control: max-age=60
cf-ray: 7f00ca8fd8145425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-fltvr

GET
H2 200 SingularityCloud_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 2 KB
3 KB 48ms
46ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityCloud_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae14376ff5358d0437857a28ac8f4db17152db46fa433ac18ae9499e9a0bfa7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-5f7f6dfd6c-wl4b7
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 1, 1, 0
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=3069 idim=72x72 ifmt=png ofsz=2148 odim=72x72 ofmt=webp
fastly-stats: io=1
content-length: 2148
x-served-by: cache-chi-kigq8000165-CHI, cache-yyz4574-YYZ, cache-yyz4551-YYZ, cache-yyz4551-YYZ
server: cloudflare
x-timer: S1690843028.221356,VS0,VE4
etag: "PrynOkC+17rct0jRv9I+u+qTWfGto4/LaOE1ZL6onbQ"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6PkEc9oY8fBfOh2T2Cc3zBG1I92D3b8f8MTK%2BlJsLTfwIJBuCg6iprt1nmzTerg80omPeCf70vz%2BIPnI7UJiD9hiHzZ70gEdbbJPctQY7ZR1gmd6TRc4Mh6zEKoKhn0fwUXyYQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 7b598ac1-2368-11ee-abfd-96f65b0a56bc
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fd8195425-YYZ
expires: Mon, 15 Jul 2024 23:36:54 GMT

GET
H2 200 SingularityMobile_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 2 KB
2 KB 35ms
33ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityMobile_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d4aa65d6ae5eef1a0ca9061fd7e7906397d9f7fbb0ed26e2a8a3bd7f9db8537

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-5b95b845bd-44779
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 1, 2, 0
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=1858 idim=72x72 ifmt=png ofsz=1634 odim=72x72 ofmt=webp
fastly-stats: io=1
content-length: 1634
x-served-by: cache-chi-klot8100104-CHI, cache-yyz4529-YYZ, cache-yyz4568-YYZ, cache-yyz4568-YYZ
server: cloudflare
x-timer: S1690858268.980910,VS0,VE3
etag: "2skU89WTdl0oL7Kb42vkMY7D7u/7NMuqNHmqvpw5iBA"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ipgWkD4RAQ5EWsPeXl5zuyRKRIKaJE3MxQ9aspxQ%2BWB6UZP265I4oAKAJozdAgQOZpzt0bVhXjjN%2FzbVVKSIJ4LRv3yPHm5H3tUMqOGVy3mPKdf7Q5vEstbPT0dFQ93dryVdu7M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: bdb6e57f-18e7-11ee-ad42-0a027dee6408
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fd81b5425-YYZ
expires: Tue, 02 Jul 2024 14:50:09 GMT

GET
H2 200 Frame-61.png
www.sentinelone.com/wp-content/uploads/2023/07/ 3 KB
4 KB 48ms
45ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2023/07/Frame-61.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1f315d57c5fa856dd978d0fb38ba99ff69db71e806778685cacefc817af17a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-nqgld
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 0, 3, 0
x-cache: HIT, MISS, HIT, MISS
fastly-io-info: ifsz=4181 idim=81x81 ifmt=png ofsz=2990 odim=81x81 ofmt=webp
fastly-stats: io=1
content-length: 2990
x-served-by: cache-chi-kigq8000140-CHI, cache-yyz4547-YYZ, cache-yyz4531-YYZ, cache-yyz4531-YYZ
server: cloudflare
x-timer: S1690858268.983932,VS0,VE3
etag: "3GVPDxLZsxxezVdnFYeaOVvNG/qA7+14CLxswOZogeU"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B3DXAza7oIBfeo%2BG%2BHb084S8%2BBy6in7bpnKeaQk05jxn7fJ0wH3cyzqe9KCnUhgBeutwTqm1p6Ijoaz9SGbUaa8vVBCJYRU52V2ds23XHlPHGJRy6knwyW3%2F5bcHhn6iW7NsQzY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 5f578034-2bb4-11ee-9685-1e161fcb470d
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fd81d5425-YYZ
expires: Fri, 26 Jul 2024 13:00:18 GMT

GET
H2 200 SingularityRemoteOps_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 6 KB
6 KB 46ms
43ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityRemoteOps_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0acfe92bc20d979783734b005cff60a4ab23c55194c032c01aa4de6042e136

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-88d69667f-f6r7g
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 0, 1, 0
x-cache: HIT, MISS, HIT, MISS
fastly-io-info: ifsz=6857 idim=74x74 ifmt=png ofsz=5930 odim=74x74 ofmt=webp
fastly-stats: io=1
content-length: 5930
x-served-by: cache-chi-klot8100134-CHI, cache-yyz4546-YYZ, cache-yyz4548-YYZ, cache-yyz4548-YYZ
server: cloudflare
x-timer: S1690863407.189001,VS0,VE3
etag: "KhbbvAKlfx5YbR1K4km38VldhMEtULdf3o6A/dh+hTs"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUnazDEm8uTY7rUl96obZpI1TT3VfCsVAcRSUTjFIV5Z3o%2FJj3rMDTOR7OEX7iu%2FrrNwRqPoA8rrti4A6EW4uQxEBEbrTsMrSiPFacsqrMtFRTpjsFo%2FL100vI07iqBEe9VA3nM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 0fdd0e5a-2757-11ee-9bc0-8667725c9140
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fe81f5425-YYZ
expires: Sat, 20 Jul 2024 23:42:17 GMT

GET
H2 200 SingularityIdentity_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 3 KB
3 KB 37ms
34ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityIdentity_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

670afe471847a5bb02684f1500ced5f5ae2399681ba22cbf96ed21a25ebef35c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-88d69667f-k9vqm
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 1, 4, 0
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=4079 idim=72x72 ifmt=png ofsz=2890 odim=72x72 ofmt=webp
fastly-stats: io=1
content-length: 2890
x-served-by: cache-chi-klot8100114-CHI, cache-yyz4528-YYZ, cache-yyz4561-YYZ, cache-yyz4561-YYZ
server: cloudflare
x-timer: S1690858268.992139,VS0,VE2
etag: "D7pWrSjsxDUJv2c7YkhqblPz3U+6GfNnSzF4aWjAfJs"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wJNoqi9zDWZekRWD2uXPJ9j50EOHFd1M4QjxTQ3CURwEAUa2zJK1%2BKA9ntY2GNFMuNh4Dxp4xWo4eDiSXZIluoBEfGJUFnxziLZesvIkWTkXzo%2BJC0egW5KUgLIs7tBQI3rQZ1k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 98a96151-2a6d-11ee-9bed-2a3595224089
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fe8225425-YYZ
expires: Wed, 24 Jul 2024 22:01:09 GMT

GET
H2 200 SingularityCloudFunnel_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 6 KB
7 KB 39ms
37ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityCloudFunnel_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3b99892809a021aa17ce84240b97e80f8b845208c0a283a6e225e7fc96a5d79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-5f7f6dfd6c-4bszt
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 0, 602, 0
x-cache: HIT, MISS, HIT, MISS
fastly-io-info: ifsz=7529 idim=72x72 ifmt=png ofsz=6210 odim=72x72 ofmt=webp
fastly-stats: io=1
content-length: 6210
x-served-by: cache-chi-kigq8000100-CHI, cache-yyz4522-YYZ, cache-yyz4522-YYZ, cache-yyz4522-YYZ
server: cloudflare
x-timer: S1690858268.978909,VS0,VE2
etag: "AI1TTV7SReExPdiZakUNtrw1F7n8fRJ2AesNk6L+17k"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMeHrMZg%2BiNJAlPy5W0rgjmu1uh2zTxrUl89aVBHpg3xaPStcCdm1GxT1HGq9NE2NPf8jMvoyEfOMp%2B%2BYavYuPguv3AmsNRbSkR%2Bb1czZVUFKNYlb1gnz5iS9nWyYW8KNBeSZxE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 2d800e8b-2281-11ee-bd97-c238e3266a0d
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fe8255425-YYZ
expires: Sun, 14 Jul 2024 20:01:10 GMT

GET
H2 200 SingularityRangerAD_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 3 KB
4 KB 43ms
41ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityRangerAD_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f35fe81e92a7821e33e679a0306e38395e243e137df7347c8bce370ee79b2bc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-7f4f4c4f48-jvdhl
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 0, 3, 0
x-cache: HIT, MISS, HIT, MISS
fastly-io-info: ifsz=4956 idim=72x72 ifmt=png ofsz=3382 odim=72x72 ofmt=webp
fastly-stats: io=1
content-length: 3382
x-served-by: cache-chi-klot8100062-CHI, cache-yyz4577-YYZ, cache-yyz4525-YYZ, cache-yyz4525-YYZ
server: cloudflare
x-timer: S1690858268.990223,VS0,VE3
etag: "tYv6aGnrsi98viJqu2su7GvEfhRjJqiIdw02iyAk/cI"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PqwwC6b1WU9mqvGa7r8EdyYGBOOuaXMCzamrTp6xr1S2C7MX%2FQX%2BuXxujp0K0RSVq9ohvIdek2XgjllqN5l41e2V1crHs5o5RaX3Y6MHOozNPmzhMD%2BKy4cAWjOBmFbZPL2mZlg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 81523496-19fd-11ee-ba81-c2c66469d3ff
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fe8265425-YYZ
expires: Wed, 03 Jul 2024 23:58:28 GMT

GET
H2 200 SingularityBinaryVault_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 5 KB
6 KB 40ms
38ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityBinaryVault_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ddaecc5559bd2995eb90bacafb560e5ad3e940a8142f666af23e3ce3196072e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-9q9pt
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 0, 5, 0
x-cache: HIT, MISS, HIT, MISS
fastly-io-info: ifsz=6916 idim=72x72 ifmt=png ofsz=5214 odim=72x72 ofmt=webp
fastly-stats: io=1
content-length: 5214
x-served-by: cache-chi-kigq8000066-CHI, cache-yyz4564-YYZ, cache-yyz4552-YYZ, cache-yyz4552-YYZ
server: cloudflare
x-timer: S1690895308.821010,VS0,VE1
etag: "8GGg3//rCz3keOAzZ6d8+gruVdV/zqauAPNuX80iMDE"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lHKRMKeLNDfi%2FiGLCHOOkVqlyUqnDvumzpHGJr2z%2Fk88OSgV%2B6X%2FGuGaS59ySuwGpy4InoK3RVYzQPotHQhF4uMO5KY%2BGiwrWgMhzgjUnfN5YnGna5etgbVQbC%2F5RBgsmFBSanU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 0fcb343c-2b0d-11ee-a294-cac4da3d5372
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fe8275425-YYZ
expires: Thu, 25 Jul 2024 17:02:39 GMT

GET
H2 200 SingularityRanger_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 4 KB
5 KB 48ms
46ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityRanger_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c6f013930ce9b2ab70fd3390b73e695090f7d57468f155891317618187f7919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-5f7f6dfd6c-wl4b7
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 0, 1, 25, 0
x-cache: MISS, HIT, HIT, MISS
fastly-io-info: ifsz=5499 idim=72x72 ifmt=png ofsz=4160 odim=72x72 ofmt=webp
fastly-stats: io=1
content-length: 4160
x-served-by: cache-chi-kigq8000083-CHI, cache-yyz4551-YYZ, cache-yyz4565-YYZ, cache-yyz4565-YYZ
server: cloudflare
x-timer: S1690858268.980269,VS0,VE1
etag: "6MltqjDTYdU2RMYSpGU/KVZUqcGfAQOjW/BAYAvhcqA"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTN6e9M9bosl%2Bvp0Zx29aEWX06vk3JB04qGCjC226%2FNremQmwlRCuiukLRG0mJKdEXPldvilTibabFP8gx8eKbDPxIPr0lePSvmf0RCTctlc8uD4%2FGaM4zdfQU1maw1ekDHqmOk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: eb0759aa-23b5-11ee-abfd-96f65b0a56bc
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fe8285425-YYZ
expires: Tue, 16 Jul 2024 08:51:13 GMT

GET
H2 200 SingularityHologram_Icon_Nav_36x36@2x.png
www.sentinelone.com/wp-content/uploads/2022/09/ 7 KB
8 KB 37ms
36ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2022/09/SingularityHologram_Icon_Nav_36x36@2x.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1abf5fd404d15f7d4659ca6d091c42a8a48965441786414bf011efa5492c487

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-5b95b845bd-44779
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 1, 0, 4, 0
x-cache: HIT, MISS, HIT, MISS
fastly-io-info: ifsz=8455 idim=72x72 ifmt=png ofsz=7460 odim=72x72 ofmt=webp
fastly-stats: io=1
content-length: 7460
x-served-by: cache-chi-klot8100038-CHI, cache-yyz4533-YYZ, cache-yyz4562-YYZ, cache-yyz4562-YYZ
server: cloudflare
x-timer: S1690858268.981774,VS0,VE7
etag: "0rAGA+RbSsJ0ZTFjhGS5VOXkL100/IL9dF8VZuhpG6g"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CbhuBrQOC6OaWwlLh4gFiqFR1sLVw1IBCZh70K7fuEfM44M8sniuHdOk5krk17rYojHl6GqKQsV5WZ0Vl7GPZbbZo97PXn6RBSZ82ofr9%2Fo0tZJgxc6xpuKeMQRaRhlIp8cEEFs%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: c1159b30-10ae-11ee-9d83-0a027dee6408
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8fe82a5425-YYZ
expires: Sat, 22 Jun 2024 03:42:04 GMT

GET
H2 200 navigation-arrow-right-white.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 611 B
910 B 77ms
76ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-right-white.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e04cd604df1afd7f5e3eedcc1ee997955f575f74443b575d6355f4142aae092d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:46 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 6, 983, 0, 0
x-served-by: cache-chi-kigq8000055-CHI, cache-yyz4535-YYZ, cache-yyz4562-YYZ, cache-yyz4562-YYZ
last-modified: Mon, 24 Jul 2023 14:54:37 GMT
server: cloudflare
x-timer: S1690921326.078213,VS0,VE42
etag: W/"64be90ad-263"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kcLs7DRiU4GDCYw1bVM4lcFlcAJH5VVSsZJG6mLY8DKW5rGnU4oJF%2Fhg%2BV3SPOC7VVwWVgMUAFZU8uwqEWF0mQ4FydDqxkXiyyH5xPRUQjIblSE1pfspvnHe8RDr4N8wpe6iEUw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 207fd456-2a34-11ee-9a0b-2e75559b82ba
cache-control: max-age=60
cf-ray: 7f00ca8fe82f5425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-l7gfg

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 Socicon.woff2
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/fonts/ 63 KB
64 KB 40ms
39ms Font
font/woff2 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/fonts/Socicon.woff2?87visu

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c254279147099e0b696b281d62b436b8aed42fb0f3abf1ba17abc398ca6c90e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-a-88d69667f-cbqln
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 8, 144, 0, 0
x-cache: HIT, HIT, MISS, MISS
content-length: 64512
x-served-by: cache-chi-klot8100073-CHI, cache-yyz4540-YYZ, cache-yyz4552-YYZ, cache-yyz4552-YYZ
last-modified: Mon, 24 Jul 2023 11:10:49 GMT
server: cloudflare
x-timer: S1690921326.084452,VS0,VE5
etag: "64be5c39-fc00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7TaTuAzwRSeWBfPktrH3c6ebgFUSKAoaH0M0X4lnVoEqVPqVRmguh0RvcYU6qHKVGUKh30bkCfeeN9zAmSnkNl9ZdKjR1zRy32JijGs%2F9YO0QjmtFgBgnudLBCDtSrfW3VW87%2Bw%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
x-styx-req-id: 2b732d19-2a34-11ee-8009-96164f0cdee0
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca8ff8385425-YYZ
expires: Wed, 24 Jul 2024 15:10:05 GMT

GET
H2 200 zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 19 KB
19 KB 41ms
40ms Font
font/woff2 2607:f8b0:4020:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 01:41:08 GMT
x-content-type-options: nosniff
age: 412858
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19440
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:08:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jul 2024 01:41:08 GMT

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a899a0398bbfbb8343c67e83098446254c1609aae412962cff6929087135a51c

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6435ed7ffc6e90262f5b72fbeeb5f2eba5322d735c016d6fb60243d169434a2c

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dddf04d190be2e7006f807221d5f5852bf45a97c2aad4c66b1f0a1661efa7dda

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f7b89695827926507fa8e0b19001e189f3bf7759e9c2b1e24eb06bdbcf98c62

Request headers

Referer
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: application/x-font-woff2

POST
H2 204 collect
www.google-analytics.com/g/ 0
248 B 77ms
37ms Ping
text/plain 2607:f8b0:4020:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-KJPGLC9EVP&gtm=45je37q0&_p=1938215163&cid=1946957608.1690921326&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690921326&sct=1&seg=0&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&dr=https%3A%2F%2Fgo2.sentinelone.com%2F&dt=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-KJPGLC9EVP
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 6 KB
2 KB 151ms
150ms Script
application/javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=1985&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F&callback=jQuery112407562180795000939_1690921325941&_=1690921325942
Requested by: Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c2e536e48d182cd9d0474389cf14c4a8d58e02dd21c5c9875be8e141b3e1537

