www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Submission: On February 20 via api (February 20th 2023, 7:16:29 pm UTC) from US — Scanned from DE

Summary HTTP 240 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 67 IPs in 9 countries across 59 domains to perform 240 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com. The Cisco Umbrella rank of the primary domain is 148288.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on April 25th 2022. Valid for: a year.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 28	2a02:e980:107... 2a02:e980:107::cf	19551 (INCAPSULA) (INCAPSULA)
4	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	18.66.97.37 18.66.97.37	16509 (AMAZON-02) (AMAZON-02)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	185.89.211.132 185.89.211.132	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:225... 2600:9000:2251:e400:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	216.200.122.11 216.200.122.11	6461 (ZAYO-6461) (ZAYO-6461)
2 2	142.250.185.70 142.250.185.70	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
7	104.16.94.80 104.16.94.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:1244	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	95.100.75.244 95.100.75.244	16625 (AKAMAI-AS) (AKAMAI-AS)
3	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 6	54.170.158.38 54.170.158.38	16509 (AMAZON-02) (AMAZON-02)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	2606:4700::68... 2606:4700::6812:1f49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:811::2013	15169 (GOOGLE) (GOOGLE)
65	18.66.112.55 18.66.112.55	16509 (AMAZON-02) (AMAZON-02)
1	51.11.20.152 51.11.20.152	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:c9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	158.255.109.19 158.255.109.19	8218 (NEO-ASN l...) (NEO-ASN legacy Neotelecoms)
1	54.85.119.1 54.85.119.1	14618 (AMAZON-AES) (AMAZON-AES)
12	23.220.23.244 23.220.23.244	16625 (AKAMAI-AS) (AKAMAI-AS)
4	52.204.14.109 52.204.14.109	14618 (AMAZON-AES) (AMAZON-AES)
1	52.222.236.122 52.222.236.122	16509 (AMAZON-02) (AMAZON-02)
2	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
2	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
4	2600:9000:225... 2600:9000:225e:fc00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
5 5	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 3	52.57.1.21 52.57.1.21	16509 (AMAZON-02) (AMAZON-02)
1	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	23.206.208.114 23.206.208.114	16625 (AKAMAI-AS) (AKAMAI-AS)
1 7	2600:9000:225... 2600:9000:225e:c200:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
2 4	142.250.185.166 142.250.185.166	15169 (GOOGLE) (GOOGLE)
1	18.66.147.116 18.66.147.116	16509 (AMAZON-02) (AMAZON-02)
1	98.98.134.242 98.98.134.242	21859 (ZEN-ECN) (ZEN-ECN)
1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.35.233.151 23.35.233.151	16625 (AKAMAI-AS) (AKAMAI-AS)
12 15	2a05:d018:cc3... 2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6	16509 (AMAZON-02) (AMAZON-02)
1	52.30.116.28 52.30.116.28	16509 (AMAZON-02) (AMAZON-02)
1 1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	64.202.112.31 64.202.112.31	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	185.89.211.116 185.89.211.116	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2a02:26f0:ab0... 2a02:26f0:ab00:3b3::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	151.101.130.137 151.101.130.137	54113 (FASTLY) (FASTLY)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
2	3.126.151.226 3.126.151.226	16509 (AMAZON-02) (AMAZON-02)
6	3.94.218.138 3.94.218.138	14618 (AMAZON-AES) (AMAZON-AES)
1	18.66.97.17 18.66.97.17	16509 (AMAZON-02) (AMAZON-02)
240	67

28 2a02:e980:107::cf (United States) 1 redirects

ASN19551 (INCAPSULA, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-37.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.211.132 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2251:e400:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.122.11 (Reno, United States) 1 redirects

ASN6461 (ZAYO-6461, US)
PTR: 216.200.122.11.IPYX-141870-ZYO.zip.zayo.com

gwmtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.70 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.16.94.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-abj.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.130 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1244 (United States)

ASN13335 (CLOUDFLARENET, US)

geoip-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.100.75.244 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-75-244.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.170.158.38 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-158-38.eu-west-1.compute.amazonaws.com

ads.avocet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:1f49 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

visitor.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

65 18.66.112.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-55.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.11.20.152 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.chip2gift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:c9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 158.255.109.19 (France)

ASN8218 (NEO-ASN legacy Neotelecoms, FR)

track.accountinsight.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.85.119.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-119-1.compute-1.amazonaws.com

data.adxcel-ec2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.220.23.244 (Paris, France)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-23-244.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.204.14.109 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-14-109.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-122.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:225e:fc00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:22::14 (United States) 5 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.57.1.21 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-1-21.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)

cpm.convergeselect.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

309-rhv-619.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.206.208.114 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-206-208-114.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:225e:c200:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.166 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f6.1e100.net

10487471.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4788165.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-116.fra60.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.242 (United States)

ASN21859 (ZEN-ECN, US)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.233.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-233-151.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6 (Dublin, Ireland) 12 redirects

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.116.28 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-116-28.eu-west-1.compute.amazonaws.com

ipv4.d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.31 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.211.116 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00:3b3::1c91 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.130.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Apex, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.151.226 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-151-226.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.94.218.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-218-138.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-17.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	driftt.com js.driftt.com — Cisco Umbrella Rank: 5448	749 KB
28	proofpoint.com 1 redirects www.proofpoint.com — Cisco Umbrella Rank: 148288	6 MB
23	adroll.com 13 redirects s.adroll.com — Cisco Umbrella Rank: 2461 d.adroll.com — Cisco Umbrella Rank: 1521 ipv4.d.adroll.com — Cisco Umbrella Rank: 11469	35 KB
13	6sc.co j.6sc.co — Cisco Umbrella Rank: 6594 c.6sc.co — Cisco Umbrella Rank: 9881 ipv6.6sc.co — Cisco Umbrella Rank: 7163 b.6sc.co — Cisco Umbrella Rank: 4814	16 KB
11	doubleclick.net 5 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 77 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 ad.doubleclick.net — Cisco Umbrella Rank: 164 10487471.fls.doubleclick.net — Cisco Umbrella Rank: 490085 4788165.fls.doubleclick.net — Cisco Umbrella Rank: 476004 cm.g.doubleclick.net — Cisco Umbrella Rank: 205	7 KB
8	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 359 www.linkedin.com — Cisco Umbrella Rank: 567 px4.ads.linkedin.com — Cisco Umbrella Rank: 6448	4 KB
8	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4596 adservice.google.com — Cisco Umbrella Rank: 72 www.google.com — Cisco Umbrella Rank: 2	2 KB
7	marketo.com app-abj.marketo.com — Cisco Umbrella Rank: 478639	144 KB
6	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 6336 metrics.api.drift.com — Cisco Umbrella Rank: 6212	471 B
6	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 341	11 KB
5	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 9005	3 KB
4	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 824	1 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3097	7 KB
4	avct.cloud 2 redirects ads.avct.cloud — Cisco Umbrella Rank: 3723	2 KB
4	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 385 ib.adnxs.com — Cisco Umbrella Rank: 203	4 KB
4	google.de www.google.de — Cisco Umbrella Rank: 6232	733 B
3	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1618 m.addthis.com — Cisco Umbrella Rank: 1585	140 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	254 B
3	bidswitch.net 2 redirects x.bidswitch.net — Cisco Umbrella Rank: 284	1 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 15151 ibc-flow.techtarget.com — Cisco Umbrella Rank: 19543	2 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 149	244 KB
3	reactful.com visitor.reactful.com — Cisco Umbrella Rank: 97500	105 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 628 script.hotjar.com — Cisco Umbrella Rank: 767 vars.hotjar.com — Cisco Umbrella Rank: 914	73 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 368	12 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	20 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	260 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 10403	586 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 533	2 KB
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 617	614 B
2	t.co t.co — Cisco Umbrella Rank: 522	582 B
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4583	2 KB
2	avocet.io 2 redirects ads.avocet.io — Cisco Umbrella Rank: 9090	280 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 729	10 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3233	6 KB
2	geoip-js.com geoip-js.com — Cisco Umbrella Rank: 13092	2 KB
1	company-target.com api.company-target.com — Cisco Umbrella Rank: 3727	512 B
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 222	518 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 337	140 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 946	90 B
1	yahoo.com ups.analytics.yahoo.com — Cisco Umbrella Rank: 273	125 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 882	493 B
1	outbrain.com sync.outbrain.com — Cisco Umbrella Rank: 728	145 B
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 420	273 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 316	239 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 436	1 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 972	550 B
1	sitescout.com pixel.sitescout.com — Cisco Umbrella Rank: 3568	267 B
1	mktoresp.com 309-rhv-619.mktoresp.com — Cisco Umbrella Rank: 371987	318 B
1	convergeselect.net cpm.convergeselect.net — Cisco Umbrella Rank: 96401	228 B
1	adxcel-ec2.com data.adxcel-ec2.com — Cisco Umbrella Rank: 3848	131 B
1	accountinsight.cloud track.accountinsight.cloud — Cisco Umbrella Rank: 174857	399 B
1	chip2gift.com secure.chip2gift.com — Cisco Umbrella Rank: 337710	304 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43	1 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 163	17 KB
1	gwmtracking.com 1 redirects gwmtracking.com — Cisco Umbrella Rank: 19846	389 B
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 21046	235 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 17587	279 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 623	15 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 905	44 KB
240	59

	Domain	Requested by
65	js.driftt.com	www.proofpoint.com js.driftt.com
28	www.proofpoint.com	1 redirects www.proofpoint.com
15	d.adroll.com	12 redirects s.adroll.com www.proofpoint.com
10	b.6sc.co
7	s.adroll.com	1 redirects www.googletagmanager.com s.adroll.com www.proofpoint.com d.adroll.com
7	app-abj.marketo.com	www.proofpoint.com app-abj.marketo.com
6	js-agent.newrelic.com	www.proofpoint.com
5	tracking.g2crowd.com	www.proofpoint.com
4	metrics.api.drift.com	js.driftt.com
4	px.ads.linkedin.com	4 redirects
4	cdn.linkedin.oribi.io	snap.licdn.com
4	tags.srv.stackadapt.com	www.proofpoint.com tags.srv.stackadapt.com
4	ads.avct.cloud	2 redirects www.proofpoint.com
4	www.google.de	www.proofpoint.com
3	www.facebook.com	www.proofpoint.com
3	x.bidswitch.net	2 redirects www.proofpoint.com
3	px4.ads.linkedin.com	www.proofpoint.com 4788165.fls.doubleclick.net 10487471.fls.doubleclick.net
3	connect.facebook.net	www.proofpoint.com connect.facebook.net
3	visitor.reactful.com	www.proofpoint.com visitor.reactful.com
3	www.google.com	www.proofpoint.com
3	adservice.google.com	www.proofpoint.com 10487471.fls.doubleclick.net 4788165.fls.doubleclick.net
3	secure.adnxs.com	2 redirects j.6sc.co
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.proofpoint.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.googletagmanager.com	www.proofpoint.com www.googleoptimize.com
2	bootstrap.api.drift.com	js.driftt.com
2	epsilon.6sense.com	j.6sc.co
2	dsum-sec.casalemedia.com	1 redirects www.proofpoint.com
2	4788165.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	10487471.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	s7.addthis.com	www.proofpoint.com s7.addthis.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	analytics.twitter.com	www.proofpoint.com
2	t.co	www.proofpoint.com
2	dev.visualwebsiteoptimizer.com	www.proofpoint.com
2	ads.avocet.io	2 redirects
2	snap.licdn.com	www.proofpoint.com 10487471.fls.doubleclick.net
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	geoip-js.com	www.proofpoint.com geoip-js.com
2	ad.doubleclick.net	2 redirects
2	googleads.g.doubleclick.net	www.googletagmanager.com www.googleadservices.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
1	api.company-target.com	js.driftt.com
1	bam.nr-data.net	js-agent.newrelic.com
1	m.addthis.com	s7.addthis.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	ib.adnxs.com	www.proofpoint.com
1	eb2.3lift.com	www.proofpoint.com
1	sync.taboola.com	www.proofpoint.com
1	ups.analytics.yahoo.com	www.proofpoint.com
1	image2.pubmatic.com	www.proofpoint.com
1	sync.outbrain.com	www.proofpoint.com
1	us-u.openx.net	www.proofpoint.com
1	pixel.rubiconproject.com	www.proofpoint.com
1	cm.g.doubleclick.net	1 redirects
1	ipv4.d.adroll.com	www.proofpoint.com
1	z.moatads.com	s7.addthis.com
1	pixel.mathtag.com	4788165.fls.doubleclick.net
1	pixel.sitescout.com	10487471.fls.doubleclick.net
1	vars.hotjar.com	static.hotjar.com
1	309-rhv-619.mktoresp.com	munchkin.marketo.net
1	cpm.convergeselect.net	www.proofpoint.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	static.hotjar.com
1	j.6sc.co	www.proofpoint.com
1	data.adxcel-ec2.com	www.proofpoint.com
1	track.accountinsight.cloud	www.proofpoint.com
1	trk.techtarget.com	www.proofpoint.com
1	secure.chip2gift.com	www.googletagmanager.com
1	fonts.googleapis.com	www.proofpoint.com
1	www.googleadservices.com	www.proofpoint.com
1	gwmtracking.com	1 redirects
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	www.googleoptimize.com	www.proofpoint.com
240	79

This site contains links to these domains. Also see Links.

Domain
proofpointcommunities.force.com
digitalrisk.proofpoint.com
emaildefense.proofpoint.com
threatintel.proofpoint.com
us1.proofpointessentials.com
partners.proofpoint.com
go.proofpoint.com
v1.addthis.com
github.com
ipcheck.proofpoint.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
proofpoint.com Sectigo RSA Organization Validation Secure Server CA	`2022-04-25` - `2023-04-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.hotjar.com Amazon	`2022-10-25` - `2023-11-23`	a year	crt.sh
app-abj.marketo.com Cloudflare Inc ECC CA-3	`2022-05-05` - `2023-05-05`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-16` - `2023-06-16`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2022-07-04` - `2023-08-05`	a year	crt.sh
*.reactful.com Go Daddy Secure Certificate Authority - G2	`2022-05-11` - `2023-05-09`	a year	crt.sh
drift.com Amazon	`2022-08-24` - `2023-09-21`	a year	crt.sh
secure.norm0care.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-13` - `2023-06-13`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-30` - `2023-02-28`	3 months	crt.sh
*.accountinsight.cloud Sectigo RSA Domain Validation Secure Server CA	`2022-06-10` - `2023-06-26`	a year	crt.sh
adxcel-ec2.com Amazon	`2022-10-18` - `2023-11-16`	a year	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
*.srv.stackadapt.com Amazon	`2022-10-09` - `2023-11-07`	a year	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
linkedin.oribi.io Amazon	`2022-07-07` - `2023-08-06`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-02-05` - `2023-05-06`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
s.adroll.com Amazon	`2022-07-03` - `2023-08-01`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-16` - `2023-11-18`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-02-13` - `2023-06-29`	5 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2022-09-16` - `2023-10-18`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Frame ID: E139B636097F188185FBF1B69A2E3775
Requests: 164 HTTP requests in this frame

Frame: https://10487471.fls.doubleclick.net/activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Frame ID: 6DFB6A4DEE2B91580155AB1584F9EC0B
Requests: 6 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287
Frame ID: 33A7FB17767EA11D2590F7508024BBBF
Requests: 4 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html
Frame ID: AA7A77AABADB71039FF420BCFC78E238
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 1AF7BA7567514C5A1092C76D126579E2
Requests: 1 HTTP requests in this frame

Frame: https://app-abj.marketo.com/index.php/form/XDFrame
Frame ID: CCC1DD9E431E6B6A4238F36F5E41DAF8
Requests: 2 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Frame ID: 10E04570486263F938760A37B5D66EFD
Requests: 33 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
Frame ID: 4BCF837AAD2A060D8E38321D3C9E48DD
Requests: 34 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 4C9AFC2A2690D6543A05AE98C2E64189
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 0741B7ECB288A8242B07F831891245DA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OneNote Documents Increasingly Used to Deliver Malware | Proofpoint USFacebookTwitterLinkedInEmail App

Page URL History Show full URLs

https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware/ HTTP 301
https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

240
Requests

90 %
HTTPS

34 %
IPv6

59
Domains

79
Subdomains

67
IPs

9
Countries

7684 kB
Transfer

14659 kB
Size

65
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://proofpointcommunities.force.com/community/s/
Title: Support Log-in

Search URL Search Domain Scan URL

URL: https://digitalrisk.proofpoint.com/
Title: Digital Risk Portal

Search URL Search Domain Scan URL

URL: https://emaildefense.proofpoint.com/login.php
Title: Email Fraud Defense

Search URL Search Domain Scan URL

URL: https://threatintel.proofpoint.com/
Title: ET Intelligence

Search URL Search Domain Scan URL

URL: https://us1.proofpointessentials.com/app/login.php
Title: Proofpoint Essentials

Search URL Search Domain Scan URL

URL: https://proofpointcommunities.force.com/community
Title: Sendmail Support Log-in

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/
Title: Channel PartnersBecome a channel partner. Deliver Proofpoint solutions to your customers and grow your business.