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7f00ca90aeeba22c-YYZ
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 2 KB
1 KB 111ms
110ms Script
application/javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=2816&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F&callback=jQuery112407562180795000939_1690921325943&_=1690921325944
Requested by: Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 465fbbe061ded3f9db8f40dbc772ef2470c3109be30cf9bdc60d153cdf4ee3c8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7f00ca90aef2a22c-YYZ
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 114ms
48ms Script
application/x-javascript 2600:141b:13::17d7:82b9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:13::17d7:82b9 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=56874
accept-ranges: bytes
content-length: 4862

GET
H2 200 amazon_polly_icon.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 2 KB
1 KB 187ms
186ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/amazon_polly_icon.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

181fa10be49f875d78816391e202c05f90be6b0d5597edc25f524b1183e434e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:59 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 32, 3, 0, 0
x-served-by: cache-chi-klot8100121-CHI, cache-yyz4554-YYZ, cache-yyz4533-YYZ, cache-yyz4533-YYZ
last-modified: Mon, 24 Jul 2023 11:10:49 GMT
server: cloudflare
x-timer: S1690921326.371635,VS0,VE5
etag: W/"64be5c39-757"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T9DIvaoHwPRRjLYyBMdCLBuIFCbSzXI6s2gvmSdczmBShxzZ8UG0%2BjvGtlMYGxVzT8tdAIP0LN009RMfjIrBb5frdx1cUFVJ3aUL%2FULmFKXdjGCjHDchnFIxXStFyODR2XaCOxw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 281c659e-2a34-11ee-9a0b-2e75559b82ba
cache-control: max-age=60
cf-ray: 7f00ca90d94e5425-YYZ
x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-l7gfg

GET
DATA 200
OK truncated
/ 382 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 globe.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 729 B
903 B 50ms
49ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/globe.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04016017106740a0c449a2dc33655f441bbc2b48e1bfd633be8cec5ee15b8984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:41 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 6, 1264, 0, 0
x-served-by: cache-chi-kigq8000131-CHI, cache-yyz4536-YYZ, cache-yyz4556-YYZ, cache-yyz4556-YYZ
last-modified: Sun, 23 Jul 2023 19:48:50 GMT
server: cloudflare
x-timer: S1690921326.235395,VS0,VE15
etag: W/"64bd8422-2d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KwTvZQ1tpOclpEDKsm7qGY04vH0H5kkU2AQWn7dllpkGP5tQgw60rwehKO5U%2FJPpUVP98JTkCnu3m8EJ7ve6gKBLikWQ%2FK8Spw5ZMAZ1dyd25ojycXNqWQLVlUgujsJmjJ501kc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d1b98b1-2a34-11ee-8b29-1af6ad4e81b0
cache-control: max-age=60
cf-ray: 7f00ca90e95a5425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-47z9g

GET
H2 200 navigation-arrow-down.svg
www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/ 666 B
804 B 40ms
39ms Image
image/svg+xml 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/svg/navigation-arrow-down.svg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3229ca2228578c18cb365b9d7d9d5bb84d9070ac42ddfc14570943546c3afaf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/css/style.min.css?ver=1690717730
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

expires: Wed, 24 Jul 2024 15:09:41 GMT
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT, HIT, MISS, MISS
x-cache-hits: 1, 1047, 0, 0
x-served-by: cache-chi-klot8100134-CHI, cache-yyz4578-YYZ, cache-yyz4573-YYZ, cache-yyz4573-YYZ
last-modified: Mon, 24 Jul 2023 11:10:49 GMT
server: cloudflare
x-timer: S1690921326.238227,VS0,VE4
etag: W/"64be5c39-29a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3WH%2FAP6yOrny%2F6F3HgaPNaOwIPpYHudKkm6bDbiG3lT9WftEhf5qlfty%2FCRHohSL8kha5RKU0iDFIeCt427KqtqyPDccQ9Q%2BeHDJ07mO0vNOlUN2ZkwKtyOGt4NHwff0GKmlp5U%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
x-styx-req-id: 1d1bface-2a34-11ee-9ee0-8667725c9140
cache-control: max-age=60
cf-ray: 7f00ca90e95b5425-YYZ
x-pantheon-styx-hostname: styx-fe2-a-88d69667f-f6r7g

GET
H3 200 zYX-KVElMYYaJe8bpLHnCwDKhdTuF6ZJ.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 20 KB
20 KB 15ms
15ms Font
font/woff2 2607:f8b0:4020:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYX-KVElMYYaJe8bpLHnCwDKhdTuF6ZJ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b22694fa42d11b3f176084eeeedfd9331f7b5e56ec0cf2be2828301e74f4b24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 01:09:50 GMT
x-content-type-options: nosniff
age: 587536
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20880
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:19:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Jul 2024 01:09:50 GMT

GET
H2 200 AnkithB_1.jpg
www.sentinelone.com/wp-content/uploads/2023/07/ 45 KB
45 KB 62ms
62ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2023/07/AnkithB_1.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e8444d42da15923069f14dd559b1c74c832113a3e7bfd92765fcd1c0cb3c5d40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-b278r
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 2, 1, 1, 0
x-cache: HIT, HIT, HIT, MISS
fastly-io-info: ifsz=119762 idim=1999x760 ifmt=jpeg ofsz=45722 odim=1999x760 ofmt=webp
fastly-stats: io=1
content-length: 45722
x-served-by: cache-chi-kigq8000025-CHI, cache-yyz4520-YYZ, cache-yyz4536-YYZ, cache-yyz4536-YYZ
server: cloudflare
x-timer: S1690921326.296494,VS0,VE4
etag: "nFlu1HVEFPFpRDnwcyXbldxTFSJV52U08e0M3dnVhHE"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wJNtOTOvJognLzq7UnrPYBPI344J8LdGNYwQ7GXypJBPVxVVHHIwBIqlbsiPSYMyIBsCQppq5xJC655Vyg5yzLG%2BW09hb5l2I3rVP6yWyzU2HHsx5dq4OpJhis%2B0zsb8x%2FcN3o%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: c05c1de9-2a0d-11ee-98ea-aadf252a565b
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca9139dd5425-YYZ
expires: Wed, 24 Jul 2024 10:35:04 GMT

GET
H2 200 AnkithB_2.jpg
www.sentinelone.com/wp-content/uploads/2023/07/ 19 KB
19 KB 129ms
129ms Image
image/webp 104.26.3.18
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2023/07/AnkithB_2.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.3.18 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb58987ae34f7196a36c3d56b5ca2a816a8c8bad950c14c9369bf8e4bbdb3e5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-pantheon-styx-hostname: styx-fe2-b-5859bc6cc-l7gfg
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish, 1.1 varnish, 1.1 varnish
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache-hits: 2, 1, 0, 0
x-cache: HIT, HIT, MISS, MISS
fastly-io-info: ifsz=35058 idim=764x246 ifmt=jpeg ofsz=19066 odim=764x246 ofmt=webp
fastly-stats: io=1
content-length: 19066
x-served-by: cache-chi-klot8100159-CHI, cache-yyz4564-YYZ, cache-yyz4540-YYZ, cache-yyz4540-YYZ
server: cloudflare
x-timer: S1690921326.303435,VS0,VE81
etag: "AW6tmlinYIvmet2JZA3oIp/oAudzXZcDChkyyofsViI"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aW4sOnYBMijCAXUKAfxy%2BdQH1WFaFwL27U3y%2FsdLGuphqj9K0HCqAEmb0RA5VvWhqLHVxmyt79izD4JyMKCyoVj%2FpOV1tBovkril31IjQFoOr1%2Fng6PdN%2FFd%2FXJXBt%2FVgz%2FHdQY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: e136fc2a-2a19-11ee-9a0b-2e75559b82ba
cache-control: max-age=60
accept-ranges: bytes
cf-ray: 7f00ca9139e35425-YYZ
expires: Wed, 24 Jul 2024 12:01:53 GMT

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 354 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77fc7e2cee3f1b71326ab2d9e121017b176205d0c8bbb013dfe7ebfccb2c5cab

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 iframe_api Show response
www.youtube.com/ 1006 B
2 KB 86ms
47ms Script
text/javascript 2607:f8b0:4020:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/wp-content/themes/sentinelone/carbine/assets/js/footer.min.js?ver=1690717730

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

95b2862c528501dfd59340092c5708e98d0e7c4d61bc7ecbd3e93081595dbe16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 01 Aug 2023 20:22:06 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/ed521ce4-9774-4c69-b198-1768447ae085/ 54 KB
11 KB 39ms
38ms Fetch
application/x-javascript 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/02ad5672-6494-4b20-a5ae-7d131a0f4f9c/ed521ce4-9774-4c69-b198-1768447ae085/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a667e756052222fc62158f643d31f92d6ac8da5c83045dffb5a626c7b614648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 73867
content-md5: YePDx2+mMH+nMPv1EZR4Yw==
content-length: 11056
x-ms-lease-status: unlocked
last-modified: Fri, 10 Sep 2021 19:25:27 GMT
server: cloudflare
etag: 0x8D97490BE94E9EF
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 81ddf0ec-a01e-00b5-6de1-5ad519000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f00ca91f810715a-YUL
expires: Wed, 02 Aug 2023 20:22:06 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 38ms
37ms Script
application/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=12c9789c4528a9431963b4b52733d818

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0eda55ec47640c00aa84096fabdb63c66f5e456f7b141e1ba1d153c2b6ebceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 2979
etag: W/"22f7e3545bf8cba3cac43d34db3357ed"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7f00ca923cfc4bb9-YUL
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Fri, 04 Aug 2023 20:22:06 GMT

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 166 KB
61 KB 52ms
51ms Script
application/javascript 2607:f8b0:4020:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-K9ZDGR4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f9550540617f2607c6051d537776c61c88ae0615257694e7dbeced8126abd382

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 62388
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 01 Aug 2023 20:22:06 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 11ms
11ms Script
text/javascript 2607:f8b0:4020:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 01 Aug 2023 18:37:29 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6277
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 01 Aug 2023 20:37:29 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/ 3 KB
2 KB 182ms
132ms Script
text/javascript 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/?random=1690921326490&cv=11&fst=1690921326490&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&auid=1695687676.1690921326&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba3020a286a8eb583dee499f49804efc9c44175f36472d80d367d41a1b711d12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1504
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hotjar-2714452.js Show response
static.hotjar.com/c/ 10 KB
4 KB 158ms
97ms Script
application/javascript 3.162.3.96

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2714452.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.162.3.96 , United States, ASN (),

Reverse DNS

server-3-162-3-96.yul62.r.cloudfront.net

Software

Resource Hash

5ba7b37c4437d1d48c96d428d4434269c1cefb6956ab396dd2c640340fea07fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Tue, 01 Aug 2023 20:22:06 GMT
via: 1.1 b9608c5d714fa42feebf61497cac7bd4.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
etag: W/1ff907b1ef161de796c9eaaedef6000c
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: HKfT05Jd4rwi9BCicul4Hn4Zrsi9JF627hQvgsQy84Q-OWC-cSd7IA==

GET
H2 200 bat.js Show response
bat.bing.com/ 42 KB
13 KB 83ms
37ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 01 Aug 2023 20:22:05 GMT
last-modified: Fri, 28 Jul 2023 18:19:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F2B322F18858476490CBFB18447A0D00 Ref B: YMQ01EDGE0522 Ref C: 2023-08-01T20:22:06Z
etag: "806f3b1280c1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12469

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 54ms
10ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H/1.1 200
OK 56a667965d8d21035d00000d.js Show response
tag.marinsm.com/serve/ 12 KB
4 KB 65ms
11ms Script
text/javascript 151.101.128.65
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.marinsm.com/serve/56a667965d8d21035d00000d.js

Requested by

Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.65 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Cowboy /

Resource Hash

f0dbd5ad7b0ead52f6375610e738f5727261715f392d0892047e160f50138f5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 20:22:06 GMT
Via: 1.1 vegur, 1.1 varnish
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Age: 1636
X-Cache: HIT
Connection: keep-alive
Content-Length: 3894
X-Served-By: cache-yul12834-YUL
Server: Cowboy
X-Timer: S1690921327.563520,VS0,VE0
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=1800
Accept-Ranges: bytes
X-Cache-Hits: 2

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 114ms
37ms Script
application/x-javascript 104.77.252.113
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.77.252.113 Boston, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-77-252-113.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 20:22:06 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H/1.1 200
OK bf-munchkin.min.js Show response
munchkin.brightfunnel.com/js/build/ 20 KB
7 KB 64ms
12ms Script
application/javascript 3.161.213.15

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Requested by: Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.213.15 , United States, ASN (),
Reverse DNS: server-3-161-213-15.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 012743d9f8e3a8cb9fd4a9466aa2eb026a53d446d530d60440463e555ad0fc87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: null
Content-Encoding: gzip
Via: 1.1 f0d805e341a04f5774e9d3de6f38e1e8.cloudfront.net (CloudFront)
Date: Tue, 01 Aug 2023 20:18:20 GMT
X-Amz-Cf-Pop: YUL62-P1
Age: 227
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 16 Jun 2021 18:10:10 GMT
Server: AmazonS3
ETag: W/"20317c42053d4a6e5ba388544778b12a"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=300
X-Amz-Cf-Id: 3aIxSs_6T6VtBVa_hB0sCsHe05idc6prcWmlXttYNFKrd_HG9Q-6WA==

GET
H2 200 qevents.js Show response
a.quora.com/ 40 KB
14 KB 81ms
25ms Script
text/plain 162.159.152.17
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.159.152.17 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a15bef5551f730c8269a1cba57c370099d559defd996193c80a477c411081ca2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
x-amz-version-id: VqBO7svKfismDjrOf54BMqOIARlRLNs7
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: EFHR3G5GTGQA71CH
age: 4012332
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BK/ROoScV68EuoV+02aoVjqhDqCbCQRyRQBXfzSS4mZCsmdX+tx3ckGhVazbLNyeb4CIhuyj9tNuPBfbUdnPpWM5v2t9D1znTtGlu4SQxBA=
last-modified: Sat, 22 Apr 2023 01:03:41 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: md5:47078e63380c6b0cbbfb6d8508b25ee7
etag: W/"47078e63380c6b0cbbfb6d8508b25ee7"
vary: Accept-Encoding
content-type: text/plain
cache-control: public, max-age=14400
cf-ray: 7f00ca9318ffa1e7-YYZ
expires: Wed, 02 Aug 2023 00:22:06 GMT

GET
H2 200 client.js Show response
cdn.abrankings.com/js/ 35 KB
8 KB 62ms
11ms Script
application/javascript 2600:9000:26a0:6e00:11:8a36:7200:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.abrankings.com/js/client.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a0:6e00:11:8a36:7200:93a1 , United States, ASN (),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 6782c26e66d8abbe5816cd0222f41c431399582ce9b59805bffda7572e7ba288

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: public
date: Sun, 16 Jul 2023 14:26:34 GMT
content-encoding: gzip
via: 1.1 fb7b65b8cad8124239a4b25728a84288.cloudfront.net (CloudFront)
last-modified: Tue, 14 Jun 2022 17:44:33 GMT
server: nginx/1.20.1
x-amz-cf-pop: YUL62-P2
age: 1403732
etag: W/"62a8c901-8d68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=15552000, public
x-amz-cf-id: essS6ruujKJO5hQ3SImqz_sltHremNRHPpijvQVlXKn85GcXTxB7Eg==
expires: Fri, 12 Jan 2024 14:26:34 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 176 KB
64 KB 51ms
51ms Script
application/javascript 2607:f8b0:4020:804::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10604934

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f3a2554c9a759a17aa3c9d8118108b5ee407f14435ddd03ce8ce2b0368acd7b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65243
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 01 Aug 2023 20:22:06 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 48 KB
14 KB 117ms
30ms Script
application/javascript 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-40-206.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jul 2023 16:27:10 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64b9605e-bf6f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14190
expires: Tue, 01 Aug 2023 20:22:06 GMT

GET
H2 200 stat.js Show response
www.clickcease.com/monitor/ 171 KB
54 KB 104ms
22ms Script
application/javascript 2600:9000:26a0:9000:15:a0d3:77c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.clickcease.com/monitor/stat.js