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/prm/English/s/applicant
Title: Become a Channel Partner

Search URL Search Domain Scan URL

URL: https://go.proofpoint.com/New-Perimeters.html
Title: New Perimeters MagazineGet the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts.

Search URL Search Domain Scan URL

URL: https://go.proofpoint.com/cpe-credit-overview.html?utm_source=website
Title: Watch now to earn your CPE credits

Search URL Search Domain Scan URL

URL: https://v1.addthis.com/live/redirect/?url=mailto%3A%3Fbody%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fblog%252Fthreat-insight%252Fonenote-documents-increasingly-used-to-deliver-malware%2523.Y_PHA11O31g.mailto%26subject%3DOneNote%2520Documents%2520Increasingly%2520Used%2520to%2520Deliver%2520Malware%2520%2520%257C%2520Proofpoint%2520US&uid=63f3c7031d824fc2&pub=&rev=v8.28.8-wp&per=undefined&pco=tbx32-300
Title: Email App

Search URL Search Domain Scan URL

URL: https://github.com/MREXw?tab=repositories
Title: MREXw

Search URL Search Domain Scan URL

URL: https://ipcheck.proofpoint.com/
Title: IP Address Blocked?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/proofpoint
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/proofpoint
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/proofpoint
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware/ HTTP 301
https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=8071638764689695959

Request Chain 13

https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=1789446023 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CMXvyvvnpP0CFZ5IHgIdeDIC9Q;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CMXvyvvnpP0CFZ5IHgIdeDIC9Q;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Request Chain 58

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j HTTP 307
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j HTTP 307
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

Request Chain 66

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j HTTP 307
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j HTTP 307
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

Request Chain 86

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1676920578549&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1676920578549%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fblog%252Fthreat-insight%252Fonenote-documents-increasingly-used-to-deliver-malware%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1676920578549&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1676920578549&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&liSync=true&e_ipv6=AQKDfZYY2hMnKwAAAYZwQWZr7dWW-eUSsinFMXMxbkXEIo5J_5oQmD_cnrnGnI-fZCf_4DVWWMn9E9qZvgkn-QYt-k4

Request Chain 94

https://x.bidswitch.net/sync?dsp_id=59&user_group=2&user_id=61a00ea8-0eca-4610-ac5a-9f2b6bd5963a HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=59&user_group=2&user_id=61a00ea8-0eca-4610-ac5a-9f2b6bd5963a HTTP 302
https://cpm.convergeselect.net/user-sync?dsp=328334&t=image&gdpr=&gdpr_consent=&uid=0766015e-5ea0-464c-b468-db47f446032c

Request Chain 110

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware HTTP 302
https://10487471.fls.doubleclick.net/activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware

Request Chain 111

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287 HTTP 302
https://4788165.fls.doubleclick.net/activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287

Request Chain 121

https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 125

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQIk_n55x3D7IwAAAYZwQWYjJ6Lq1yIJsxV0m5Ok_VP3Iyt5dLaqUyyg7ZRt-Nzz2P-u23yAvy8nJplsD9rBAlOpVYQ

Request Chain 133

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1676920579613&url=https%3A%2F%2Fwww.proofpoint.com%2F HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1676920579613&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQKiso3bFN89tgAAAYZwQWZzJLW5-UV8W3IaooNZtLpZ00K3qO3A6qGPmcOukmZSijELM05ep5OI2BVUB0Zx8SlP3VU

Request Chain 135

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

Request Chain 139

https://d.adroll.com/cm/b/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM

Request Chain 140

https://d.adroll.com/cm/g/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=SJrfokY_Y1EiTlH1D90njA HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 141

https://d.adroll.com/cm/index/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expiration=1708456579 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expiration=1708456579&C=1

Request Chain 143

https://d.adroll.com/cm/n/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expires=365

Request Chain 144

https://d.adroll.com/cm/o/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=489adfa2463f6351224e51f50fdd278c&gdpr=1&gdpr_consent=

Request Chain 145

https://d.adroll.com/cm/outbrain/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=

Request Chain 146

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 147

https://d.adroll.com/cm/r/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 148

https://d.adroll.com/cm/taboola/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM

Request Chain 149

https://d.adroll.com/cm/triplelift/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&dongle=c85e

Request Chain 150

https://d.adroll.com/cm/x/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM

240 HTTP transactions
13 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request onenote-documents-increasingly-used-to-deliver-malware Show response
www.proofpoint.com/us/blog/threat-insight/
Redirect Chain

https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware/
https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

184 KB
33 KB

1168ms
804ms

Document
text/html

2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

4fb8c0d4bfc0d4334ead7bfedc14b41cc88b40c4411d8e60a9f6183717ed319d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 10976
Cache-Control: max-age=86400, public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 32387
Content-Type: text/html; charset=UTF-8
Content-language: en
Date: Mon, 20 Feb 2023 19:16:15 GMT
ETag: "1676889117"
Expires: Tue, 21 Feb 2023 10:31:58 GMT
Feature-Policy: geolocation 'self'
Last-Modified: Mon, 20 Feb 2023 10:31:57 GMT
Link: <https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware>; rel="canonical", <https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware>; rel="shortlink"
Permissions-Policy: interest-cohort=()
Referrer-Policy: origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Cookie,Accept-Encoding
Via: varnish
X-AH-Environment: prod
X-CDN: Imperva
X-Cache: HIT
X-Cache-Hits: 33
X-Content-Type-Options: nosniff
X-Drupal-Cache: HIT
X-Drupal-Dynamic-Cache: HIT
X-Frame-Options: SAMEORIGIN
X-Generator: Drupal 9 (https://www.drupal.org)
X-Iinfo: 18-131861549-131861571 NNNY CT(310 621 0) RT(1676920574752 182) q(0 0 0 -1) r(3 6) U19
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: v-7d6461c4-b139-11ed-8f7d-5b3228f4943c
X-UA-Compatible: IE=edge

Redirect headers

Age: 0
Cache-Control: private, must-revalidate
Connection: keep-alive
Content-Length: 35673
Content-Type: text/html; charset=UTF-8
Content-language: en
Date: Mon, 20 Feb 2023 19:16:14 GMT
Expires: Tue, 21 Feb 2023 15:04:42 GMT
Feature-Policy: geolocation 'self'
Location: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Permissions-Policy: interest-cohort=()
Referrer-Policy: origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Via: varnish
X-AH-Environment: prod
X-CDN: Imperva
X-Cache: MISS
X-Content-Type-Options: nosniff
X-Drupal-Cache: HIT
X-Drupal-Route-Normalizer: 1
X-Frame-Options: SAMEORIGIN
X-Generator: Drupal 9 (https://www.drupal.org)
X-Iinfo: 4-5206830-5206832 NNNN CT(309 620 0) RT(1676920572584 182) q(0 0 9 0) r(13 16) U11
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: v-0b38f46a-b153-11ed-8faa-23fa6552971c
X-UA-Compatible: IE=edge

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 111 KB
44 KB 37ms
16ms Script
application/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c0c4051e3d8291daef72f19aeb8076c2be50f6147842840dfd48dbe3f910f438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44498
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 20 Feb 2023 19:16:16 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 41ms
21ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5a9c5554342e72affd754b8ba49d075a11a4d2919e3c5f440cd860775b26e9f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79344
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 20 Feb 2023 19:16:16 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 443 KB
104 KB 34ms
33ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e86cbcde174346c83cc616195a21881cef0962e982ddf16ed992698a4979381c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106666
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 20 Feb 2023 19:16:16 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
78 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL&l=dataLayer&cx=c