Requested by

Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26a0:9000:15:a0d3:77c0:93a1 , United States, ASN (),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4f9687af855e3702920c9feedcf07596807bf43bcd8de0b543ffee66f98e1a22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: 6Er2d0GJvgnFniPQXIH7h8kzG7dJBNJf
content-encoding: gzip
via: 1.1 327dc9ff74acc5a845efbe2daefaec7a.cloudfront.net (CloudFront)
date: Tue, 01 Aug 2023 20:22:05 GMT
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self' https://clickcease.com https://*.clickcease.com; upgrade-insecure-requests;
x-amz-cf-pop: YUL62-P2
age: 2
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000; includeSubDomains
x-cache: Hit from cloudfront
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 22 Nov 2022 11:31:37 GMT
server: AmazonS3
etag: W/"1c27f449b067550681f23ad3e53988fa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: microphone 'none'; camera 'none';
x-amz-cf-id: Tv2fnEQtOW2clGRe8tUtcr_A5XvMJN6TAozgqb9mbkSNwv6iAJd4tQ==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 5 KB
3 KB 51ms
10ms Script
application/x-javascript 3.161.209.109

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.209.109 , United States, ASN (),
Reverse DNS: server-3-161-209-109.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 20:10:52 GMT
Content-Encoding: gzip
Via: 1.1 05515d3ee39ade93c9eed3120029b212.cloudfront.net (CloudFront)
Last-Modified: Tue, 01 Aug 2023 20:10:44 GMT
Server: AmazonS3
X-Amz-Cf-Pop: YUL62-P1
Age: 675
ETag: W/"b7474eac210849250426a8f6a39d00f3"
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: k78H2689_QCJkVj9P_Xi0Vu06sLcZqF9w5BjQsVv55Tv-UwX-NRgcQ==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 184 KB
66 KB 53ms
51ms Script
application/javascript 2607:f8b0:4020:804::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-13115870

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a39422269e06c613c1b5348a205015c8ad80c1fe3d50c84fa36f0bf18fc5b271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67232
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 01 Aug 2023 20:22:06 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 88ms
24ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 15:55:14 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kiad7000055-IAD

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 224 KB
77 KB 62ms
61ms Script
application/javascript 2607:f8b0:4020:804::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10940107324

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c04111a0f3f11aef1ab15cd15ca8ad03dd4f64982de1701becafc1e793e63ec1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78542
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 01 Aug 2023 20:22:06 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 87ms
25ms Script
text/javascript 34.193.114.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.114.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-114-176.compute-1.amazonaws.com
Software: /
Resource Hash: 8f1b4704bf21998a0053b506983c83b744af4a082efa82bb5bb6b0742d38a876

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 01 Aug 2023 20:22:06 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 forms2.css
go.sentinelone.com/js/forms2/css/ 13 KB
3 KB 39ms
28ms Stylesheet
text/css 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 2189
etag: "1b6119d-3437-60062cdee3780"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7f00ca92f985a22c-YYZ
content-length: 2623
expires: Wed, 02 Aug 2023 00:22:06 GMT

GET
H2 200 forms2-theme-plain.css
go.sentinelone.com/js/forms2/css/ 828 B
344 B 40ms
31ms Stylesheet
text/css 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 2189
content-length: 246
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
etag: "c807ee-33c-60062cdee3780"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 7f00ca92f987a22c-YYZ
expires: Wed, 02 Aug 2023 00:22:06 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/ 36 B
377 B 98ms
18ms XHR
application/json 2600:9000:269f:8200:2:53b2:240:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:269f:8200:2:53b2:240:93a1 , United States, ASN (),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 19:48:37 GMT
content-encoding: gzip
via: 1.1 19298b403c16e472e8e1bf4122960db4.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
age: 2009
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: rvt8ewDGYKkN7enFkQdcJHXmPBw3HT8uTexAxv403tBUUwXmk8YHRQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432890%26time%3D1690921326543%26url%3Dhttps%253A%252F%252Fwww.sentinelone.com%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%...

0
487 B

94ms
56ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&cookiesTest=true&liSync=true&e_ipv6=AQLdsbF4mvI18gAAAYmyw9qzI6l98yJxr3Bp8QImmyf46aUbXS-63MkDIdgCkorpopxtQ4ya
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 9794DB554A1049D7AF390B40728EDA64 Ref B: YMQ01EDGE0609 Ref C: 2023-08-01T20:22:07Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYB4k0Q86XSZtVpuVaAgA==

Redirect headers

date: Tue, 01 Aug 2023 20:22:06 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D555A6CE80F34EC4BF6641112D1FF3B0 Ref B: YMQ01EDGE0613 Ref C: 2023-08-01T20:22:07Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&time=1690921326543&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&cookiesTest=true&liSync=true&e_ipv6=AQLdsbF4mvI18gAAAYmyw9qzI6l98yJxr3Bp8QImmyf46aUbXS-63MkDIdgCkorpopxtQ4ya
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYB4k0OHdesUQAlu5ZTLQ==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/ 36 B
375 B 20ms
19ms XHR
application/json 2600:9000:269f:8200:2:53b2:240:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/432890/domain/sentinelone.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:269f:8200:2:53b2:240:93a1 , United States, ASN (),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 19:48:37 GMT
content-encoding: gzip
via: 1.1 19298b403c16e472e8e1bf4122960db4.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P1
age: 2009
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: BQnNBIfe3T9PNb1kaLhQryRmOoPG3gfJmrUL57Lj9t795gzNKha0iw==

POST
H2 200 p Show response
e.calibermind.com/v1/ 16 B
633 B 196ms
134ms Fetch
application/json 2606:4700:3031::ac43:d595
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://e.calibermind.com/v1/p

Requested by

Host: cdn.calibermind.com
URL: https://cdn.calibermind.com/a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::ac43:d595 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-max-age: 900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MlsIqSblSfbwxXq4mgLkOq0J%2Fd5841kChrJZYhuuUN6Y%2FUuT8eXdWwYmt%2FfU0fS6JC%2BzgZWCg11xnmH3pdYlIpJSK1VVVQ%2BPPgsKax9mZ8gnuoNicdjbGnffZlzVR%2BFkl%2FUuRqUUK4y5sMKgNFV5ng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 7f00ca95095253e3-YYZ
alt-svc: h3=":443"; ma=86400
access-control-allow-headers: Content-Type,Authorization
content-length: 16
x-request-id: 6d828855-c189-4fcd-9e91-915ec0b2d12f

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/0e6aaa83/www-widgetapi.vflset/ 203 KB
63 KB 14ms
10ms Script
text/javascript 2607:f8b0:4020:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/0e6aaa83/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

318c61b55db791b395ff4b675c520c3947692ec0d855d976f33295ff4a9073f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:05:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65772
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64246
x-xss-protection: 0
last-modified: Tue, 25 Jul 2023 23:37:22 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 31 Jul 2024 02:05:54 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 13 KB
3 KB 35ms
33ms Fetch
application/json 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: r7t3xbAZ3QK/7lQuu5X7ww==
age: 63420
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2950
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:51 GMT
server: cloudflare
etag: 0x8D96DBF68EC8D5B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 0e75d206-d01e-00b1-14e1-5a209b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f00ca952dc0715a-YUL

GET
H2 200 otPcPanel.json Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/ 47 KB
11 KB 36ms
34ms Fetch
application/json 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/v2/otPcPanel.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49f1fe168324ed0f76fbbab536b991c992296cd48da5ce9dd8bc8ea55e2ef946

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Aug 2023 20:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 57AUyP21eMxOiwzpGGh99A==
age: 63420
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11457
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:11:53 GMT
server: cloudflare
etag: 0x8D96DBF6A0C163B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 526a64c6-301e-007c-14e1-5a45d3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7f00ca952dc4715a-YUL

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/6.23.0/assets/ 20 KB
4 KB 31ms
30ms Fetch
text/css 2606:4700::6812:a972
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.23.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a972 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Ye6OeZcNyuFoWog7CYs00A==
age: 12201
x-ms-lease-status: unlocked
last-modified: Thu, 02 Sep 2021 03:12:05 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 960abd06-f01e-0180-53e1-5a3d19000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7f00ca952dc6715a-YUL

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 61ms
28ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1690921326900&id=undefined&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=6c2a2c11-dc34-48ed-9e17-a9cc20747248&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H/1.1

200
OK

tagjs Show response
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/tagjs?a_id=56252&source=js_tag
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag

125 B
454 B

27ms
26ms

Script
text/javascript

50.17.228.238
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: HTTP/1.1
Server: 50.17.228.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-17-228-238.compute-1.amazonaws.com
Software: /
Resource Hash: ea1ee34c0f34a457f51ae070d649a9f1df3aa9b0fa8b56d31028c54df664e3b1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 125
Content-Type: text/javascript

Redirect headers

Location: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

POST
H/1.1 200
OK sd Show response
api.brightfunnel.com/v1/ 4 B
542 B 586ms
509ms XHR
application/json 3.162.3.9

General

Check archive.org

Show headers Download Go to

Full URL: https://api.brightfunnel.com/v1/sd
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.9 , United States, ASN (),
Reverse DNS: server-3-162-3-9.yul62.r.cloudfront.net
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept: application/json
Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

Date: Tue, 01 Aug 2023 20:22:07 GMT
Via: 1.1 141b2a0bfdcf3225afbe04affb901120.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: YUL62-P2
X-Amzn-Trace-Id: Root=1-64c9696f-2bb423e4095dcf6331735c17;Sampled=0;lineage=9409b995:0
x-amzn-RequestId: 426b10d3-9ca0-4f09-bd03-7ac96b719a81
X-Cache: Miss from cloudfront
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
x-amz-apigw-id: I_1pZGdIoAMFrOg=
Content-Length: 4
X-Amz-Cf-Id: S4snLPjMmezJGYywDNSy32tUyn7KOuduM0M8wgyl6V-v4-ortag5aw==

POST
H/1.1 200
OK sd Show response
api.brightfunnel.com/v1/ 4 B
542 B 1041ms
967ms XHR
application/json 3.162.3.9

General

Check archive.org

Show headers Download Go to

Full URL: https://api.brightfunnel.com/v1/sd
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.162.3.9 , United States, ASN (),
Reverse DNS: server-3-162-3-9.yul62.r.cloudfront.net
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept: application/json
Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

Date: Tue, 01 Aug 2023 20:22:07 GMT
Via: 1.1 1bffd64b2a2fa20ecc97fd2f8e605ec4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: YUL62-P2
X-Amzn-Trace-Id: Root=1-64c9696f-69c8fcff766080d474094e1c;Sampled=0;lineage=9409b995:0
x-amzn-RequestId: 19dbd222-b23c-4e8c-a63e-aa91c6ccd665
X-Cache: Miss from cloudfront
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
x-amz-apigw-id: I_1pZF3UoAMF-Uw=
Content-Length: 4
X-Amz-Cf-Id: UDSbX1nGwwGmH-C3TGQlYclA_IqZSfCo_LYXrRuUIsoiKn6-qagpqQ==

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 57ms
57ms Script
application/x-javascript 104.77.252.113
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.77.252.113 Boston, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-77-252-113.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 20:22:06 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Thu, 09 Nov 2023 20:22:06 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/ea333f827b114f8cb49ce787666ea90b/ 43 B
420 B 107ms
25ms Image
image/gif 52.4.10.49
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://q.quora.com/_/ad/ea333f827b114f8cb49ce787666ea90b/pixel?j=1&u=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&tag=ViewContent&ts=1690921326918

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.4.10.49 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-4-10-49.compute-1.amazonaws.com

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 20:22:07 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: ,b6a38d0ba27f69fdfb858c47326b7cc0,10.0.0.247,62464,149.56.153.183,,6157028436,1,1690921327.013,0.001,,.,0,0,0.000,0.000,-,0,0,197,82,41,10,35796,,,,,,-,
Content-Type: image/gif

GET
H2 200 modules.c4770505768b5ede43ea.js Show response
script.hotjar.com/ 227 KB
56 KB 48ms
11ms Script
application/javascript 3.162.3.117

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.c4770505768b5ede43ea.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2714452.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.162.3.117 , United States, ASN (),

Reverse DNS

server-3-162-3-117.yul62.r.cloudfront.net

Software

Resource Hash

b7a9cde8317792327c112065ec423196947efcc8059b14745c6a1c59cd77a66a

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 11:39:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 3c503941ffd955a9223590c80d8af4c2.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-P2
age: 31379
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56523
last-modified: Tue, 01 Aug 2023 11:38:27 GMT
etag: "42a641210bfde3da54995de5ace993eb"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: XuDQVdTrMP8Y8tCMCuzQYE5VXEORM4ZpA3GJ-HBPN6-ps3lieQ_m7g==

GET
H2 200 / Show response
c.6sc.co/ 7 B
196 B 30ms
18ms XHR
text/html 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-33-40-206.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:06 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
313 B 102ms
21ms XHR
text/html 2600:1400:d::1721:ee69
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:d::1721:ee69 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 7909ac26c94c9592b7f3d0ce6d28b3921556d78b8bf9c72e91c35f410333685b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.sentinelone.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2607:5300:60:7867::6
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1690921326975_388099685_1004442105_28_1161_17_0_219";dur=1
content-length: 20
expires: Tue, 01 Aug 2023 20:22:07 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 105ms
40ms Image
image/gif 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=0e2fcf5d-69ad-4c79-8cbb-500ebb9515f3&session=f6844352-9025-469c-8a89-750c7e66c49c&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2001%20Aug%202023%2020%3A22%3A06%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2020%3A22%3A06%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%223576c97e67a9b7f8553a44ff1cc54791%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2020%3A22%3A06%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2020%3A22%3A06%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2020%3A22%3A06%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%228ba4c5a3fa178cfadac2b61291295db2874be830%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2020%3A22%3A06%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20threat%20actors%20seek%20to%20evade%20detection%20through%20a%20variety%20of%20PowerShell%20obfuscation%20techniques%20in%20this%20guest%20post%20by%20Ankith%20Bharadwaj.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne%22%7D&cb=&r=https%3A%2F%2Fgo2.sentinelone.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&pageViewId=9cced93b-4750-4116-840a-fa909574d5aa&v=1.1.5

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-40-206.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/970186784/ 42 B
455 B 94ms
41ms Image
image/gif 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970186784/?random=1690921326490&cv=11&fst=1690920000000&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&fmt=3&is_vtc=1&random=1069068774&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/970186784/ 42 B
455 B 82ms
38ms Image
image/gif 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/970186784/?random=1690921326490&cv=11&fst=1690920000000&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&fmt=3&is_vtc=1&random=1069068774&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 24ms
23ms Stylesheet
text/css 34.193.114.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.114.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-114-176.compute-1.amazonaws.com
Software: /
Resource Hash: d4c7f6759613a01167bfc91a8e2fbefd83636b635cb99287c0621791ae0f6d38

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 01 Aug 2023 20:22:06 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 73ms
24ms Fetch
image/jpeg 34.193.114.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.114.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-114-176.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 01 Aug 2023 20:22:06 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 73ms
25ms Fetch
image/jpeg 34.193.114.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.114.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-114-176.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 01 Aug 2023 20:22:06 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 adsct
t.co/1/i/ 43 B
376 B 236ms
121ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=41c72880-bb49-46fc-93b6-e6a6053af6f3&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d5580c42-94e4-47a4-966e-28baf12e950f&tw_document_href=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&tw_iframe_status=0&txn_id=nv1yw&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-response-time: 73
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 31041c211e0ba563
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 7da07817e279a86b22aab2a4faf5b0dc1f5f92094e69c2808b557efb1a243ac8
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
726 B 201ms
106ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=41c72880-bb49-46fc-93b6-e6a6053af6f3&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d5580c42-94e4-47a4-966e-28baf12e950f&tw_document_href=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&tw_iframe_status=0&txn_id=nv1yw&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-response-time: 73
date: Tue, 01 Aug 2023 20:22:06 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: b9aef92e0f55fe7e
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: cb121f0b32131db21fb41331cc5fb627e654445b4870738c2ea87a5ff6bf4c50
content-length: 43

GET
H3 200 zYX9KVElMYYaJe8bpLHnCwDKjXr8AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ 20 KB
20 KB 15ms
14ms Font
font/woff2 2607:f8b0:4020:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjXr8AIFsdA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:300,300i,400,400i,700,700i

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd8cf80ac0e7f7fa126a0cbe0f16d568325a156ca744e8f1e6aef14a9f23e2b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.sentinelone.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 01:13:47 GMT
x-content-type-options: nosniff
age: 587300
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20352
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:04:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 25 Jul 2024 01:13:47 GMT

GET
H2 200 XDFrame Show response
go.sentinelone.com/index.php/form/ Frame F3DB 2 KB
890 B 70ms
67ms Document
text/html 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/index.php/form/XDFrame

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

64d117a5cdaf7b8aa3bc5ff1abeec0e1d98b834782d49f34260c4e1ecc7ec4c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 7f00ca960d53a22c-YYZ
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 01 Aug 2023 20:22:07 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10940107324/ 3 KB
2 KB 889ms
887ms Script
text/javascript 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10940107324/?random=1690921327064&cv=11&fst=1690921327064&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&auid=1695687676.1690921326&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10940107324

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c578d926fdfe6ce7705890158ad92c540851b1216572751d99eb84e5b32f890