Requested by

Host: www.googleoptimize.com
URL: https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

840a9e2a90edd4f8329d574d26cd4f997dda80529c17adecf9ba1118cadf43cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79336
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 20 Feb 2023 19:16:16 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
247 B 35ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je32f0&_p=1643854783&_gaz=1&cid=1408794318.1676920577&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1676920576&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:16 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
247 B 62ms
21ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B1V8SZE3GL&cid=1408794318.1676920577&gtm=45je32f0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:16 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 54ms
33ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B1V8SZE3GL&cid=1408794318.1676920577&gtm=45je32f0&aip=1&z=1695425198

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:16 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 18:54:44 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1292
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Mon, 20 Feb 2023 20:54:44 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
1 KB 75ms
55ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1676920576651&cv=11&fst=1676920576651&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&auid=51911406.1676920577&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

22962c0ecbc0d9843ca34f9a2eddc992a2d510ff5da420e4080db38ca2328633

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:16 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 888
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 53ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 20 Feb 2023 19:16:16 GMT
last-modified: Mon, 23 Jan 2023 19:59:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 464569573A3A4C20B2B56A5C8A25C76D Ref B: FRAEDGE1811 Ref C: 2023-02-20T19:16:16Z
etag: "076bc30652fd91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11563

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 34ms
8ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-hhn-etou8220033-HHN

GET
H2 200 hotjar-1456002.js Show response
static.hotjar.com/c/ 9 KB
4 KB 41ms
7ms Script
application/javascript 18.66.97.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.37 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-37.fra56.r.cloudfront.net

Software

Resource Hash

2e58bc2de93f6db954c4601d24b1eb0986e82f9b5ee590a1429a012d68ccddc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 20 Feb 2023 19:16:01 GMT
via: 1.1 b9d2ce196c8a711fb15d92175d58476e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 17
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/1dae79539f4d9a7a781352f48bb63e29
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: MSvQ1WGZTcKpdE5WM6FKSlaRqzAAj8d6Sh745eQhNhGzHU0lu5ydaw==

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=8071638764689695959

0
235 B

259ms
231ms

Image
application/json

2600:9000:2251:e400:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=8071638764689695959
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 2600:9000:2251:e400:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
via: 1.1 7fd88bab22735486702d23ba4e028d86.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: yJoyiRO-U-t6q4pd3Qx4_jvTVjs7Qg6QCFbj3uCBBzO4Z0RhOUDHBg==
content-length: 0
apigw-requestid: ApwIghnGIAMEc1w=

Redirect headers

Date: Mon, 20 Feb 2023 19:16:18 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 217.138.194.163; 217.138.194.163; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e61c85c3-db7e-4852-a244-197cc2a3c198
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://attr.ml-api.io/?domain=proofpoint.com&pId=8071638764689695959
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

src=8909468;dc_pre=CMXvyvvnpP0CFZ5IHgIdeDIC9Q;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=1789446023
https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CMXvyvvnpP0CFZ5IHgIdeDIC9Q;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CMXvyvvnpP0CFZ5IHgIdeDIC9Q;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

42 B
401 B

70ms
42ms

Image
image/gif

2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CMXvyvvnpP0CFZ5IHgIdeDIC9Q;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CMXvyvvnpP0CFZ5IHgIdeDIC9Q;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
184 B 14ms
13ms XHR
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1643854783&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAEK~&jid=1901373043&gjid=2067599696&cid=1408794318.1676920577&tid=UA-2257074-1&_gid=779092280.1676920577&_r=1&_slc=1&gtm=45He32f0n81MGR7P8X&cd19=1408794318.1676920577&z=2139675912

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 18 KB
18 KB 186ms
185ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "01c16c31"
X-Iinfo: 18-131861549-0 0CNN RT(1676920574752 1181) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=93396, public
Content-Length: 18296
Expires: Tue, 21 Feb 2023 21:12:51 GMT

GET
H/1.1 200
OK RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 552ms
190ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "39ed386e"
X-Iinfo: 17-98590786-0 0CNN RT(1676920576112 190) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=92379, public
Content-Length: 21036
Expires: Tue, 21 Feb 2023 20:55:55 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 20 KB
20 KB 551ms
188ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "3a88d25f"
X-Iinfo: 16-63983028-0 0CNN RT(1676920576112 188) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=92380, public
Content-Length: 19976
Expires: Tue, 21 Feb 2023 20:55:56 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 16 KB
17 KB 550ms
184ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "80852160"
X-Iinfo: 15-37237064-0 0CNN RT(1676920576114 183) q(0 -1 -1 -1) r(1 -1)
Cache-Control: max-age=93396, public
Content-Length: 16540
Expires: Tue, 21 Feb 2023 21:12:52 GMT

GET
H/1.1 200
OK RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 562ms
194ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "8df65834"
X-Iinfo: 17-98590787-0 0CNN RT(1676920576112 200) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=92379, public
Content-Length: 21384
Expires: Tue, 21 Feb 2023 20:55:55 GMT

GET
H/1.1 200
OK css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
www.proofpoint.com/sites/default/files/css/ 25 KB
5 KB 372ms
186ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Sat, 17 Dec 2022 00:11:13 GMT
X-CDN: Imperva
Etag: "032a9b05"
Content-Type: text/css
X-Iinfo: 18-131861549-0 0CNN RT(1676920574752 1369) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=96429, public
Content-Length: 4376
Expires: Tue, 21 Feb 2023 22:03:25 GMT

GET
H/1.1 200
OK css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css
www.proofpoint.com/sites/default/files/css/ 3 MB
1 MB 544ms
184ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

38a674c1fcaa31a7e02046bda9fbc303302a9c1735ef872094ec2cdc702da640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 01 Feb 2023 00:14:23 GMT
X-CDN: Imperva
Etag: "eaf34da6"
Content-Type: text/css
X-Iinfo: 16-63983027-0 0CNN RT(1676920576111 184) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=725375, public
Content-Length: 1149569
Expires: Wed, 01 Mar 2023 04:45:51 GMT

GET
H/1.1 200
OK js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js Show response
www.proofpoint.com/sites/default/files/js/ 310 B
707 B 560ms
186ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:18:32 GMT
X-CDN: Imperva
Etag: "2c787c81"
Content-Type: text/javascript
X-Iinfo: 18-131861549-0 0CNN RT(1676920574752 1556) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=302494, public
Content-Length: 235
Expires: Fri, 24 Feb 2023 07:17:50 GMT

GET
H/1.1 200
OK modernizr.min.js Show response
www.proofpoint.com/modules/custom/pp_theme/js/ 5 KB
3 KB 744ms
185ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/modules/custom/pp_theme/js/modernizr.min.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

084390577243b6986d5564d152916a37a3124305e11b2817d0c2eabc863e081b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 03 Feb 2021 00:23:01 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 18-131861549-0 0CNN RT(1676920574752 1743) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=92365, public
Content-Length: 2533
Expires: Tue, 21 Feb 2023 20:55:41 GMT

GET
H/1.1 200
OK modernizr-additional-tests.js Show response
www.proofpoint.com/core/misc/ 2 KB
1 KB 912ms
184ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/misc/modernizr-additional-tests.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:17:57 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 15-37237064-0 0CNN RT(1676920576114 548) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=92344, public
Content-Length: 972
Expires: Tue, 21 Feb 2023 20:55:20 GMT

GET
H/1.1 200
OK logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 184ms
182ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "13fdd2ef"
Content-Type: image/svg+xml
X-Iinfo: 17-98590787-0 0CNN RT(1676920576112 1552) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=93394, public
Content-Length: 1124
Expires: Tue, 21 Feb 2023 21:12:51 GMT

GET
H/1.1 200
OK pfpt-sb-nav-promo-696x708.png
www.proofpoint.com/sites/default/files/nav-promo-images/ 581 KB
582 KB 184ms
182ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/nav-promo-images/pfpt-sb-nav-promo-696x708.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

32dffddd1bfd33d7568ee8501d3a7dc111f7b8177bd78b41fa668328f0ed8dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Oct 2022 23:44:13 GMT
X-CDN: Imperva
Etag: "685ed7ba"
Content-Type: image/png
X-Iinfo: 16-63983028-0 0CNN RT(1676920576112 1552) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=92365, public
Content-Length: 595407
Expires: Tue, 21 Feb 2023 20:55:42 GMT