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1521
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/462891735/ 3 KB
2 KB 751ms
751ms Script
text/javascript 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/462891735/?random=1690921327081&cv=11&fst=1690921327081&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&auid=1695687676.1690921326&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10940107324

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe9cee45e2e4d69ab7d626ac122cedb941e16844067758eac5d958959301faf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1518
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 134618848.js Show response
bat.bing.com/p/action/ 0
117 B 36ms
35ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/134618848.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 01 Aug 2023 20:22:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D77A758EAC634401A3294BAFA33713B9 Ref B: YMQ01EDGE0522 Ref C: 2023-08-01T20:22:07Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
359 B 41ms
40ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=134618848&tm=gtm002&Ver=2&mid=30b5cccb-86cc-4212-8bda-802fc4953947&sid=15f9334030a911eeb66b557ada9bfa34&vid=15f94e1030a911eeb909ff1c4a13fc8a&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&p=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&r=https%3A%2F%2Fgo2.sentinelone.com%2F&lt=5482&evt=pageLoad&sv=1&rn=183557

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 01 Aug 2023 20:22:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EF3B664F6C6E40B6A9B762FC7E270527 Ref B: YMQ01EDGE0522 Ref C: 2023-08-01T20:22:07Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 34ms
34ms XHR
text/plain 2607:f8b0:4020:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1938215163&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&dr=https%3A%2F%2Fgo2.sentinelone.com%2F&ul=en-us&de=UTF-8&dt=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABQAAAACAAI~&jid=198702963&gjid=959600174&cid=1946957608.1690921326&tid=UA-38175129-1&_gid=699274104.1690921327&_r=1&_slc=1&gtm=45He37q0n71KGGXSJ&z=1545144850

Requested by

Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/acaf2329-c613-4dbe-a651-1ed5a45c3762/ 3 KB
2 KB 62ms
47ms Script
text/javascript 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/acaf2329-c613-4dbe-a651-1ed5a45c3762/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6de7054ecd121e63659791878b1cb8a2e0934dce6c12867764d47edd6182b3e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
cf-polished: origSize=3460
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: d4ad72f8-2765-4f3b-80cf-a2efbcc5210e
x-runtime: 0.039297
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"304339996de2ac2e5a054e9006733c65"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 7f00ca973d434bb9-YUL
access-control-allow-headers: SDK-Version
expires: Tue, 01 Aug 2023 21:22:07 GMT

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/ZQoyHXFTqngPcfcB/ Frame 600E 6 KB
3 KB 124ms
47ms Document
text/html 54.211.223.24
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/ZQoyHXFTqngPcfcB/messenger?uuid=c405e29e-fe25-4be1-8caf-f8f7d9809752

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=ZQoyHXFTqngPcfcB

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.211.223.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-211-223-24.compute-1.amazonaws.com

Software

Resource Hash

3550d561a393ccafea62d645022c2dee99a478b65c01f518660ea54347b370c4

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Length: 1728
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Tue, 01 Aug 2023 20:22:07 GMT
Etag: W/"3550d561a393ccafea62d645022c2dee"
Link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (devel)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 71187ac9-101e-2adf-47c8-cba832fd7453
X-Runtime: 0.021375
X-Xss-Protection: 1; mode=block

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ Frame F3DB 208 KB
69 KB 36ms
33ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://go.sentinelone.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Thu, 13 Jul 2023 18:50:22 GMT
server: cloudflare
age: 5825
etag: "c807f5-34099-60062cdee3780"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 7f00ca976eeea22c-YYZ
expires: Wed, 02 Aug 2023 00:22:07 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 728 B
578 B 82ms
28ms XHR
application/json 18.232.216.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.216.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-232-216-40.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a05f37d89bba41883bc0449d503439250a4701fa4eaed58c8c1ebe93723195c6

Request headers

Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
Authorization: Token 8ba4c5a3fa178cfadac2b61291295db2874be830
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
X-6s-CustomID: WebTag1.0 3576c97e67a9b7f8553a44ff1cc54791

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
content-length: 390

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 97ms
27ms Preflight 18.232.216.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.232.216.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-232-216-40.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.sentinelone.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.sentinelone.com
access-control-max-age: 1800
date: Tue, 01 Aug 2023 20:22:07 GMT
server: nginx

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 43ms
42ms Image
image/gif 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=3576c97e67a9b7f8553a44ff1cc54791&svisitor=null&visitor=0e2fcf5d-69ad-4c79-8cbb-500ebb9515f3&session=f6844352-9025-469c-8a89-750c7e66c49c&event=ipv6&q=%7B%22address%22%3A%222607%3A5300%3A60%3A7867%3A%3A6%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20how%20threat%20actors%20seek%20to%20evade%20detection%20through%20a%20variety%20of%20PowerShell%20obfuscation%20techniques%20in%20this%20guest%20post%20by%20Ankith%20Bharadwaj.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne%22%7D&cb=&r=https%3A%2F%2Fgo2.sentinelone.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&pageViewId=9cced93b-4750-4116-840a-fa909574d5aa&v=1.1.5

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-40-206.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK tv2track.js Show response
collector-5527.tvsquared.com/ 0
190 B 413ms
96ms Script
application/javascript 52.212.193.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-5527.tvsquared.com/tv2track.js
Requested by: Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.193.58 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-193-58.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 20:22:07 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
Content-Type: application/javascript, application/javascript

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 172 KB
47 KB 59ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: go2.sentinelone.com
URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c99ff58c3dc4deb821c87dc9c45aed4af66541ceb1b0f62ec208114ffc37dbf4

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 01 Aug 2023 20:22:07 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47198
x-xss-protection: 0
pragma: public
x-fb-debug: MGbmw80pU0hI3LmAFqUv51S37m/y4fFul/hGIX7qBr6eU6DrIXyAVfYXEP6caf6U3N8Ympz12go1YNdvvhnPNQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 53 KB
19 KB 111ms
25ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.23.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: BunnyCDN-NY1-885 /
Resource Hash: 64ca0467fb4d0b14d0d403291c23dcf391c1a7a908307b094ddf6c978960f4e8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: br
cdn-edgestorageid: 885
perma-cache: HIT
cdn-storageserver: NY-427
cdn-cachedat: 07/31/2023 21:41:16
cdn-pullzone: 293267
last-modified: Mon, 31 Jul 2023 21:41:16 GMT
server: BunnyCDN-NY1-885
cdn-fileserver: 388
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64c82a7c-d3b1"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: e492bc9a57ed8f15891aa7138b538a0b
cdn-requestcountrycode: CA
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/970186784/ 3 KB
2 KB 94ms
46ms Script
text/javascript 172.217.13.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/970186784/?random=1690921327395&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&label=P7U6CJqLydsBEKDAz84D&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&value=0&bttype=purchase&auid=1695687676.1690921326&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s04-in-f2.1e100.net

Software

cafe /

Resource Hash

9ac79c7f0f70a211f79c8e15b8cfecd07fb58941637ee05e9f92efc952ad39f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1818
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

activityi;dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~... Show response
13115870.fls.doubleclick.net/ Frame 5FCC
Redirect Chain

https://13115870.fls.doubleclick.net/activityi;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=...
https://13115870.fls.doubleclick.net/activityi;dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;u...

665 B
764 B

41ms
39ms

Document
text/html

172.217.13.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://13115870.fls.doubleclick.net/activityi;dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-13115870

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s05-in-f6.1e100.net

Software

cafe /

Resource Hash

29c70ae16647587eedbdb67369f0e3b1c540d7b0e898ca078c77200e80fc6d0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 426
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 01 Aug 2023 20:22:07 GMT
expires: Tue, 01 Aug 2023 20:22:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 01 Aug 2023 20:22:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://13115870.fls.doubleclick.net/activityi;dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=432890&conversionId=2402852&fmt=gif
https://px4.ads.linkedin.com/collect?pid=432890&conversionId=2402852&fmt=gif&e_ipv6=AQI_oC_oMisZ1QAAAYmyw9thBToByLKzUIB7SKm0NHwH7_EpU9_jVzTuF68XfvJvvk9hBgX9

43 B
248 B

49ms
48ms

Image
image/gif

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?pid=432890&conversionId=2402852&fmt=gif&e_ipv6=AQI_oC_oMisZ1QAAAYmyw9thBToByLKzUIB7SKm0NHwH7_EpU9_jVzTuF68XfvJvvk9hBgX9
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: gzip
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 55B12FC34E2543DE94D4E7D2C64096A3 Ref B: YMQ01EDGE0609 Ref C: 2023-08-01T20:22:07Z
linkedin-action: 1
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
content-type: image/gif
x-li-proto: http/2
content-length: 65
x-li-uuid: AAYB4k0SroCkiFe0dFWz8w==

Redirect headers

date: Tue, 01 Aug 2023 20:22:06 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 2C8965ED8182405B8B8AE28070692845 Ref B: YMQ01EDGE0613 Ref C: 2023-08-01T20:22:07Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?pid=432890&conversionId=2402852&fmt=gif&e_ipv6=AQI_oC_oMisZ1QAAAYmyw9thBToByLKzUIB7SKm0NHwH7_EpU9_jVzTuF68XfvJvvk9hBgX9
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYB4k0Qzydia+3gv4XuUQ==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
352 B 89ms
32ms XHR
text/plain 2607:f8b0:4004:c19::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-38175129-1&cid=1946957608.1690921326&jid=198702963&gjid=959600174&_gid=699274104.1690921327&_u=YADAAEAAQAAAACAAI~&z=1116024544

Requested by

Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 01 Aug 2023 20:22:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 messenger-94e6eccc.chunk.css
assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame 600E 35 KB
7 KB 36ms
23ms Stylesheet
text/css 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-amz-version-id: xm0gw.93fztKcmYP8z3pXD4CrIEV70jf
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: R99GVZG56XM7BX60
age: 674
x-amz-server-side-encryption: AES256
x-amz-id-2: 2P4YE1jx+GzjAtZQQbttnKdJMz8/Hkq1meJJt3J2CDcIui5vB4OoVEt49AwwXS7BiW3P9FfigFA=
last-modified: Thu, 13 Jul 2023 02:32:49 GMT
server: cloudflare
etag: W/"a788ecf510f83ee517cbaf79306145dd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 7f00ca98aae64bd0-YUL
expires: Wed, 02 Aug 2023 00:22:07 GMT

GET
H2 200 messenger-84a66aeb.chunk.css
assets.qualified.com/packs/css/widget/sandboxed/ Frame 600E 5 KB
1 KB 33ms
20ms Stylesheet
text/css 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-84a66aeb.chunk.css
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-amz-version-id: kfRfnMRS91rz_MmUePuyQ0M07JggRA33
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: WHMXM3SBD2HJHKMF
age: 674
x-amz-server-side-encryption: AES256
x-amz-id-2: qI3uS1WQ3p2NlV0q+64RAOUVBYxA8NopB83lkwih1hh0LecDS4d0BdhHOmYQAtjBNOal6akC5fE=
last-modified: Fri, 16 Jun 2023 23:12:14 GMT
server: cloudflare
etag: W/"22d5f23e695250d3c5a5b1e76a015c5e"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 7f00ca98aaec4bd0-YUL
expires: Wed, 02 Aug 2023 00:22:07 GMT

GET
H2 200 messenger~runtime-6a4e9083e9c364d10230.js Show response
assets.qualified.com/packs/js/widget/sandboxed/ Frame 600E 2 KB
1 KB 29ms
27ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-6a4e9083e9c364d10230.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/ZQoyHXFTqngPcfcB/messenger?uuid=c405e29e-fe25-4be1-8caf-f8f7d9809752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee30819156a2e4fba475c4c137b3d89fa1fe6a23c4a0d0eb1ac0f38b67ef569d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-amz-version-id: RiYv72ImZJofZk2i44LHSJxWN6TAKA13
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: KK74VCG8YCFBW511
age: 5706
x-amz-server-side-encryption: AES256
x-amz-id-2: FftRKwPL0GAD7WJ6dJ6zGmRi+on4n+G4UUsct+s9PmjtkpmqgAxBfl3z5ltylItEaBjxpOKcioswQ9J6C26/2f0LuoFdOGEA
last-modified: Tue, 01 Aug 2023 02:38:54 GMT
server: cloudflare
etag: W/"caf39445cd2b563bd3ba79d384176548"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7f00ca992ba74bd0-YUL
expires: Wed, 02 Aug 2023 00:22:07 GMT

GET
H2 200 messenger-4a9fb047a1bc69c7e0b6.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame 600E 1 MB
359 KB 29ms
26ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-4a9fb047a1bc69c7e0b6.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/ZQoyHXFTqngPcfcB/messenger?uuid=c405e29e-fe25-4be1-8caf-f8f7d9809752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 894af40d599de36ac704a310b26350926a9c491e49cae81d199f868d01de3ae9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-amz-version-id: vE7uuPxo2LG2MlBY3LZGEJFEoDiT9Xvw
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: KK72GPVC5HFBSZFR
age: 5706
x-amz-server-side-encryption: AES256
x-amz-id-2: farvZ/VHwqIVfYnh8ncGu3iipUdgOJDJoeL9Kmw+eJvvxVoECnJErGZAxAPN/tNMBR2C4r5Ge59ZER1mnwBnlRyVnwh9rbNC
last-modified: Tue, 01 Aug 2023 02:38:54 GMT
server: cloudflare
etag: W/"9dad151647f8b45e033ea452f5685e3b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7f00ca992bab4bd0-YUL
expires: Wed, 02 Aug 2023 00:22:07 GMT

GET
H2 200 messenger-53912a5f858ffe102dee.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame 600E 605 KB
159 KB 43ms
41ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-53912a5f858ffe102dee.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/ZQoyHXFTqngPcfcB/messenger?uuid=c405e29e-fe25-4be1-8caf-f8f7d9809752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e73ff13cd209b6dd677130964d4322e5f960aa338ddb56bdc3b7eb92be93d118

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-amz-version-id: QEzFsF998L2y1QyybMh5akpmhbvqz5EI
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: KK7B2X5HPD7QE2EV
age: 5706
x-amz-server-side-encryption: AES256
x-amz-id-2: 1bTDSTGZi0fVXHeHz0p8VurYVB8Ah96yiyzCuLZvvDrGq13Yy6bZHI1iMl4kzyD4i6Rob/rk2VU=
last-modified: Tue, 01 Aug 2023 02:38:54 GMT
server: cloudflare
etag: W/"f00fa397cf6dfc0841370387191bcab3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 7f00ca992bae4bd0-YUL
expires: Wed, 02 Aug 2023 00:22:07 GMT

GET
H2 200 Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 600E 97 KB
97 KB 86ms
51ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/ZQoyHXFTqngPcfcB/messenger?uuid=c405e29e-fe25-4be1-8caf-f8f7d9809752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-amz-version-id: Ts0p7fbKsZIFu_VEk6HOvm9iYpTRKuos
cf-cache-status: HIT
x-amz-request-id: TFBMFFTJDRB6B1D3
age: 16294734
content-length: 98868
x-amz-id-2: 3te39S5cuhgy5VY13c22lT0w9cn0GBvKdviY1iSo63q15j4O11VJLvUCkb1jXxu47NHTTjO9d2E=
last-modified: Thu, 08 Dec 2022 23:17:25 GMT
server: cloudflare
etag: "dc131113894217b5031000575d9de002"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 7f00ca98dd40ecea-YUL
expires: Thu, 01 Aug 2024 02:22:07 GMT

GET
H2 200 Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 600E 103 KB
104 KB 73ms
38ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/ZQoyHXFTqngPcfcB/messenger?uuid=c405e29e-fe25-4be1-8caf-f8f7d9809752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
x-amz-version-id: ePBeoMCujYBxKBCWHO9COs36tHcpJSw9
cf-cache-status: HIT
x-amz-request-id: TFBWW1JVPQSPPCDW
age: 16294734
content-length: 105804
x-amz-id-2: m2mlIyy8qNLqOs0dBqvTnLFauXeWvW0zCjcSVDV2qJMxcUb4SPICwSc1h1tFF7ja45eKdI3ysUs=
last-modified: Thu, 08 Dec 2022 23:17:25 GMT
server: cloudflare
etag: "007ad31a53f4ab3f58ee74f2308482ce"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 7f00ca98dd42ecea-YUL
expires: Thu, 01 Aug 2024 02:22:07 GMT

GET
H2 204 0
bat.bing.com/action/ 0
121 B 34ms
33ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=134618848&tm=gtm002&Ver=2&mid=30b5cccb-86cc-4212-8bda-802fc4953947&sid=15f9334030a911eeb66b557ada9bfa34&vid=15f94e1030a911eeb909ff1c4a13fc8a&vids=0&msclkid=N&el=Submit%20lead%20form&gc=USD&tpp=1&ea=resource_lead&en=Y&p=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F&sw=1600&sh=1200&sc=24&evt=custom&rn=30421

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 01 Aug 2023 20:22:06 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CD273434F6424360BA5E92D32E33E860 Ref B: YMQ01EDGE0522 Ref C: 2023-08-01T20:22:07Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK visitWebPage
327-mnm-087.mktoresp.com/webevents/ 2 B
318 B 133ms
30ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://327-mnm-087.mktoresp.com/webevents/visitWebPage?_mchNc=1690921327474&_mchCn=&_mchId=327-MNM-087&_mchTk=_mch-sentinelone.com-1690921327473-57013&mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&_mchHo=www.sentinelone.com&_mchPo=&_mchRu=%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Fgo2.sentinelone.com%2F&_mchQp=mkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 20:22:07 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: fe40eae2-38cf-47d8-a813-c1ae38314190

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 13ms
12ms Image
image/gif 2607:f8b0:4020:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1938215163&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&dr=https%3A%2F%2Fgo2.sentinelone.com%2F&ul=en-us&de=UTF-8&dt=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABQAAAACAAI~&jid=&gjid=&cid=1946957608.1690921326&tid=UA-38175129-1&_gid=699274104.1690921327&gtm=45He37q0n71KGGXSJ&cd1=&cd2=&cd3=&cd4=Canada&cd5=&z=866564275

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 22:35:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 78413
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 188 B
385 B 27ms
24ms XHR
text/plain 34.193.114.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=_Cv1ULrV9dssq6yGX6-Dzw&is_js=true&landing_url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&t=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&tip=iFFEOYL1mAD9xrmdccBZnoFs0b4JfT49mve3338g_e8&host=https://www.sentinelone.com&sa-user-id-v3=s%253AAQAKIMoWf6VoWfgw-7seMZhUVwQdJdC-ky34E4hiGTT9mj4REHwYBCDu0qWmBjABOgRVNED5QgRj7Rey.OemTQH4rSmyRCG4U1xmpGWPyTS4Je0xNi%252BUL1ap9de0&sa-user-id-v2=s%253AfxwlYUubUiBvJ8uiP7oHl5U4mbc.xijfGHQGLtz0smDsj8RD8cmoR264IGy0d9u0T250xhc&sa-user-id=s%253A0-7f1c2561-4b9b-5220-6f27-cba23fba0797.qXB32z1ELwYcqpYKDeFkHu8qtPx%252BTWhIuZpz7HPJkM4
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.114.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-114-176.compute-1.amazonaws.com
Software: /
Resource Hash: 8d3a947d7fe69efcf09bfc94c8db4b03f3ebcca720c1accc3baa7633ad32417f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: https://www.sentinelone.com
date: Tue, 01 Aug 2023 20:22:07 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 188
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 235 B
432 B 28ms
25ms XHR
text/plain 34.193.114.176
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=_Cv1ULrV9dssq6yGX6-Dzw&is_js=true&landing_url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&t=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&tip=iFFEOYL1mAD9xrmdccBZnoFs0b4JfT49mve3338g_e8&host=https://www.sentinelone.com&sa_conv_data_Event%20Name=mkto.form.success&sa-user-id-v3=s%253AAQAKIMoWf6VoWfgw-7seMZhUVwQdJdC-ky34E4hiGTT9mj4REHwYBCDu0qWmBjABOgRVNED5QgRj7Rey.OemTQH4rSmyRCG4U1xmpGWPyTS4Je0xNi%252BUL1ap9de0&sa-user-id-v2=s%253AfxwlYUubUiBvJ8uiP7oHl5U4mbc.xijfGHQGLtz0smDsj8RD8cmoR264IGy0d9u0T250xhc&sa-user-id=s%253A0-7f1c2561-4b9b-5220-6f27-cba23fba0797.qXB32z1ELwYcqpYKDeFkHu8qtPx%252BTWhIuZpz7HPJkM4
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.193.114.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-193-114-176.compute-1.amazonaws.com
Software: /
Resource Hash: 8b7c6efafa337701190afab17bf559e615bf0f6a56c2a3c9b7ae04e6aab95eec

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: https://www.sentinelone.com
date: Tue, 01 Aug 2023 20:22:07 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 235
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 40ms
38ms Image
image/gif 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-38175129-1&cid=1946957608.1690921326&jid=198702963&_u=YADAAEAAQAAAACAAI~&z=132032505

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
107 B 38ms
37ms Image
image/gif 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-38175129-1&cid=1946957608.1690921326&jid=198702963&_u=YADAAEAAQAAAACAAI~&z=132032505

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

adsct
analytics.twitter.com/i/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=twtr
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_LEgw1Bqwl8Y13mSDx

43 B
116 B

114ms
106ms

Image
image/gif

104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_LEgw1Bqwl8Y13mSDx

Requested by

Protocol

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-response-time: 72
date: Tue, 01 Aug 2023 20:22:07 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 8b200ae9b2500bd7
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: cb121f0b32131db21fb41331cc5fb627e654445b4870738c2ea87a5ff6bf4c50
content-length: 43

Redirect headers

Location: https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_LEgw1Bqwl8Y13mSDx
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

204

sync
ups.analytics.yahoo.com/ups/58288/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=yah
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_LEgw1Bqwl8Y13mSDx&_origin=1
https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_LEgw1Bqwl8Y13mSDx&_origin=1&verify=true

0
121 B

27ms
27ms

Image
text/plain

34.200.65.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_LEgw1Bqwl8Y13mSDx&_origin=1&verify=true

Requested by

Protocol

Server

34.200.65.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-200-65-202.compute-1.amazonaws.com

Software

ATS/9.1.10.64 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.64
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58288/sync?uid=pa_LEgw1Bqwl8Y13mSDx&_origin=1&verify=true
date: Tue, 01 Aug 2023 20:22:07 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.64
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=opx
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_LEgw1Bqwl8Y13mSDx
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_LEgw1Bqwl8Y13mSDx

43 B
180 B

45ms
43ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_LEgw1Bqwl8Y13mSDx
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_LEgw1Bqwl8Y13mSDx
date: Tue, 01 Aug 2023 20:22:07 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=rbcn
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_LEgw1Bqwl8Y13mSDx

42 B
767 B

178ms
26ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_LEgw1Bqwl8Y13mSDx
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 19ea072139d67f7022c6e463249c998e
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_LEgw1Bqwl8Y13mSDx
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=goo
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfTEVndzFCcXdsOFkxM21TRHg
https://pixel-geo.prfct.co/cb?partnerId=goo

43 B
365 B

24ms
23ms

Image
image/gif

50.17.228.238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/cb?partnerId=goo
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: HTTP/1.1
Server: 50.17.228.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-17-228-238.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel-geo.prfct.co/cb?partnerId=goo
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
pixel-geo.prfct.co/seg/ 43 B
365 B 89ms
37ms Image
image/gif 50.17.228.238
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/seg/?add=4530935&source=js_tag&a_id=56252
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/?mkt_tok=MzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.17.228.238 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-17-228-238.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?t=2&add=4530935
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

43 B
843 B

19ms
19ms

Image
image/gif

68.67.160.117
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

Requested by

Protocol

Server

68.67.160.117 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
an-x-request-uuid: f9180c98-6e3e-4400-bca8-bc093ed7a861
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 149.56.153.183; 149.56.153.183; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
an-x-request-uuid: 4d4b500a-7861-4bdb-963b-6bd43c0a9ec4
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935
x-proxy-origin: 149.56.153.183; 149.56.153.183; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 31ms
31ms Stylesheet
text/css 2a02:6ea0:c454::1
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: BunnyCDN-NY1-885 /
Resource Hash: 36aeabf490693f214315f98655aa5e871863fb6e4827d5e51aa70ee4578efa64

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: br
cdn-edgestorageid: 885
perma-cache: HIT
cdn-storageserver: NY-266
cdn-cachedat: 07/31/2023 21:41:35
cdn-pullzone: 293267
last-modified: Mon, 31 Jul 2023 21:41:20 GMT
server: BunnyCDN-NY1-885
cdn-fileserver: 622
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64c82a80-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 9475e818bcd2ffcc94419de54278c545
cdn-requestcountrycode: CA
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 78190 Show response
api.omappapi.com/v2/embed/ 227 B
825 B 93ms
25ms XHR
application/json 13.225.195.97
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/78190?d=sentinelone.com
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.195.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-195-97.yul62.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: 5aa4142a40b5a1e0cdee8d5416c145c0e3d8b785254a566b5393069dcd2e0de8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
via: 1.1 90afcdb26518f969b68e124515efb74c.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: YUL62-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
content-length: 227
x-optinmonster-account: 87916
x-user-agent: standard--
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: Pagely Gateway/1.5.1
etag: "b91e5dc54e033e761837b7b846da520f"
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: vjqJ1bq0RIQA8bS9YH_fIh_nyMu-W-9VeUwUz2ObKHgTNd0bC9_qZg==
expires: Tue, 01 Aug 2023 20:11:37 GMT

GET
H3

200

/
www.google.ca/pagead/1p-conversion/970186784/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/?random=1488187158&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww....
https://www.google.com/pagead/1p-conversion/970186784/?random=1488187158&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblo...
https://www.google.ca/pagead/1p-conversion/970186784/?random=1488187158&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog...

42 B
64 B

45ms
45ms

Image
image/gif

2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-conversion/970186784/?random=1488187158&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&label=P7U6CJqLydsBEKDAz84D&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&value=0&auid=1695687676.1690921326&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJOE5xaXBnWVE2djd1b19UdnhQZDRFaVlBZVJjREotY21IeEl5N0FtU204Q3ZXMWk3aERTbGNqYnc4ejdHVml5cG96VFZSaTgwQkEaWENoQUk4TnFpcGdZUXVjckZtWnFwdkwwSUVpNEFyblg5Y0ZRUk9BX3hfZEFzZWlLNTBEQ1NsVUpJTHM0RmxVdDlpMlJjYWZZbFNjR3FTU084RE5PcnhUUTciEwip7sTopLyAAxW6C2gIHQAxAjs&is_vtc=1&ocp_id=b2nJZOn6HLqXoPMPgOKI2AM&cid=CAQSKQBpAlJWSFqv9GzcLom9kHpBKcEOrIXYDZib98y27UF1m6bQFbXBW_Q1&eitems=ChEI8NqipgYQ6Mj-nbmb14-oARIdAPLPfzdSg4jHTgkL_k0FweFFoJAMrEDzoXMSeDI&random=873637039&ipr=y

Requested by

Protocol

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.ca/pagead/1p-conversion/970186784/?random=1488187158&cv=11&fst=1690921327395&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&label=P7U6CJqLydsBEKDAz84D&hn=www.googleadservices.com&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&value=0&auid=1695687676.1690921326&uamb=0&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJOE5xaXBnWVE2djd1b19UdnhQZDRFaVlBZVJjREotY21IeEl5N0FtU204Q3ZXMWk3aERTbGNqYnc4ejdHVml5cG96VFZSaTgwQkEaWENoQUk4TnFpcGdZUXVjckZtWnFwdkwwSUVpNEFyblg5Y0ZRUk9BX3hfZEFzZWlLNTBEQ1NsVUpJTHM0RmxVdDlpMlJjYWZZbFNjR3FTU084RE5PcnhUUTciEwip7sTopLyAAxW6C2gIHQAxAjs&is_vtc=1&ocp_id=b2nJZOn6HLqXoPMPgOKI2AM&cid=CAQSKQBpAlJWSFqv9GzcLom9kHpBKcEOrIXYDZib98y27UF1m6bQFbXBW_Q1&eitems=ChEI8NqipgYQ6Mj-nbmb14-oARIdAPLPfzdSg4jHTgkL_k0FweFFoJAMrEDzoXMSeDI&random=873637039&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=*;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.sentine...
adservice.google.com/ddm/fls/z/ Frame 5FCC 42 B
401 B 95ms
38ms Image
image/gif 2607:f8b0:4020:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=*;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA

Requested by

Host: 13115870.fls.doubleclick.net
URL: https://13115870.fls.doubleclick.net/activityi;dc_pre=CMT4xuikvIADFZ5PDQodEEQOcg;src=13115870;type=pagev0;cat=reque0;ord=%5BSessionID%5D;auiddc=1695687676.1690921326;gtm=45fe37q0;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://13115870.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 300800713594069 Show response
connect.facebook.net/signals/config/ 378 KB
108 KB 20ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/300800713594069?v=2.9.120&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8acf3ab00d685fc3e58419fe36856d7417c7230d39d6058dbd92b5454641fe88

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 01 Aug 2023 20:22:07 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110304
x-xss-protection: 0
pragma: public
x-fb-debug: igdlagChQ+RGjyJUsN1Mq6n2ZDuhHTWkbHCofCKvezhV1Nu+F+NacfrDKYkmBq4nszxHVatyxvvi1oKVBjMSvQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga.js Show response
ga.clearbit.com/v1/ 4 KB
1 KB 271ms
192ms Script
application/javascript 54.235.212.140
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://ga.clearbit.com/v1/ga.js?authorization=pk_ed7b4bbadb390cf24ef37a1223019246

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.235.212.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-235-212-140.compute-1.amazonaws.com

Software

envoy /

Resource Hash

3b3c7778ba4e247b97d37e9559528c0f1524faf72de80d4312a322e5e2420d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-envoy-response-flags: -
server: envoy
x-api-version: 2018-03-28
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
x-account-id: 330680ff-f4de-4d19-81d4-375af65453c9

POST
H2 200 / Show response
sentry.io/api/1332833/envelope/ Frame 600E 2 B
292 B 82ms
55ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1332833/envelope/?sentry_key=b5158ee3382d49b28a864fb2b91bcaaf&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.11.1

Requested by

Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-4a9fb047a1bc69c7e0b6.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.qualified.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 01 Aug 2023 20:22:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 5.78b36768.min.js Show response
a.omappapi.com/app/js/ 16 KB
6 KB 27ms
27ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/5.78b36768.min.js
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: BunnyCDN-NY1-885 /
Resource Hash: 7680e45da3168c3240c3287c1f14af99ca941299901de2aae917a0f5c4d6a3d5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

cdn-storagebalancer: NY-427
date: Tue, 01 Aug 2023 20:22:07 GMT
content-encoding: br
cdn-edgestorageid: 885
perma-cache: HIT
cdn-storageserver: DE-164
cdn-cachedat: 07/31/2023 21:41:16
cdn-pullzone: 293267
last-modified: Mon, 31 Jul 2023 21:41:16 GMT
server: BunnyCDN-NY1-885
cdn-fileserver: 382
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64c82a7c-4140"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 8e53abbbd39edfb1d51199c18b3df49c
cdn-requestcountrycode: CA
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 39ms
38ms Image
image/gif 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-40-206.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:08 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 307303873637462 Show response
connect.facebook.net/signals/config/ 301 KB
86 KB 20ms
19ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/307303873637462?v=2.9.120&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

167fc3fd7b5bfe69ee8e0da9d0709092e8003dd76eee8d4f5a38e3eb09445c90

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 01 Aug 2023 20:22:08 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88173
x-xss-protection: 0
pragma: public
x-fb-debug: d25ca5Hku0MizoNvhe21kjJ8BeWQzKTAriTBl84VXHcJBHYptqGDx3u2whebLI1Bv2CbgjsmmzzCfFT5Vw2nfQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/462891735/ 42 B
64 B 59ms
58ms Image
image/gif 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/462891735/?random=1690921327081&cv=11&fst=1690920000000&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=157864637&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/462891735/ 42 B
64 B 39ms
38ms Image
image/gif 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/462891735/?random=1690921327081&cv=11&fst=1690920000000&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=157864637&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10940107324/ 42 B
64 B 54ms
53ms Image
image/gif 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10940107324/?random=1690921327064&cv=11&fst=1690920000000&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1362949070&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/10940107324/ 42 B
64 B 44ms
43ms Image
image/gif 2607:f8b0:4020:807::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/10940107324/?random=1690921327064&cv=11&fst=1690920000000&bg=ffffff&guid=ON&async=1&gtm=45be37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&ref=https%3A%2F%2Fgo2.sentinelone.com%2F&frm=0&tiba=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1362949070&rmt_tld=1&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 20:22:08 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 59ms
18ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=300800713594069&ev=PageView&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&rl=https%3A%2F%2Fgo2.sentinelone.com%2F&if=false&ts=1690921328089&sw=1600&sh=1200&v=2.9.120&r=stable&ec=0&o=30&fbp=fb.1.1690921328087.500099228&cs_est=true&it=1690921327604&coo=false&exp=a3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 01 Aug 2023 20:22:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 59ms
19ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=307303873637462&ev=PageView&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&rl=https%3A%2F%2Fgo2.sentinelone.com%2F&if=false&ts=1690921328091&sw=1600&sh=1200&v=2.9.120&r=stable&ec=0&o=30&fbp=fb.1.1690921328087.500099228&it=1690921327604&coo=false&exp=a3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 01 Aug 2023 20:22:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 59ms
20ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=300800713594069&ev=Lead&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&rl=https%3A%2F%2Fgo2.sentinelone.com%2F&if=false&ts=1690921328092&sw=1600&sh=1200&v=2.9.120&r=stable&ec=1&o=30&fbp=fb.1.1690921328087.500099228&it=1690921327604&coo=false&exp=a3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 01 Aug 2023 20:22:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 60ms
20ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=307303873637462&ev=Lead&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&rl=https%3A%2F%2Fgo2.sentinelone.com%2F&if=false&ts=1690921328093&sw=1600&sh=1200&v=2.9.120&r=stable&ec=1&o=30&fbp=fb.1.1690921328087.500099228&it=1690921327604&coo=false&exp=a3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 01 Aug 2023 20:22:08 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 27ms
26ms Stylesheet
text/css 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:08 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 1391
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
cf-ray: 7f00ca9caf37713e-YUL
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Thu, 31 Aug 2023 20:22:08 GMT