GET
H/1.1 200
OK home.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 784 B
945 B 286ms
181ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/home.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Imperva
Etag: "4c25cdee"
Content-Type: image/svg+xml
X-Iinfo: 16-63983027-0 0CNN RT(1676920576111 1710) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=93394, public
Content-Length: 477
Expires: Tue, 21 Feb 2023 21:12:51 GMT

GET
H/1.1 200
OK whatismalware_featuredimg.webp
www.proofpoint.com/sites/default/files/styles/image_1920_400/public/ 39 KB
39 KB 208ms
183ms Image
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/image_1920_400/public/whatismalware_featuredimg.webp?itok=g0diaQMY

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

eee51d0715d2f5efd605e8c6020900a6aa8a1678867cac80e0bd43628f7e1bcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 03 Feb 2021 16:16:48 GMT
X-CDN: Imperva
X-Iinfo: 15-37237064-0 0CNN RT(1676920576114 1627) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1205908, public
Content-Length: 39712
Expires: Mon, 06 Mar 2023 18:14:45 GMT

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ 208 KB
69 KB 365ms
60ms Script
application/x-javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
cf-cache-status: HIT
age: 774
etag: "2c115f-33e51-5f217594de500"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 79c9936beb223802-FRA
expires: Mon, 20 Feb 2023 23:16:17 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 45 KB
17 KB 144ms
110ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

5aa93e7401f9a3344d1f891eacfb0cf698bf56cc5d7cb2586bfe0d82d1c8c4b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16813
x-xss-protection: 0
server: cafe
etag: 6388606791587927312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 20 Feb 2023 19:16:18 GMT

GET
H/1.1 200
OK js__T_SB_Dwsdhnz-dc2g4k7Q29Jcx-6Dl6w9nkjiYSUVQ.js Show response
www.proofpoint.com/sites/default/files/js/ 171 KB
59 KB 186ms
186ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js__T_SB_Dwsdhnz-dc2g4k7Q29Jcx-6Dl6w9nkjiYSUVQ.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fd3fd207f0f0b1d867cfe75cda0e24ed0dbd25cc7ee8397ac3d9e48e26125154

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 10 Feb 2023 01:55:07 GMT
X-CDN: Imperva
Etag: "da46c59c"
Content-Type: text/javascript
X-Iinfo: 15-37237064-0 0CNN RT(1676920576114 1260) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=301948, public
Content-Length: 59662
Expires: Fri, 24 Feb 2023 07:08:45 GMT

GET
H2 200 geoip2.js Show response
geoip-js.com/js/apis/geoip2/v2.1/ 3 KB
2 KB 43ms
17ms Script
application/javascript 2606:4700::6812:1244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1244 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 16 Feb 2023 17:39:43 GMT
server: cloudflare
age: 657
etag: W/"63ee6a5f-da4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=43200
cf-ray: 79c9936e9aac3678-FRA
expires: Tue, 21 Feb 2023 07:16:18 GMT

GET
H/1.1 200
OK js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js Show response
www.proofpoint.com/sites/default/files/js/ 9 KB
3 KB 181ms
181ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 03 Jan 2023 23:08:29 GMT
X-CDN: Imperva
Etag: "6e3ea0aa"
Content-Type: text/javascript
X-Iinfo: 16-63983027-0 0CNN RT(1676920576111 1528) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=92363, public
Content-Length: 2188
Expires: Tue, 21 Feb 2023 20:55:40 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 38ms
17ms Script
application/x-javascript 95.100.75.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.75.244 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-75-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8de86d71297dc0c8a04caeab00e28f1fcadaa2574558098cccfddd3aa27b8172

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:18 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Feb 2023 02:55:32 GMT
Server: AkamaiNetStorage
ETag: "d59e4096b6b551f06e189b1a016fc70a:1676602532.716228"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 746

GET
H/1.1 200
OK js_JZxLxWyaxe9L26_3YasyUipLl_ISnRvM1UeBOQAtpoU.js Show response
www.proofpoint.com/sites/default/files/js/ 1 MB
441 KB 186ms
184ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_JZxLxWyaxe9L26_3YasyUipLl_ISnRvM1UeBOQAtpoU.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

259c4bc56c9ac5ef4bdbaff761ab32522a4b97f2129d1bccd5478139002da685

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 10 Feb 2023 01:55:07 GMT
X-CDN: Imperva
Etag: "720b681b"
Content-Type: text/javascript
X-Iinfo: 18-131861549-0 0CNN RT(1676920574752 2912) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=301950, public
Content-Length: 451147
Expires: Fri, 24 Feb 2023 07:08:47 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 21ms
21ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-2257074-1&cid=1408794318.1676920577&jid=1901373043&gjid=2067599696&_gid=779092280.1676920577&_u=YADAAEAAAAAAACAEK~&z=584411473

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 20 Feb 2023 19:16:16 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 52ms
31ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2257074-1&cid=1408794318.1676920577&jid=1901373043&_u=YADAAEAAAAAAACAEK~&z=970888896

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 34ms
33ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2257074-1&cid=1408794318.1676920577&jid=1901373043&_u=YADAAEAAAAAAACAEK~&z=970888896

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 17087961.js Show response
bat.bing.com/p/action/ 0
116 B 104ms
102ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17087961.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 20 Feb 2023 19:16:18 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 3A0A64E8034744D1A4D9D95BA8F3962A Ref B: FRAEDGE1811 Ref C: 2023-02-20T19:16:18Z
x-cache: CONFIG_NOCACHE

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
455 B 40ms
19ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1676920576651&cv=11&fst=1676919600000&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&fmt=3&is_vtc=1&random=3412977033&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
154 B 22ms
21ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1676920576651&cv=11&fst=1676919600000&bg=ffffff&guid=ON&async=1&gtm=45He32f0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&fmt=3&is_vtc=1&random=3412977033&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 11 KB
1 KB 39ms
18ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ba95ed077caa1b5b8b0938c45e2223e486f179f659a64bcc4d6ea3d240235734

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 20 Feb 2023 19:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 19:16:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Feb 2023 19:16:18 GMT

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK ransomware-bg-img.png
www.proofpoint.com/sites/default/files/nav-promo-images/ 14 KB
14 KB 180ms
180ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/nav-promo-images/ransomware-bg-img.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6907f421de451fd5e7f962c48d39191bd7d86390df35df8b416d3ca0eb558436

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 22 Jan 2022 06:00:50 GMT
X-CDN: Imperva
Etag: "ebf7b974"
Content-Type: image/png
X-Iinfo: 17-98590786-0 0CNN RT(1676920576112 1563) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=92389, public
Content-Length: 13846
Expires: Tue, 21 Feb 2023 20:56:06 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 914ae362937120d900bb5c5d95c70f3957fa2270c308925e4a72ad56446911cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cea918e6af14ac3645e0e33b30cb802820aed3e549defbd618be220c31546625

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK Screen%20Shot%202023-02-01%20at%208.09.59%20AM.png
www.proofpoint.com/sites/default/files/inline-images/ 159 KB
159 KB 181ms
181ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-02-01%20at%208.09.59%20AM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

29cd59aa3bf14290910ab2f5ec1b4ff80185d6eca5b167544d60bf184168b7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 01 Feb 2023 15:10:14 GMT
X-CDN: Imperva
Etag: "270f3463"
Content-Type: image/png
X-Iinfo: 17-98590786-0 0CNN RT(1676920576112 1750) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=781815, public
Content-Length: 162365
Expires: Wed, 01 Mar 2023 20:26:32 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-01-31%20at%206.12.37%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 783 KB
784 KB 183ms
183ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-01-31%20at%206.12.37%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

dd526f2495b939b744a150e0a07435e928817393f7f947987b09b79fedcd653b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 01 Feb 2023 01:15:01 GMT
X-CDN: Imperva
Etag: "0c6f0c61"
Content-Type: image/png
X-Iinfo: 17-98590787-0 0CNN RT(1676920576112 1785) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=837824, public
Content-Length: 802120
Expires: Thu, 02 Mar 2023 12:00:01 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-01-31%20at%206.12.57%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 1 MB
1 MB 184ms
183ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-01-31%20at%206.12.57%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