GET
H2 200 async-api.eaff3276-1.237.0.min.js Show response
js-agent.newrelic.com/ 3 KB
2 KB 39ms
10ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/async-api.eaff3276-1.237.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8d4da47114027ff57a58a951f696b85accd07259245949b4806f06b1d554e787

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: 1ymB4p.c1yc6RHY4ijeCprYRJPr_69el
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: GZ3W0BNJZRNR91Y7
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1381
x-amz-id-2: jVkKBfdhjdmrZtmYTO9mTNXiZpYmSzw13Xw1N5TSF84ikXVxJexP95z06Q5Hw49WCHEGtYp5bh8=
x-served-by: cache-yul12831-YUL
last-modified: Fri, 28 Jul 2023 14:14:23 GMT
server: AmazonS3
x-timer: S1690921328.201628,VS0,VE0
etag: "260be5c5aab613ade03ecfed443d2ab8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1623

GET
H2 200 860.50b8f759-1.237.0.min.js Show response
js-agent.newrelic.com/ 14 KB
6 KB 40ms
12ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/860.50b8f759-1.237.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8da6b43c23b0b0fe5be18f83ab780dd19c5db4582e811629389e809f696a4deb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: iLnQiLNrvJV3xSVJdLpWZiHUdIXRnObw
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: GZ3XB5FWQH8R4ERH
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 5458
x-amz-id-2: TWJDuXwzCbrRhkH9GiKj5+Y8i0qHM4jO1NAm+gumzZ6ARzRx6+6K2VXqwZ19Eh5LaS8XOpb0bgY=
x-served-by: cache-yul12831-YUL
last-modified: Fri, 28 Jul 2023 14:14:23 GMT
server: AmazonS3
x-timer: S1690921328.201884,VS0,VE0
etag: "0c388beda58f3d5726542825def65f77"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1625

GET
H2 200 session-manager.22036a2b-1.237.0.min.js Show response
js-agent.newrelic.com/ 1 KB
892 B 39ms
11ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/session-manager.22036a2b-1.237.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c902ff18c7858648be03999d4022c40d66ad694ae218ea4b1558e74703b854a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: oQhY2HXoIhDnZJfZMW0EdG29jt8NXFxv
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: GZ3MRACAFVA8J3A0
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 686
x-amz-id-2: KEeu2gp7LybsgmttlJt51EQ0B1EyRCveuKLWpDcQ9IdCUbmN9b7cAMC7R5Cv0dQ+9eIlULTlSRY=
x-served-by: cache-yul12831-YUL
last-modified: Fri, 28 Jul 2023 14:14:23 GMT
server: AmazonS3
x-timer: S1690921328.201760,VS0,VE0
etag: "a097cb2068fb2d63e521cacf139c921d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1503

GET
H2

200

/ Show response
match.adsrvr.org/track/upb/ Frame 7C70
Redirect Chain

https://insight.adsrvr.org/track/up?adv=vfu9xa7&ref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-...
https://match.adsrvr.org/track/upb/?adv=vfu9xa7&ref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-...

864 B
1 KB

29ms
27ms

Document
text/html

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/upb/?adv=vfu9xa7&ref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&upid=jskiafk&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 4f8c0928af63a46f66094fdfa81dcc2f623a759726a0f8d1a976dee38f6f43a3

Request headers

Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html; charset=utf-8
date: Tue, 01 Aug 2023 20:22:08 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

cache-control: private,no-cache, must-revalidate
content-type: text/html; charset=utf-8
date: Tue, 01 Aug 2023 20:22:08 GMT
location: https://match.adsrvr.org/track/upb/?adv=vfu9xa7&ref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&upid=jskiafk&upv=1.1.0
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/acaf2329-c613-4dbe-a651-1ed5a45c3762/ 268 B
802 B 192ms
175ms Fetch
application/json 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/acaf2329-c613-4dbe-a651-1ed5a45c3762/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151604

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1deada449ce1e720c36f2d1e638c588de0f889e078c3361eed0fdb67d1b08b50

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:08 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: e3747fc1-fbc8-4d62-a951-226ceb15b444
x-runtime: 0.041366
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"1deada449ce1e720c36f2d1e638c588d"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept, Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cf-ray: 7f00ca9d3e73ece6-YUL
access-control-allow-headers: SDK-Version

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 11ms
11ms Image
image/gif 2607:f8b0:4020:807::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1938215163&t=timing&_s=2&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&dr=https%3A%2F%2Fgo2.sentinelone.com%2F&ul=en-us&de=UTF-8&dt=Deconstructing%20PowerShell%20Obfuscation%20in%20Malspam%20Campaigns%20-%20SentinelOne&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=7192&pdt=19&dns=10&rrt=1&srt=3388&tcp=42&dit=5455&clt=5455&_gst=5512&_gbt=6167&_u=aDDAAEADQAAAACAAI~&jid=&gjid=&cid=1946957608.1690921326&tid=UA-38175129-1&_gid=699274104.1690921327&gtm=45He37q0n71KGGXSJ&z=1332827321

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 22:35:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 78414
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lazy-feature-loader.d2774909-1.237.0.min.js Show response
js-agent.newrelic.com/ 1 KB
864 B 11ms
11ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/lazy-feature-loader.d2774909-1.237.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8f51d7bb4a7314fbd42bd5a2cec23adcfd23441c6539c3437cac22bc10c285a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: tjqYv_BaMxEO0rtnfv83auNPWtkFKRmt
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: GZ3QR9GV7EXMSHT5
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 422
x-amz-id-2: rNoo9WZG2E+fiZcgh2EJDvF0Kaxbsyr32vlSE6IhgZ26vj7SkMc7jozeOVr0+knl/bJwrC+AY40=
x-served-by: cache-yul12831-YUL
last-modified: Fri, 28 Jul 2023 14:14:23 GMT
server: AmazonS3
x-timer: S1690921328.221425,VS0,VE0
etag: "e2a4dffecb3f725ca685cfc37cc223f8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1615

GET
H2 200 646.a8872fbe-1.237.0.min.js Show response
js-agent.newrelic.com/ 8 KB
4 KB 11ms
11ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/646.a8872fbe-1.237.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

176291a5736a54f442286a4eac22e5efc9acda566ce2b7f40e24f8a3e5886d7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: vysZ.fJHfPWTYpeiGcOzNajh2nlpoSLM
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: GZ3H04BMQ45N70FR
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3443
x-amz-id-2: VI9OPZi+49fqOiU9OGbqZQMUp9abAD6+mzxYin5fWWWhLev3YNkk0DgeDq0tLc8XjaGwNJPeeN4=
x-served-by: cache-yul12831-YUL
last-modified: Fri, 28 Jul 2023 14:14:23 GMT
server: AmazonS3
x-timer: S1690921328.234070,VS0,VE0
etag: "8b04d6790219cada197b3494d5e8ad32"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1608

GET
H2 200 page_view_event-aggregate.e765729e-1.237.0.min.js Show response
js-agent.newrelic.com/ 11 KB
4 KB 11ms
11ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/page_view_event-aggregate.e765729e-1.237.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d9ef96552025e7ad4f47bf61301e834c87f43725506d7a3b032cb0688f32f5a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: owi41NUUJTxx2ENsuUqiNsaGo4482gdA
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: GZ3SM38WGWFEYYYG
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 4293
x-amz-id-2: K72fT4bV/Gw5Qf6rUcenXEAu1wsOoNYqy4qHHMmLIfHbhGMQK9wehMt9ADa3+OitLp6C4c+7BrY=
x-served-by: cache-yul12831-YUL
last-modified: Fri, 28 Jul 2023 14:14:23 GMT
server: AmazonS3
x-timer: S1690921328.234620,VS0,VE0
etag: "4075d536db0f61644ecf1bccb23f402a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1611

GET
H2 200 page_view_timing-aggregate.d72a908a-1.237.0.min.js Show response
js-agent.newrelic.com/ 15 KB
6 KB 11ms
11ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/page_view_timing-aggregate.d72a908a-1.237.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

39fcde77d12d7f7f6da0dcc009ef70f147308e09bb921909bd832094e11f445d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: BPVCT8a__72mJzIBsm8PIhQqzFahlY5v
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: GZ3KXTXCH386HKY4
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 5636
x-amz-id-2: d4njJoDHa981I0kGJiXu71A56+/hbRU9moQSRPgwqw8QIXlFcCVX2hPbcLpYgLw7s6kRpOK4Igg=
x-served-by: cache-yul12831-YUL
last-modified: Fri, 28 Jul 2023 14:14:23 GMT
server: AmazonS3
x-timer: S1690921328.235066,VS0,VE0
etag: "89b02c1d3af3af91f3a24a0fcb8986e3"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 1611

GET
H2 200 metrics-aggregate.0d982f48-1.237.0.min.js Show response
js-agent.newrelic.com/ 8 KB
3 KB 12ms
12ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/metrics-aggregate.0d982f48-1.237.0.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2b056f0d2f2496923f55eb71e14133b6749869de6f63b7a6df966b2f3fadc98b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: IxiUMjmc_8MD5UB0bTapFO3Bom2BYnP4
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: 7W6RY1JVAY6BKPSS
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2990
x-amz-id-2: R4tnCPamnAJhrLRDkgnkcou0bYZBxlDUdinwgxaKF2p/7piMMi4Phx8up0moHd6Xdu1nySU4g9U=
x-served-by: cache-yul12831-YUL
last-modified: Fri, 28 Jul 2023 14:14:23 GMT
server: AmazonS3
x-timer: S1690921328.235481,VS0,VE0
etag: "e7324ec62d4d134a4ae02f34508010aa"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11134

POST
H/1.1 200
OK NRJS-7f7a0b93139dcf56f90 Show response
bam.nr-data.net/1/ 40 B
468 B 167ms
81ms XHR
text/plain 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-7f7a0b93139dcf56f90?a=773889139&v=1.237.0&to=ZlwDMkMCWxJQUkdYXF8WIAVFCloPHkJaX1RdXA%3D%3D&rst=7272&ck=0&s=386657bebaf477e2&ref=https://www.sentinelone.com/blog/deconstructing-powershell-obfuscation-in-malspam-campaigns/&ap=1249&be=3442&fe=3754&dc=2040&at=ShsARAsYSBw%3D&perf=%7B%22timing%22:%7B%22of%22:1690921320973,%22n%22:0,%22f%22:1,%22dn%22:2,%22dne%22:12,%22c%22:12,%22s%22:28,%22ce%22:54,%22rq%22:54,%22rp%22:3442,%22rpe%22:3461,%22di%22:5455,%22ds%22:5455,%22de%22:5482,%22dc%22:7190,%22l%22:7192,%22le%22:7196%7D,%22navigation%22:%7B%7D%7D&fp=5176&fcp=5176
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d

Request headers

Referer: https://www.sentinelone.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
content-type: text/plain

Response headers

Date: Tue, 01 Aug 2023 20:22:08 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.sentinelone.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7f00ca9e19bf36a2-YYZ
Content-Length: 40

GET
H/1.1 200
OK universal_pixel.1.1.0.js Show response
js.adsrvr.org/ Frame 7C70 488 B
1 KB 11ms
11ms Script
application/x-javascript 3.161.209.109

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/universal_pixel.1.1.0.js
Requested by: Host: match.adsrvr.org
URL: https://match.adsrvr.org/track/upb/?adv=vfu9xa7&ref=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&upid=jskiafk&upv=1.1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.161.209.109 , United States, ASN (),
Reverse DNS: server-3-161-209-109.yul62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 484ef4268f1d679c1ae88c06fc2388d39afc441465732617e5e2cdc2e3d418e2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://match.adsrvr.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 05:03:38 GMT
Via: 1.1 05515d3ee39ade93c9eed3120029b212.cloudfront.net (CloudFront)
Last-Modified: Thu, 20 Jul 2023 21:17:30 GMT
Server: AmazonS3
X-Amz-Cf-Pop: YUL62-P1
Age: 55111
x-amz-server-side-encryption: AES256
ETag: "2775054c068b37509e0798448f7fd32c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 488
X-Amz-Cf-Id: vN2gyKYw9wSX6fL45VrWHp105dQLkP6kaj4IecAdfiCqzJi9F_m00A==

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame FCD2
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6

0
0

78ms
23ms

Document
text/plain

52.71.200.83
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/universal_pixel.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.71.200.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-71-200-83.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://match.adsrvr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private, no-cache, no-store
date: Tue, 01 Aug 2023 20:22:08 GMT
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-request-time: D=28 t=1690921328
x-served-by: beacon-n007-ash-prod.krxd.net

Redirect headers

content-length: 0
date: Tue, 01 Aug 2023 20:22:08 GMT
location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
x-age: 0
x-cache: MISS
x-cache-hits: 0
x-served-by: usermatch-a013-ash-prod.krxd.net

GET
H2

200

generic Show response
match.adsrvr.org/track/cmf/ Frame 10C5
Redirect Chain

https://dpm.demdex.net/ibs:dpid=903&dpuuid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam

70 B
571 B

26ms
26ms

Document
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/universal_pixel.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://match.adsrvr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Tue, 01 Aug 2023 20:22:08 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
DCS: dcs-prod-va6-1-v049-03a19aa8e.edge-va6.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: SLqf0EiaS5w=

GET
H2

200

appnexus Show response
match.adsrvr.org/track/cmf/ Frame D5EE
Redirect Chain

https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=6920430625960981827&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6

70 B
571 B

25ms
25ms

Document
image/gif

15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=6920430625960981827&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/universal_pixel.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://match.adsrvr.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Tue, 01 Aug 2023 20:22:08 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: 19739556-1885-47b6-abb0-e25c90c76bd2
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 01 Aug 2023 20:22:08 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=6920430625960981827&ttd_tdid=8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.21.3
x-proxy-origin: 149.56.153.183; 149.56.153.183; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H2 200 v2YIX3gQ6moCsoRYtalA_apple-touch-icon.png
img.onesignal.com/permanent/00b53cc8-e3cf-4d2d-bbf3-1986e3d59095/ 2 KB
2 KB 64ms
50ms Image
image/png 2606:4700::6812:d63b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.onesignal.com/permanent/00b53cc8-e3cf-4d2d-bbf3-1986e3d59095/v2YIX3gQ6moCsoRYtalA_apple-touch-icon.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a643e2fcf834dce892b4f2844cab6db03148dea4523223816742f43077e4572d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-goog-encryption-kms-key-name: projects/core-infra-onesignal/locations/europe-west4/keyRings/keyring-kms-onesignal/cryptoKeys/img-persistence-bucket-onesignal/cryptoKeyVersions/1
date: Tue, 01 Aug 2023 20:22:08 GMT
strict-transport-security: max-age=15552000; includeSubDomains
cf-cache-status: HIT
cf-polished: origSize=4820, status=vary_header_present
x-guploader-uploadid: ADPycduuooikDxxHZ0TVrOeG7tBhtC_56NZOhwJ82MVyJ0nww3vwNkR-QLY-xcwawzDDgE_hfcCPqCeFSXuOfYlQLL29kg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 1830
pragma: no-cache
cf-bgj: imgq:85,h2pri
last-modified: Mon, 22 May 2023 20:49:17 GMT
server: cloudflare
etag: "-CLTLg7zmif8CEAE="
vary: Origin, Accept-Encoding
x-goog-generation: 1684788557702580
content-type: image/png
x-goog-hash: crc32c=menOhw==, md5=+95Zp3W01opqou09atAbPQ==
cache-control: public, max-age=2678400
x-goog-stored-content-length: 4820
accept-ranges: bytes
cf-ray: 7f00ca9e780e4bb9-YUL
expires: Fri, 01 Sep 2023 20:22:08 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 5B70 0
52 B 19ms
18ms Document
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.sentinelone.com
Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.sentinelone.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 01 Aug 2023 20:22:08 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 5A81 0
31 B 25ms
24ms Document
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.sentinelone.com
Referer: https://www.sentinelone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.sentinelone.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 01 Aug 2023 20:22:08 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 test Show response
cdn.abrankings.com/ 2 B
421 B 178ms
155ms XHR
application/json 2600:9000:26a0:6e00:11:8a36:7200:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.abrankings.com/test?url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F&abr_id=1280
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a0:6e00:11:8a36:7200:93a1 , United States, ASN (),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-my-header: my-header-content
date: Tue, 01 Aug 2023 20:22:08 GMT
content-encoding: gzip
via: 1.1 09a1b8b4052fdbde9561c3a648dc72bc.cloudfront.net (CloudFront)
server: nginx/1.20.1
x-amz-cf-pop: YUL62-P2
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-cache: Miss from cloudfront
cache-control: max-age=60, public
x-amz-cf-id: 7nu6GT2jHMYfCpGSqiYezU-X2eHZQ2UsOMXGG1PvFQnByTGfqx97Xg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 82ms
81ms Image
image/gif 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-40-206.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:09 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 291ms
291ms Image
image/gif 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-40-206.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:10 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 517ms
516ms Image
image/gif 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-40-206.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:11 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 40ms
39ms Image
image/gif 23.33.40.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.40.206 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-40-206.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 20:22:12 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

205 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

72 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.go2.sentinelone.com/	1970-01-20 13:42:03	Name: __cf_bm Value: 7gjdFpFOudrwslvXwWWo.lGJuBsYYMv4g_8zEMCIwMw-1690921320-0-AVrXaXu7smhMnkF0dH3wNaLX3xcg8+Up1tPxs9oxiUxFJeGA8QkNqEM48o3bU2LHVSQXuWcoP6yTJqYPpCRXFTE=
.go.sentinelone.com/	1970-01-20 13:42:03	Name: __cf_bm Value: X.6H_L4gr555m2gnFVR3bj_WTnJ_n1ffaHDUv4vg2Jo-1690921324-0-AWKgIbilnJtJUi+ZSDDYtxFyNWLSmU/I7uYxrmjRuTG67xE5twxMmr6b6nshfzWzoHNce2Cb31OirZX50SP05+w=
.onesignal.com/	1970-01-20 13:42:03	Name: __cf_bm Value: 8FOk6CBjN_NIaGcwZR60Qut9US_l.Z.Jr8lzqu2gk7c-1690921326-0-Aco+Sm8JV2hT4Mb6OYF0d3vB2yqTV/yckKQ7NNpJ53VgZyzQE76z378DhBGEelRh8LT/HTGjik9LFIRSvaCgb24=
.sentinelone.com/	1970-01-20 23:18:01	Name: _ga_KJPGLC9EVP Value: GS1.1.1690921326.1.0.1690921326.0.0.0
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: mDWWgFFDxws
.youtube.com/	1970-01-20 18:01:13	Name: VISITOR_INFO1_LIVE Value: UrHk7yaLSRE
.sentinelone.com/	1970-01-20 22:27:37	Name: ajs_anonymous_id Value: 2ac1be20-f9c8-4add-a40d-c6dd256338b6
.sentinelone.com/	1970-01-20 23:18:01	Name: __q_state_ZQoyHXFTqngPcfcB Value: eyJ1dWlkIjoiYzQwNWUyOWUtZmUyNS00YmUxLThjYWYtZjhmN2Q5ODA5NzUyIiwiY29va2llRG9tYWluIjoic2VudGluZWxvbmUuY29tIn0=
.sentinelone.com/	1970-01-20 15:51:37	Name: _gcl_au Value: 1.1.1695687676.1690921326
.linkedin.com/	1970-01-20 15:51:37	Name: li_sugr Value: 758bb565-562e-4edd-a05b-13cdd0cc1bca
.linkedin.com/	1970-01-20 22:27:37	Name: bcookie Value: "v=2&46ffa126-dcba-4ffd-840a-6a869333494a"
.linkedin.com/	1970-01-20 13:43:27	Name: lidc Value: "b=VGST01:s=V:r=V:a=V:p=V:g=2964:u=1:x=1:i=1690921326:t=1691007726:v=2:sig=AQF_pFlRujZ_xWiZ9dAG3dL1ZLRpgsa8"
tags.srv.stackadapt.com/	1970-01-20 22:27:37	Name: sa-user-id Value: s%3A0-7f1c2561-4b9b-5220-6f27-cba23fba0797.qXB32z1ELwYcqpYKDeFkHu8qtPx%2BTWhIuZpz7HPJkM4
.srv.stackadapt.com/	1970-01-20 22:27:37	Name: sa-user-id Value: s%3A0-7f1c2561-4b9b-5220-6f27-cba23fba0797.qXB32z1ELwYcqpYKDeFkHu8qtPx%2BTWhIuZpz7HPJkM4
tags.srv.stackadapt.com/	1970-01-20 22:27:37	Name: sa-user-id-v2 Value: s%3AfxwlYUubUiBvJ8uiP7oHl5U4mbc.xijfGHQGLtz0smDsj8RD8cmoR264IGy0d9u0T250xhc
.srv.stackadapt.com/	1970-01-20 22:27:37	Name: sa-user-id-v2 Value: s%3AfxwlYUubUiBvJ8uiP7oHl5U4mbc.xijfGHQGLtz0smDsj8RD8cmoR264IGy0d9u0T250xhc
tags.srv.stackadapt.com/	1970-01-20 22:27:37	Name: sa-user-id-v3 Value: s%3AAQAKIMoWf6VoWfgw-7seMZhUVwQdJdC-ky34E4hiGTT9mj4REHwYBCDu0qWmBjABOgRVNED5QgRj7Rey.OemTQH4rSmyRCG4U1xmpGWPyTS4Je0xNi%2BUL1ap9de0
.srv.stackadapt.com/	1970-01-20 22:27:37	Name: sa-user-id-v3 Value: s%3AAQAKIMoWf6VoWfgw-7seMZhUVwQdJdC-ky34E4hiGTT9mj4REHwYBCDu0qWmBjABOgRVNED5QgRj7Rey.OemTQH4rSmyRCG4U1xmpGWPyTS4Je0xNi%2BUL1ap9de0
www.sentinelone.com/	1970-01-20 13:43:27	Name: ln_or Value: eyI0MzI4OTAiOiJkIn0%3D
.linkedin.com/	1970-01-20 14:25:13	Name: UserMatchHistory Value: AQIF_CnYkiSF-wAAAYmyw9kEaerWMavM0JN5C4_FtbmWf5nSQHnDF-h-GTvXmKk4b_bZznRsphxeJA
.linkedin.com/	1970-01-20 14:25:13	Name: AnalyticsSyncHistory Value: AQL4jKKDoLQEEwAAAYmyw9kE6hUjD4kKXS-GNhzPYRUwgE6YfGu0PKbPLiZPK-Xz3N_rMCuCmHxV7608DCUUsg
.sentinelone.com/	1970-01-20 15:51:37	Name: _rdt_uuid Value: 1690921326899.6c2a2c11-dc34-48ed-9e17-a9cc20747248
.sentinelone.com/	1970-01-20 22:20:25	Name: bf_lead Value: 1fbpo9af54d000
www.sentinelone.com/	1970-01-20 23:18:01	Name: _gd_visitor Value: 0e2fcf5d-69ad-4c79-8cbb-500ebb9515f3
www.sentinelone.com/	1970-01-20 13:42:15	Name: _gd_session Value: f6844352-9025-469c-8a89-750c7e66c49c
www.sentinelone.com/	1970-01-20 22:27:37	Name: sa-user-id Value: s%253A0-7f1c2561-4b9b-5220-6f27-cba23fba0797.qXB32z1ELwYcqpYKDeFkHu8qtPx%252BTWhIuZpz7HPJkM4
www.sentinelone.com/	1970-01-20 22:27:37	Name: sa-user-id-v2 Value: s%253AfxwlYUubUiBvJ8uiP7oHl5U4mbc.xijfGHQGLtz0smDsj8RD8cmoR264IGy0d9u0T250xhc
www.sentinelone.com/	1970-01-20 22:27:37	Name: sa-user-id-v3 Value: s%253AAQAKIMoWf6VoWfgw-7seMZhUVwQdJdC-ky34E4hiGTT9mj4REHwYBCDu0qWmBjABOgRVNED5QgRj7Rey.OemTQH4rSmyRCG4U1xmpGWPyTS4Je0xNi%252BUL1ap9de0
.6sc.co/	1970-01-20 23:18:01	Name: 6suuid Value: 0e85d81787f902006f69c9641700000099d20300
.prfct.co/	1970-01-20 23:18:01	Name: pa_uid Value: pa_LEgw1Bqwl8Y13mSDx
.www.linkedin.com/	1970-01-20 22:27:37	Name: bscookie Value: "v=1&202308012022071a1968e2-ea5f-435b-83cb-ee4c8cef22c9AQE2Ectcz1zoPN-W0CNNOsNrpgRKH0ib"
go.sentinelone.com/	1969-12-31 23:59:59	Name: BIGipServerab14web-nginx-app_https Value: !gNPatvrFqSxQM5akCIQPm+cqSAXSEWmH0iVV8CUIFlyCNlRBp+HKzwGDZzmS0IC0XPKOLbg9euV5GEQ=
.twitter.com/	1970-01-20 23:18:01	Name: guest_id_marketing Value: v1%3A169092132708775693
.twitter.com/	1970-01-20 23:18:01	Name: guest_id_ads Value: v1%3A169092132708775693
.twitter.com/	1970-01-20 23:18:01	Name: personalization_id Value: "v1_lykLPBRzHWI0amKLJnmXgw=="
.twitter.com/	1970-01-20 23:18:01	Name: guest_id Value: v1%3A169092132708775693
.bing.com/	1970-01-20 23:03:37	Name: MUID Value: 07A811856A4468F805B502E56B7F69DA
.bat.bing.com/	1970-01-20 13:52:06	Name: MR Value: 0
.sentinelone.com/	1970-01-20 23:18:01	Name: _ga Value: GA1.2.1946957608.1690921326
.sentinelone.com/	1970-01-20 13:43:27	Name: _gid Value: GA1.2.699274104.1690921327
.sentinelone.com/	1970-01-20 13:42:01	Name: _gat_UA-38175129-1 Value: 1
.t.co/	1970-01-20 23:18:01	Name: muc_ads Value: 98f9c258-a505-41e9-ac8f-5a625ed7f6ab
.sentinelone.com/	1970-01-20 22:27:37	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Tue+Aug+01+2023+20%3A22%3A07+GMT%2B0000+(GMT)&version=6.23.0&hosts=&landingPath=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdeconstructing-powershell-obfuscation-in-malspam-campaigns%2F%3Fmkt_tok%3DMzI3LU1OTS0wODcAAAGNPN1Ucgy-VdCBfIcdbBp92QhNRaOnoz4LigQbg3kNCGDDBZlqcQvngqX9zIE1poPT3_zViBM4Esh8etDAjgkbj41Qh-lVYTliO_tLcpGeP0iDUA&groups=C0003%3A1%2CC0001%3A1%2CC0002%3A1%2CC0004%3A1
.sentinelone.com/	1970-01-20 13:43:27	Name: _uetsid Value: 15f9334030a911eeb66b557ada9bfa34
.sentinelone.com/	1970-01-20 23:03:37	Name: _uetvid Value: 15f94e1030a911eeb909ff1c4a13fc8a
.sentinelone.com/	1970-01-20 23:18:01	Name: _mkto_trk Value: id:327-MNM-087&token:_mch-sentinelone.com-1690921327473-57013
.sentinelone.com/	1970-01-20 22:27:37	Name: _hjSessionUser_2714452 Value: eyJpZCI6IjY1YjNlZTM3LTMwMmUtNTVmMS1hM2Q1LWIwZDk2NzE0YzhjNSIsImNyZWF0ZWQiOjE2OTA5MjEzMjc1MjEsImV4aXN0aW5nIjpmYWxzZX0=
.sentinelone.com/	1970-01-20 13:42:03	Name: _hjFirstSeen Value: 1
.sentinelone.com/	1970-01-20 13:42:01	Name: _hjIncludedInSessionSample_2714452 Value: 1
.sentinelone.com/	1970-01-20 13:42:03	Name: _hjSession_2714452 Value: eyJpZCI6ImQ4ZGZmMWE3LWU5MGQtNGMzNy1hNGU5LWI1YjAzMjIxZjQ5ZSIsImNyZWF0ZWQiOjE2OTA5MjEzMjc1MzMsImluU2FtcGxlIjp0cnVlfQ==
.sentinelone.com/	1970-01-20 13:42:03	Name: _hjAbsoluteSessionInProgress Value: 0
www.sentinelone.com/	1970-01-20 23:18:01	Name: _omappvp Value: g0bmRryJsQVujWus2MxhLlIFqpz5sRJqqXgsrVGbCg3AedVRDO7pUpHNSNTwFdqiPpD4zTQKCTu1R5jeorSPRUMCU0DUExej
www.sentinelone.com/	1970-01-20 13:42:02	Name: _omappvs Value: 1690921327578
.prfct.co/	1970-01-20 23:18:01	Name: pa_twitter_ts Value: 1690921327574
.prfct.co/	1970-01-20 23:18:01	Name: pa_yahoo_ts Value: 1690921327622
.prfct.co/	1970-01-20 23:18:01	Name: pa_openx_ts Value: 1690921327622
.prfct.co/	1970-01-20 23:18:01	Name: pa_rubicon_ts Value: 1690921327625
.prfct.co/	1970-01-20 23:18:01	Name: pa_google_ts Value: 1690921327626
.adnxs.com/	1970-01-20 15:51:37	Name: uuid2 Value: 6920430625960981827
.openx.net/	1970-01-20 22:27:37	Name: i Value: 14d00461-17d2-40ee-bcbe-4ecbf6ae082b\|1690921327
.yahoo.com/	1970-01-20 22:27:58	Name: A3 Value: d=AQABBG9pyWQCECZFnJHNKjYoMqeZg3oOq4kFEgEBAQG6ymTTZCXcxyMA_eMAAA&S=AQAAAji4jsuJWh6vu0BRIffCZ4o
.rubiconproject.com/	1970-01-20 22:27:37	Name: khaos Value: LKSQWERU-1D-B0O2
.rubiconproject.com/	1970-01-20 22:27:37	Name: audit Value: 1\|3JgnQ4HYvcduIqt7P1p/d0WjjxoVtkiciWgEOVLJQhceECEUBMheihvBGrbRa4pZ96Y58aEIOCkwHTRO1/p4iDvuRZYW07kLtCXKhHKxoTMQJ/lsxT5G5TI6m2GwvSZBQYIATU3A0QVXe+OzLBc+DPfEwvYdhHTcxbm2+rnzsMyyqVI1k5poNA==
.doubleclick.net/	1970-01-20 23:18:01	Name: IDE Value: AHWqTUnb3anhzPzCVUu1WAIFl_PUIwaXZyaFIQWXxLwKMjYInieXOAxS67UozXqG
.adnxs.com/	1970-01-20 15:51:37	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E>@q33zi!]tbP6j2F-XstGt!@Dj>$qJ_(
.analytics.yahoo.com/	1970-01-20 22:27:37	Name: IDSYNC Value: 18z4~2d3w
.sentinelone.com/	1970-01-20 15:51:37	Name: _fbp Value: fb.1.1690921328087.500099228
.adsrvr.org/	1970-01-20 22:29:03	Name: TDID Value: 8d6c3c6e-8e23-459f-b6ae-77c190d06bd6
.demdex.net/	1970-01-20 18:01:13	Name: demdex Value: 65246159527275590140899074635142593902
.dpm.demdex.net/	1970-01-20 18:01:13	Name: dpm Value: 65246159527275590140899074635142593902
.krxd.net/	1970-01-20 18:01:13	Name: _kuid_ Value: PtbECQ7U
.adsrvr.org/	1970-01-20 22:29:03	Name: TDCPM Value: CAESEwoEa3J1eBILCOqgt7LgtYk8EAUSEgoDYWFtEgsI6qC3suC1iTwQBRIXCghhcHBuZXh1cxILCNLfsrPgtYk8EAUYBSACKAMyCwjqmLrf9rWJPBAFOAFCBCICCAFaB3ZmdTl4YTdgAQ..