13f8638e932bd9b91fc68c0baf723fc0dc801548ce4a1ff4ee8251afd82a29a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 01 Feb 2023 01:15:35 GMT
X-CDN: Imperva
Etag: "bc13337d"
Content-Type: image/png
X-Iinfo: 15-37237064-0 0CNN RT(1676920576114 1834) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=837825, public
Content-Length: 1105133
Expires: Thu, 02 Mar 2023 12:00:02 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-01-31%20at%206.13.21%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 1 MB
1 MB 181ms
181ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-01-31%20at%206.13.21%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b3eef75decadc91e863f376b960ade61991801ed72b6003681abc350493482cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 01 Feb 2023 01:16:14 GMT
X-CDN: Imperva
Etag: "ab825f4b"
Content-Type: image/png
X-Iinfo: 16-63983027-0 0CNN RT(1676920576111 1949) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=851676, public
Content-Length: 1350474
Expires: Thu, 02 Mar 2023 15:50:54 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 48ms
14ms Script
application/x-javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=81641
accept-ranges: bytes
content-length: 4777

GET
H2

200

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

0
336 B

31ms
30ms

Script
application/javascript

54.170.158.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 54.170.158.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-158-38.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 20 Feb 2023 19:16:18 GMT
content-length: 0
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
date: Mon, 20 Feb 2023 19:16:18 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 100
content-type: text/html; charset=utf-8

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
2 KB 43ms
22ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=359897&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&r=0.14361084371884614
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 2147b6441c1220224f3e4818dc9e35d2ba9c20305ec4bb5577a03ad71baaba65

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
content-encoding: gzip
via: 1.1 google
server: gfra1
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 1594.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
412 B 161ms
135ms Script
text/javascript 2606:4700::6812:1f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: ab378561-b385-492a-9994-cafd8e83595d
x-runtime: 0.002737
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 79c9936fb99637da-FRA

GET
H2 200 1644.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
409 B 165ms
140ms Script
text/javascript 2606:4700::6812:1f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 5df7c2e0-23be-4a81-afde-01eee2936eb9
x-runtime: 0.002721
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 79c9936fc99a37da-FRA

GET
H2 200 1645.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
423 B 155ms
133ms Script
text/javascript 2606:4700::6812:1f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 00d3b62d-82c9-4f9d-9c83-d3a53fcf35da
x-runtime: 0.003603
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 79c9936fc99b37da-FRA

GET
H2 200 1646.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
409 B 403ms
402ms Script
text/javascript 2606:4700::6812:1f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 1c4bdd32-c8a7-45b7-9724-dc62346b2b8e
x-runtime: 0.004851
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 79c9936fd9ce37da-FRA

GET
H2 200 1647.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 113ms
113ms Script
text/javascript 2606:4700::6812:1f49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1f49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 1f3a4760-a597-4bac-9878-4c2867bd99a9
x-runtime: 0.001963
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 79c9936fd9d137da-FRA

GET
H2 200 main.rtfl.js Show response
visitor.reactful.com/dist/ 271 KB
105 KB 37ms
14ms Script
application/javascript 2a00:1450:4001:811::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/dist/main.rtfl.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: f2ea684e3b845732d5688c534995dded4f2b5639e4b51b23540b00424f2736ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 07:14:15 GMT
content-encoding: gzip
server: Google Frontend
age: 43323
etag: "6u5RTA"
content-type: application/javascript; charset=UTF-8
x-cloud-trace-context: 369fba577c603d1550ccbe5b45b3ffdf
cache-control: public,public, max-age=432000
content-length: 106771
expires: Sat, 25 Feb 2023 07:14:15 GMT

GET
H2

200

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

123 B
479 B

31ms
31ms

Script
application/javascript

54.170.158.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 54.170.158.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-158-38.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 70ea2e2325db237a5c365e9a5533ca2070db34ee933d1cbe91bc7a044428f234

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Mon, 20 Feb 2023 19:16:18 GMT
content-length: 123
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
date: Mon, 20 Feb 2023 19:16:18 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 100
content-type: text/html; charset=utf-8

GET
H2 200 5dfsgn7m2kst.js Show response
js.driftt.com/include/1676920800000/ 213 KB
60 KB 252ms
218ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1676920800000/5dfsgn7m2kst.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3c11c380f0fd80c64976a059ff85d9e5086ef0ec55f9f5cb04c46ed077aa0598

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
x-amz-version-id: Nis4lMjZRHlFhKjiQGqo.DcRhQulBBy6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Thu, 16 Feb 2023 17:15:02 GMT
server: istio-envoy
etag: W/"7d0c72d0766948f876c7b7adb113e8d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: k3nwT4Xwd5JI6BY6JCTaizkQ6CmHOGthcfL7dHBoVAMLh8ZLc6WIEg==

GET
H/1.1 200
OK 206034.js Show response
secure.chip2gift.com/js/ 16 B
304 B 113ms
32ms Script
text/javascript 51.11.20.152
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.chip2gift.com/js/206034.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e9b3c1ef5622bc620a5c1d364aa9fbec2c9d6230bb5f6ab825825db09dd71f6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Date: Mon, 20 Feb 2023 19:16:18 GMT
Server: Kestrel
Content-Type: text/javascript
Cache-Control: no-store, must-revalidate
Connection: keep-alive
Content-Length: 16
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 24ms
8ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dca9b6afcb6c37d6a32456973fe5f2986a348a70d11774e102de6fc420992a19

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 20 Feb 2023 19:16:18 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: ODrOzWRgfCFd2H5meyXFF3K4wtFcUZ0BcWfpylrHv0yTwXpmZaa1KA7YWSzzW5l6/uy99otAF11UdEpfrikHPg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 82ms
24ms Script
text/javascript 2606:4700::6812:c9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 24
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=1200
cf-ray: 79c99370f99f90e6-FRA
expires: Mon, 20 Feb 2023 19:25:54 GMT

GET
H/1.1 200
OK 122
track.accountinsight.cloud/track/ 399 B
399 B 208ms
40ms Image
text/javascript 158.255.109.19
NEO-ASN legacy Ne...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.accountinsight.cloud/track/122
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 158.255.109.19 , France, ASN8218 (NEO-ASN legacy Neotelecoms, FR),
Reverse DNS
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 19:16:18 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: no-cache
Access-Control-Allow-Headers: Content-Type
Expires: -1

GET
H/1.1 200
OK /
data.adxcel-ec2.com/pixel/ 43 B
131 B 423ms
106ms Image
image/gif 54.85.119.1
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adxcel-ec2.com/pixel/?ad_log=referer&action=content&content_id=%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pixid=93500acd-fb24-4d4c-b771-2b769752ab62
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.85.119.1 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-85-119-1.compute-1.amazonaws.com
Software: /
Resource Hash: 693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 6si.min.js Show response
j.6sc.co/ 33 KB
10 KB 79ms
20ms Script
application/javascript 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

beeb705b69f299ad7567ae7ba292ae685556a7082531220a088a0d3b3307c410

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 09 Feb 2023 18:18:39 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63e538ff-820b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 10438
expires: Mon, 20 Feb 2023 19:16:18 GMT

GET
H/1.1 200
OK events.js Show response
tags.srv.stackadapt.com/ 17 KB
6 KB 416ms
102ms Script
text/javascript 52.204.14.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.14.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-14-109.compute-1.amazonaws.com
Software: /
Resource Hash: 4ad97caba8db328ca9e0fee2782647c9775963c718776157ee8e9a986ef3155b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 20 Feb 2023 19:16:19 GMT
Cache-Control: max-age=5
Content-Encoding: gzip
Connection: keep-alive
Content-Length: 5380
Content-Type: text/javascript

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 7ms
7ms Script
application/x-javascript 95.100.75.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.100.75.244 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-75-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:18 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4677
Expires: Wed, 31 May 2023 19:16:18 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
1 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1676920578503&cv=9&fst=1676920578503&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b726ff42627a2755175c451d8a6441e0d973317807e8057643a20e6a9819772

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1015
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 45 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 modules.20af14ada7e7ea89b431.js Show response
script.hotjar.com/ 263 KB
68 KB 32ms
6ms Script
application/javascript 52.222.236.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.20af14ada7e7ea89b431.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-122.fra56.r.cloudfront.net