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU= Message: The Content-Security-Policy directive name 'form-action:'none'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.
security	error	URL: https://go2.sentinelone.com/MzI3LU1OTS0wODcAAAGNPN1UcqOjm3ZMFuzxRNj1guS1Ck84a8XwXUKNpQkhCTDHxZ7YeAFNEXiVuvKlhjj0LeL9ItU= Message: The Content-Security-Policy directive name 'frame-src:'none'' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; img-src 'self';script-src 'self' 'sha256-Td0jYLzxf2qc1PrmXWdSlLssXYrvbCBejchyBsZIXyw=';object-src 'none';form-action:'none';frame-src:'none'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

13115870.fls.doubleclick.net
327-mnm-087.mktoresp.com
a.omappapi.com
a.quora.com
adservice.google.com
alb.reddit.com
analytics.twitter.com
api.brightfunnel.com
api.omappapi.com
app.qualified.com
assets.qualified.com
b.6sc.co
bam.nr-data.net
bat.bing.com
beacon.krxd.net
c.6sc.co
cdn.abrankings.com
cdn.calibermind.com
cdn.cookielaw.org
cdn.linkedin.oribi.io
cdn.onesignal.com
cloud.typography.com
cm.g.doubleclick.net
collector-5527.tvsquared.com
connect.facebook.net
dpm.demdex.net
e.calibermind.com
epsilon.6sense.com
fonts.googleapis.com
fonts.gstatic.com
ga.clearbit.com
geolocation.onetrust.com
go.sentinelone.com
go2.sentinelone.com
googleads.g.doubleclick.net
ib.adnxs.com
img.onesignal.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
js.adsrvr.org
js.qualified.com
match.adsrvr.org
munchkin.brightfunnel.com
munchkin.marketo.net
onesignal.com
pixel-geo.prfct.co
pixel.rubiconproject.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.quora.com
script.hotjar.com
secure.adnxs.com
sentry.io
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tag.marinsm.com
tags.srv.stackadapt.com
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
www.clickcease.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
www.redditstatic.com
www.sentinelone.com
www.youtube.com
104.17.71.206
104.17.72.206
104.244.42.133
104.244.42.3
104.26.3.18
104.66.122.159
104.77.252.113
13.107.42.14
13.225.195.97
146.75.28.157
15.197.193.217
151.101.1.140
151.101.128.65
151.101.130.137
162.159.152.17
162.247.241.14
172.217.13.134
172.217.13.194
172.217.13.98
18.232.216.40
192.28.144.124
23.33.40.206
2600:1400:d::1721:ee69
2600:141b:13::17d7:82b9
2600:9000:269f:8200:2:53b2:240:93a1
2600:9000:26a0:6e00:11:8a36:7200:93a1
2600:9000:26a0:9000:15:a0d3:77c0:93a1
2606:4700:3031::ac43:d595
2606:4700:3037::6815:2d74
2606:4700::6812:1005
2606:4700::6812:1105
2606:4700::6812:1d26
2606:4700::6812:a972
2606:4700::6812:d63b
2607:f8b0:4004:c19::9c
2607:f8b0:4020:804::2002
2607:f8b0:4020:804::2003
2607:f8b0:4020:804::2008
2607:f8b0:4020:805::2002
2607:f8b0:4020:805::2004
2607:f8b0:4020:806::200e
2607:f8b0:4020:807::2003
2607:f8b0:4020:807::200a
2607:f8b0:4020:807::200e
2620:1ec:21::14
2620:1ec:c11::200
2a02:6ea0:c454::1
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:400::396
3.161.209.109
3.161.213.15
3.162.3.117
3.162.3.9
3.162.3.96
34.193.114.176
34.200.65.202
34.98.64.218
35.186.247.156
44.199.114.142
50.17.228.238
52.212.193.58
52.4.10.49
52.71.200.83
54.211.223.24
54.235.212.140
54.83.175.63
68.67.160.117
69.173.151.100
012743d9f8e3a8cb9fd4a9466aa2eb026a53d446d530d60440463e555ad0fc87
04016017106740a0c449a2dc33655f441bbc2b48e1bfd633be8cec5ee15b8984
04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c
0da08befe5a68eec43e1e5598ae8f09c574234a20c164c52c16ed0938712ca5e
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
167fc3fd7b5bfe69ee8e0da9d0709092e8003dd76eee8d4f5a38e3eb09445c90
176291a5736a54f442286a4eac22e5efc9acda566ce2b7f40e24f8a3e5886d7e
181fa10be49f875d78816391e202c05f90be6b0d5597edc25f524b1183e434e6
1889a166868ccca5314e22186fc416f938410c12de89464630e1404e07fd702c
1c483a1caf094b8e3a922a5773e342df31d68ef351f6b35af4bbac9dd0aefcdd
1deada449ce1e720c36f2d1e638c588de0f889e078c3361eed0fdb67d1b08b50
1ee6321fadd1f1471732c38d5965e5bc125d5da86d1a769f506d4bbc752d1331
1f1b053798feca0d6310c9f463fa883f374d4ad73d5cc54e4d1160762a87ca96
217e86bb45741e9d750012d94982ab4f69aa9376b60ac4ce981e0d98ff40e462
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
29c70ae16647587eedbdb67369f0e3b1c540d7b0e898ca078c77200e80fc6d0c
2b056f0d2f2496923f55eb71e14133b6749869de6f63b7a6df966b2f3fadc98b
2c0acfe92bc20d979783734b005cff60a4ab23c55194c032c01aa4de6042e136
2c2e536e48d182cd9d0474389cf14c4a8d58e02dd21c5c9875be8e141b3e1537
2c578d926fdfe6ce7705890158ad92c540851b1216572751d99eb84e5b32f890
2ee6fdf3d0f4d826380054030e5a9fd6fc8c451d9fe28123f1d76e632332e659
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
3109fef8b2a9ab71fca698483d2bae36d8fed772517c259dacce872e739bb690
318c61b55db791b395ff4b675c520c3947692ec0d855d976f33295ff4a9073f5
3229ca2228578c18cb365b9d7d9d5bb84d9070ac42ddfc14570943546c3afaf3
3302b8fa7dc8d62e1758af8ae584b8fc91d489e44d3e32485d41c0fc93f439f6
3550d561a393ccafea62d645022c2dee99a478b65c01f518660ea54347b370c4
36aeabf490693f214315f98655aa5e871863fb6e4827d5e51aa70ee4578efa64
39fcde77d12d7f7f6da0dcc009ef70f147308e09bb921909bd832094e11f445d
3b3c7778ba4e247b97d37e9559528c0f1524faf72de80d4312a322e5e2420d65
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
465fbbe061ded3f9db8f40dbc772ef2470c3109be30cf9bdc60d153cdf4ee3c8
484ef4268f1d679c1ae88c06fc2388d39afc441465732617e5e2cdc2e3d418e2
48e2fe28b8bcedee572ee23f3a1e447f90560494b097777616415ace709f4ef8
49f1fe168324ed0f76fbbab536b991c992296cd48da5ce9dd8bc8ea55e2ef946
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f7b89695827926507fa8e0b19001e189f3bf7759e9c2b1e24eb06bdbcf98c62
4f8c0928af63a46f66094fdfa81dcc2f623a759726a0f8d1a976dee38f6f43a3
4f9687af855e3702920c9feedcf07596807bf43bcd8de0b543ffee66f98e1a22
516cbc569d4e8f15ac7917f186a911d85fd0aaca2d0ca074a6583e95486af856
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
545ce5917bd0857110304d9c156a2e1e9f066584e984c69b02485b8c96589b43
5466092ef0deb16007dc2e8e61eb345b380ab6663bd3ef41808ffb7360abd61a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5aa4142a40b5a1e0cdee8d5416c145c0e3d8b785254a566b5393069dcd2e0de8
5ba7b37c4437d1d48c96d428d4434269c1cefb6956ab396dd2c640340fea07fe
5c6f013930ce9b2ab70fd3390b73e695090f7d57468f155891317618187f7919
60f4893aeccee80d922be14d7aebb526a19c775ebe54df72282870891ef59b3a
6435ed7ffc6e90262f5b72fbeeb5f2eba5322d735c016d6fb60243d169434a2c
64ca0467fb4d0b14d0d403291c23dcf391c1a7a908307b094ddf6c978960f4e8
64d117a5cdaf7b8aa3bc5ff1abeec0e1d98b834782d49f34260c4e1ecc7ec4c2
670afe471847a5bb02684f1500ced5f5ae2399681ba22cbf96ed21a25ebef35c
6782c26e66d8abbe5816cd0222f41c431399582ce9b59805bffda7572e7ba288
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6bc7e5dfe9784d1c955897354de762f1cc8e8d5b65bd40e1320855e8f698ff0b
6cc7aa1d0e20765408f1a5f78d55f9f366eb1f910fe4da807ccb1cd5ab66c8f9
6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82
6de7054ecd121e63659791878b1cb8a2e0934dce6c12867764d47edd6182b3e9
6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb
700c8bd73d93522ca53cdc35e2a71e96caf7c344bc7a8391f3af90c10b917033
72562f00bd821b6edc0368065bf009468955ba01f8ead742d8bbc2470c4358c4
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
7680e45da3168c3240c3287c1f14af99ca941299901de2aae917a0f5c4d6a3d5
77fc7e2cee3f1b71326ab2d9e121017b176205d0c8bbb013dfe7ebfccb2c5cab
7909ac26c94c9592b7f3d0ce6d28b3921556d78b8bf9c72e91c35f410333685b
7a5d0f939c5224a8efb5b96759dd0509360b5d071774bb702f788f37a00a8426
7a667e756052222fc62158f643d31f92d6ac8da5c83045dffb5a626c7b614648
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
845c0dd4dc2bfa87f7e3102da8d9ad8645893a8efada5bcd116e795ec13fdb13
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
894af40d599de36ac704a310b26350926a9c491e49cae81d199f868d01de3ae9
899663bfeab6b11842c974c2417dc0ad88bd79bb7510b1e032384ccf2618dcc1
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8acf3ab00d685fc3e58419fe36856d7417c7230d39d6058dbd92b5454641fe88
8b7c6efafa337701190afab17bf559e615bf0f6a56c2a3c9b7ae04e6aab95eec
8d3a947d7fe69efcf09bfc94c8db4b03f3ebcca720c1accc3baa7633ad32417f
8d4aa65d6ae5eef1a0ca9061fd7e7906397d9f7fbb0ed26e2a8a3bd7f9db8537
8d4da47114027ff57a58a951f696b85accd07259245949b4806f06b1d554e787
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8da6b43c23b0b0fe5be18f83ab780dd19c5db4582e811629389e809f696a4deb
8ddaecc5559bd2995eb90bacafb560e5ad3e940a8142f666af23e3ce3196072e
8f1b4704bf21998a0053b506983c83b744af4a082efa82bb5bb6b0742d38a876
8f51d7bb4a7314fbd42bd5a2cec23adcfd23441c6539c3437cac22bc10c285a5
906a788516ee8c30af9c1737e5daa58aafa9c00c3fbb031a2da1ff4ad22455c2
95b2862c528501dfd59340092c5708e98d0e7c4d61bc7ecbd3e93081595dbe16
95f35e1959ce4156ff0c8342109ccbf64e6bbe029221053fed01d0e54e66be92
99ac0e388250281fe8851ef71799b3222bab0db5612c2c17deba3962626e0ec1
9ac79c7f0f70a211f79c8e15b8cfecd07fb58941637ee05e9f92efc952ad39f7
9e55c6603a9d23f3febea8ffdd6caf6abb434a00ac66c6f93e963d5c80be06ae
a05f37d89bba41883bc0449d503439250a4701fa4eaed58c8c1ebe93723195c6
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a15bef5551f730c8269a1cba57c370099d559defd996193c80a477c411081ca2
a30bb88da5b980681d89e730a34253d939ce2154f3d211f2c98fde3927ada334
a351647a3172d17c0426bb9059dcd9b3d3f01ad35b462c3d8c72dedfb4c7bf01
a39422269e06c613c1b5348a205015c8ad80c1fe3d50c84fa36f0bf18fc5b271
a643e2fcf834dce892b4f2844cab6db03148dea4523223816742f43077e4572d
a899a0398bbfbb8343c67e83098446254c1609aae412962cff6929087135a51c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adedd0befd73ee02e5480f500d1c8518bc6ab5ec39f4f06024102f53e8c0a683
ae14376ff5358d0437857a28ac8f4db17152db46fa433ac18ae9499e9a0bfa7b
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af78c92d1c9ebb385715cb003c379d93ab9c1d250e0bf03e67416e2495e33b5f
b1f315d57c5fa856dd978d0fb38ba99ff69db71e806778685cacefc817af17a3
b22694fa42d11b3f176084eeeedfd9331f7b5e56ec0cf2be2828301e74f4b24b
b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88
b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c
b7a9cde8317792327c112065ec423196947efcc8059b14745c6a1c59cd77a66a
b836876c6014c346a749c23f680845562679daf29c640c99a3d92797a6244b4d
ba0429c39149c85d1a9b6d03e40a59de57367d1fd22bbab68bee7e0b17c05f2d
ba3020a286a8eb583dee499f49804efc9c44175f36472d80d367d41a1b711d12
bd8cf80ac0e7f7fa126a0cbe0f16d568325a156ca744e8f1e6aef14a9f23e2b2
c04111a0f3f11aef1ab15cd15ca8ad03dd4f64982de1701becafc1e793e63ec1
c0d7eace6de7a123701ad163455f50ea9f6f51c5985a49f4d1f6e797009fbdb1
c0eda55ec47640c00aa84096fabdb63c66f5e456f7b141e1ba1d153c2b6ebceb
c254279147099e0b696b281d62b436b8aed42fb0f3abf1ba17abc398ca6c90e2
c902ff18c7858648be03999d4022c40d66ad694ae218ea4b1558e74703b854a5
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c99ff58c3dc4deb821c87dc9c45aed4af66541ceb1b0f62ec208114ffc37dbf4
cb58987ae34f7196a36c3d56b5ca2a816a8c8bad950c14c9369bf8e4bbdb3e5e
cda851ced6071adcde40501c1c09e21fd48be1594567337f82711a6371b9779c
cf39ab777e32ac68fb938fc9549f047b8cc8810368235c48dc87d6baf9c485d1
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d0647d8975d5c92ea700e635befca523c5aac18754b8454d954909fe070e68cc
d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393
d1abf5fd404d15f7d4659ca6d091c42a8a48965441786414bf011efa5492c487
d4c7f6759613a01167bfc91a8e2fbefd83636b635cb99287c0621791ae0f6d38
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
d615c2d72c6eba72dac6ab0a82e4eedc2d9b8385564ac5dde2bfbdb2b8328e72
d9ef96552025e7ad4f47bf61301e834c87f43725506d7a3b032cb0688f32f5a8
db0da7efe3ac5fc9e598f71e291326f137ea7bbbf97fed4fee0e86b717b0d9a8
db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dcd9f488bd62ba0ee403b07a97e40b9ffd63a0eff61091588c913b16d5153d48
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd7ec90bdddc830689a2a4e0b9d3864cd99aa688309ce12c36c625bb5c154398
dddf04d190be2e7006f807221d5f5852bf45a97c2aad4c66b1f0a1661efa7dda
de02e745c51299417a1126c3707d033de02baef0f9be8fed07185c1a6b74eac1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e04cd604df1afd7f5e3eedcc1ee997955f575f74443b575d6355f4142aae092d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73ff13cd209b6dd677130964d4322e5f960aa338ddb56bdc3b7eb92be93d118
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e8444d42da15923069f14dd559b1c74c832113a3e7bfd92765fcd1c0cb3c5d40
ea1ee34c0f34a457f51ae070d649a9f1df3aa9b0fa8b56d31028c54df664e3b1
eae2c34014a512a5bebe4a87261c00c87807d4d185dfe1bc0cc09eae0592e6ae
eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611
ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d
ee30819156a2e4fba475c4c137b3d89fa1fe6a23c4a0d0eb1ac0f38b67ef569d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef990e608982588e9c0e86de964fefb24d33a5229965c5d9a0f2c6cd9d86c3fc
f0dbd5ad7b0ead52f6375610e738f5727261715f392d0892047e160f50138f5d
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
f35fe81e92a7821e33e679a0306e38395e243e137df7347c8bce370ee79b2bc4
f3927c309fec9aca7f0dab152c4fbd8e5aa69a1f744a2eda686f01f45d2d3b37
f3a2554c9a759a17aa3c9d8118108b5ee407f14435ddd03ce8ce2b0368acd7b5
f3b99892809a021aa17ce84240b97e80f8b845208c0a283a6e225e7fc96a5d79
f784bdae89887d6c9a1d2452ca83d2444ff4d4a12a1a2484ab2ff6b370912408
f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9550540617f2607c6051d537776c61c88ae0615257694e7dbeced8126abd382
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe9cee45e2e4d69ab7d626ac122cedb941e16844067758eac5d958959301faf0
fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

www.sentinelone.com Open in urlscan Pro 104.26.3.18 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

202 Requests

95 %HTTPS

41 %IPv6

53 Domains

77 Subdomains

65 IPs

5 Countries

3523 kBTransfer

10172 kBSize

72 Cookies

41 Outgoing links

Page URL History

Redirected requests

202 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 11 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.sentinelone.com Open in urlscan Pro
104.26.3.18 Public Scan

Screenshot
Live screenshot

Full Image

202
Requests

95 %
HTTPS

41 %
IPv6

53
Domains

77
Subdomains

65
IPs

5
Countries

3523 kB
Transfer

10172 kB
Size

72
Cookies

202 HTTP transactions
11 data transactions