Software

Resource Hash

f7ef83a76a4d82a068af0fa519808cc2a3e367b7f77b123313cd083ed8d0d1b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 16:25:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 944dc31277adc1021b0776fe818f07f6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 10272
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 68670
last-modified: Mon, 20 Feb 2023 16:24:18 GMT
etag: "0d2a8a11b8cab2bda70c2e7afba0dcee"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: KMq-nOzwFJhy31g4VrZAbRE-ie0FEviCCDAmtXyoN6nSkci9TwDQGw==

GET
H2 200 adsct
t.co/i/ 43 B
377 B 270ms
210ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=2fb04e26-91a4-428e-86c1-44116d2f62f2&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5597f877-7452-4002-aac7-9f7f01f62d1c&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nyk4d&type=javascript&version=2.3.29

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-response-time: 185
date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: e9cb25225c8020c4
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 16e22f5db38f274f170315cb2c79ba0a937406ab027361ce8e1654c3917e1df3
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
217 B 270ms
210ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=2fb04e26-91a4-428e-86c1-44116d2f62f2&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5597f877-7452-4002-aac7-9f7f01f62d1c&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nyk4d&type=javascript&version=2.3.29

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-response-time: 185
date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 9b75f09900f9c0cf
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: f05cdd53c40d324907f6747e09d4a977509fcaa4b3e5b8d6ce0357a275d6cb65
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
205 B 206ms
205ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=e04d5a1e-2594-4113-97fc-d115c98e48b1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5597f877-7452-4002-aac7-9f7f01f62d1c&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o73l9&type=javascript&version=2.3.29

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-response-time: 179
date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 57976717c5a7c326
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 16e22f5db38f274f170315cb2c79ba0a937406ab027361ce8e1654c3917e1df3
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
397 B 234ms
201ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=e04d5a1e-2594-4113-97fc-d115c98e48b1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=5597f877-7452-4002-aac7-9f7f01f62d1c&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o73l9&type=javascript&version=2.3.29

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-response-time: 175
date: Mon, 20 Feb 2023 19:16:18 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: cb3b2fa202d9f513
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: f05cdd53c40d324907f6747e09d4a977509fcaa4b3e5b8d6ce0357a275d6cb65
content-length: 43

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
214 B 96ms
96ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=359897&d=proofpoint.com&u=D66DC7A060326F4AC8DBC759BBF9F957C&h=130185cc28502dea6b3391c7440b01b9&t=false&r=0.0001022623276916157

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
367 B 23ms
8ms XHR
application/json 2600:9000:225e:fc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:fc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 12:08:24 GMT
content-encoding: gzip
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 25674
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=39577
x-amz-cf-id: wWcu7d02MTi5Z70oxamdl9tlkmLwjJhG4wqYRlYq2Wrsegay8ZO_MA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1676920578549&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-u...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1676920578549%26url%3Dhttps%253A%252F%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1676920578549&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-u...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1676920578549&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-...

0
161 B

150ms
147ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1676920578549&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&liSync=true&e_ipv6=AQKDfZYY2hMnKwAAAYZwQWZr7dWW-eUSsinFMXMxbkXEIo5J_5oQmD_cnrnGnI-fZCf_4DVWWMn9E9qZvgkn-QYt-k4
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: C131533A90CC4F84A20EF3087176AC8D Ref B: FRAEDGE2007 Ref C: 2023-02-20T19:16:19Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX1Jn96dmHJ5hO+tlGf6g==

Redirect headers

date: Mon, 20 Feb 2023 19:16:19 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 575EE90099C0452AA632B507824C48C4 Ref B: VIEEDGE3017 Ref C: 2023-02-20T19:16:19Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1676920578549&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&liSync=true&e_ipv6=AQKDfZYY2hMnKwAAAYZwQWZr7dWW-eUSsinFMXMxbkXEIo5J_5oQmD_cnrnGnI-fZCf_4DVWWMn9E9qZvgkn-QYt-k4
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX1Jn93/FYTXS4PTuxDAA==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
370 B 21ms
7ms XHR
application/json 2600:9000:225e:fc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:fc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 12:08:24 GMT
content-encoding: gzip
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 25674
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=39577
x-amz-cf-id: 1-Ldk8_LFzRBmRvOI21iiwKflZCDK3XP4PiRQNJgrUAmT2DqqBrXWA==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
368 B 21ms
8ms XHR
application/json 2600:9000:225e:fc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:fc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 12:08:24 GMT
content-encoding: gzip
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 25674
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=39577
x-amz-cf-id: JOAfpLidAop63bnig31GFGTTwveyxxGaMQX3S63ECVMvCXH3y3oEcg==

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
108 B 17ms
17ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1676920578503&cv=9&fst=1676919600000&num=1&guid=ON&eid=375603260%2C466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=3452839263&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
64 B 37ms
36ms Image
image/gif 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1676920578503&cv=9&fst=1676919600000&num=1&guid=ON&eid=375603260%2C466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&tiba=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=3452839263&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
visitor.reactful.com/config/879986/ 0
128 B 146ms
146ms XHR
text/javascript 2a00:1450:4001:811::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&hash=&referer=&user_id=&hshkgid=8c6c81ef-98c0-4437-b358-f8fb51970a50&cb_rtfl=_rtfl_jsonp_0
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
Url-Params-Data: e30=
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
server: Google Frontend
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.proofpoint.com
x-cloud-trace-context: 2a114544053149f585dcae5f5e3ecf1e
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length: 0

OPTIONS
H2 200 /
visitor.reactful.com/config/879986/ Frame 0
0 256ms
234ms Preflight
text/javascript 2a00:1450:4001:811::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&hash=&referer=&user_id=&hshkgid=8c6c81ef-98c0-4437-b358-f8fb51970a50&cb_rtfl=_rtfl_jsonp_0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: url-params-data
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
access-control-allow-methods: GET
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache
content-length: 0
content-type: text/javascript
date: Mon, 20 Feb 2023 19:16:18 GMT
expires: Mon, 20 Feb 2023 19:16:18 GMT
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
server: Google Frontend
x-cloud-trace-context: cac06907bb9a7dfe99834fa82a0e0cc0

GET
H2 200 143852102935619 Show response
connect.facebook.net/signals/config/ 378 KB
108 KB 143ms
142ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/143852102935619?v=2.9.96&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6a9f4a7fdaed340429c448b9132181f72a59635ec28a42beb2b180b176c006ef

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 20 Feb 2023 19:16:18 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: pC0n905Hl2J+i8wv3U+2wRS6Hnl3j6cE/O7Ranby4KMnUAYw2BNPID1f55OZhOWYfg2CEFK1J4Xw7oLFj6j+Iw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 917726464
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

user-sync
cpm.convergeselect.net/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=59&user_group=2&user_id=61a00ea8-0eca-4610-ac5a-9f2b6bd5963a
https://x.bidswitch.net/ul_cb/sync?dsp_id=59&user_group=2&user_id=61a00ea8-0eca-4610-ac5a-9f2b6bd5963a
https://cpm.convergeselect.net/user-sync?dsp=328334&t=image&gdpr=&gdpr_consent=&uid=0766015e-5ea0-464c-b468-db47f446032c

42 B
228 B

64ms
14ms

Image
image/gif

77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cpm.convergeselect.net/user-sync?dsp=328334&t=image&gdpr=&gdpr_consent=&uid=0766015e-5ea0-464c-b468-db47f446032c
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 19:16:19 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: close
Content-Length: 42

Redirect headers

location: //cpm.convergeselect.net/user-sync?dsp=328334&t=image&gdpr=&gdpr_consent=&uid=0766015e-5ea0-464c-b468-db47f446032c
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
469 B 121ms
120ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1676920578742&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1268939
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:18 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdvxnb_e0aLznAwg9BHol-uU_qYW9H2r8YDVUbLlhws-paCdwTfiDkwjfULDd1k2jNkMJc3iN_vtySTvasadiGYY0jE2hmok
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Mon, 20 Feb 2023 20:16:18 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 138ms
106ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1676920578742&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 20 Feb 2023 19:16:18 GMT
expires: Mon, 20 Feb 2023 19:16:18 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdv8WYTboW4pp6GwltplBvTmyn8_oWvI3oRIhe6belZ1miHW6p3wNmR15yHFs6hqGDyeFO7qOrXAJBrTpIEL9jI9wlzLn5DT

POST
H/1.1 200
OK visitWebPage
309-rhv-619.mktoresp.com/webevents/ 2 B
318 B 681ms
95ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1676920578883&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1676920578882-56945&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:19 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: c5a13430-8c1f-4888-a41a-b5c17864f28b

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 25ms
9ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=143852102935619&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&rl=&if=false&ts=1676920579002&sw=1600&sh=1200&v=2.9.96&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1676920579001.741986432&it=1676920578676&coo=false&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 20 Feb 2023 19:16:19 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
BLOB 200
OK 18eeea9e-7de7-45c5-9915-a6200f182a3d
https://www.proofpoint.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.proofpoint.com/18eeea9e-7de7-45c5-9915-a6200f182a3d
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
BLOB 200
OK 2c7dbbcd-65f1-41c2-8848-2ccdea474e3e Show response
https://www.proofpoint.com/ 0
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.proofpoint.com/2c7dbbcd-65f1-41c2-8848-2ccdea474e3e
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
H/1.1 200
OK sa.css
tags.srv.stackadapt.com/ 65 B
292 B 102ms
101ms Stylesheet
text/css 52.204.14.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.14.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-14-109.compute-1.amazonaws.com
Software: /
Resource Hash: 632f1e0c45f66b1c70706f6402d0771dbc83f6f280542b6a3b747ff03d34589e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 20 Feb 2023 19:16:19 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 65
Content-Type: text/css

GET
H/1.1 200
OK sa.jpeg Show response
tags.srv.stackadapt.com/ 0
881 B 390ms
98ms Fetch
image/jpeg 52.204.14.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.14.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-14-109.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 20 Feb 2023 19:16:19 GMT
Cache-Control: only-if-cached, no-transform, private, max-age=7776000
Connection: keep-alive
Content-Length: 651
Content-Type: image/jpeg

GET
H2 200 me Show response
geoip-js.com/geoip/v2.1/country/ 755 B
955 B 57ms
41ms XHR
application/vnd.maxmind.com-country+json 2606:4700::6812:1244
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com

Requested by

Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1244 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4377d0dafa9b167e56fd0c51a3aa34b3a1e029e81ea4cb4e86a49e176bbdaad1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 79c99374d88f2bb6-FRA
content-length: 755

GET
H/1.1 200
OK header-email.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 951 B
965 B 183ms
182ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-email.svg?5dd8f7254d23339c87d236dd5ed71ca0=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:17:58 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 16-63983027-0 0CNN RT(1676920576111 2468) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=308485, public
Content-Length: 514
Expires: Fri, 24 Feb 2023 08:57:43 GMT

GET
H/1.1 200
OK header-shield.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 298 B
655 B 182ms
181ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-shield.svg?846ea5f31dbef4de45aaa03516f7b708=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:17:28 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 17-98590786-0 0CNN RT(1676920576112 2467) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=308485, public
Content-Length: 204
Expires: Fri, 24 Feb 2023 08:57:43 GMT

GET
H/1.1 200
OK header-security.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 934 B
888 B 184ms
184ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-security.svg?09afb7a95c693b3a41940d4e34bd70d3=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_OKZ0wfyqMafgIEa9qfvDAzAqnBc174cglOws3HAtpkA.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:18 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 27 Jan 2023 03:17:28 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 18-131861549-0 0CNN RT(1676920574752 3827) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=308485, public
Content-Length: 436
Expires: Fri, 24 Feb 2023 08:57:43 GMT

GET
H2 200 getForm Show response
app-abj.marketo.com/index.php/form/ 6 KB
2 KB 69ms
69ms Script
application/javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app-abj.marketo.com/index.php/form/getForm?munchkinId=309-RHV-619&form=10895&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&callback=jQuery112409215754092876458_1676920578444&_=1676920578445
Requested by: Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.94.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38315838c9af81de0eaee3cad5690b144c2b96e42080d42005a949d43dade705

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 79c99374fc473802-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 93ms
38ms Script
application/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js?_=1676920578524

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js__T_SB_Dwsdhnz-dc2g4k7Q29Jcx-6Dl6w9nkjiYSUVQ.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
date: Mon, 20 Feb 2023 19:16:19 GMT
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
x-host: s7.addthis.com
content-length: 116332

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 57 KB
19 KB 64ms
8ms Script
text/javascript 2600:9000:225e:c200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7161d65405c262f1bca68b96586216c65b1eca9b4f6f98c15fa0cf92c32ef4dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

X-Amz-Version-Id: Evg7wcKbnwQXTGpYURTF8gtjOgpo4EqK
Content-Encoding: gzip
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Date: Mon, 20 Feb 2023 18:55:56 GMT
Age: 1224
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 20 Feb 2023 15:50:09 GMT
Server: AmazonS3
Etag: W/"9424d84c0b07c4ae9a7d944034bcaf14"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 2wmmZw85SKGxsc2dntiefRKQkq2b0-jSpxZVh8pGaXJ31cdZek6WaQ==

GET
H2

200

activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat... Show response
10487471.fls.doubleclick.net/ Frame 6DFB
Redirect Chain

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthr...
https://10487471.fls.doubleclick.net/activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fww...

1 KB
705 B

49ms
48ms

Document
text/html

142.250.185.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10487471.fls.doubleclick.net/activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f6.1e100.net

Software

cafe /

Resource Hash

fe5f594c3c7547792df136089a50c235f3dbedc974d716ed7e9a88431bea4039

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 595
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 19:16:19 GMT
expires: Mon, 20 Feb 2023 19:16:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 19:16:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10487471.fls.doubleclick.net/activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287 Show response
4788165.fls.doubleclick.net/ Frame 33A7
Redirect Chain

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287?
https://4788165.fls.doubleclick.net/activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287?

687 B
482 B

52ms
51ms

Document
text/html

142.250.185.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4788165.fls.doubleclick.net/activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f6.1e100.net

Software

cafe /

Resource Hash

cb278c73f375f7ff6ccba60313f94d2431c01784b0405b53935f01fd06108b6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 372
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 19:16:19 GMT
expires: Mon, 20 Feb 2023 19:16:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 19:16:19 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://4788165.fls.doubleclick.net/activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 0
bat.bing.com/action/ 0
285 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17087961&tm=gtm002&Ver=2&mid=14133f73-96d8-4633-9e71-735fccb51adf&sid=0e04f210b15311eda6ced1fe1f0d9adc&vid=0e052710b15311edb66f99719234c3d4&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&r=&lt=6232&evt=pageLoad&sv=1&rn=700660

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 20 Feb 2023 19:16:18 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B6F3BAA8A4C3408382EA895F474ACFB0 Ref B: FRAEDGE1811 Ref C: 2023-02-20T19:16:19Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK DE.png
www.proofpoint.com/modules/custom/pp_i18n/images/ 3 KB
4 KB 183ms
182ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/modules/custom/pp_i18n/images/DE.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Imperva
Etag: "cc0c264c"
Content-Type: image/png
X-Iinfo: 16-63983028-0 0CNN RT(1676920576112 2537) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=116597, public
Content-Length: 3329
Expires: Wed, 22 Feb 2023 03:39:35 GMT

GET
DATA 200
OK truncated
/ 129 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 box-e031119f9e9e307a08fa610f85dbfb52.html Show response
vars.hotjar.com/ Frame AA7A 2 KB
1 KB 33ms
6ms Document
text/html 18.66.147.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vars.hotjar.com/box-e031119f9e9e307a08fa610f85dbfb52.html

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.116 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-116.fra60.r.cloudfront.net

Software

Resource Hash

f92333a45b532bdb5248178674b041b1c35edfd33a55df48192256f0bfe49e4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1490773
cache-control: max-age=31536000
content-encoding: br
content-length: 1034
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 03 Feb 2023 13:10:06 GMT
etag: "112fdf47cdb80b9ce3d033ed09717460"
last-modified: Fri, 03 Feb 2023 13:09:45 GMT
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
x-amz-cf-id: t3U9Nw92BZQc4SgnzGxXQeg6utvFQ0SzzpQAa1C6owjthpztt2aSZA==
x-amz-cf-pop: FRA60-P4
x-cache: Hit from cloudfront
x-robots-tag: none

GET
H2 200 forms2.css
app-abj.marketo.com/js/forms2/css/ 13 KB
3 KB 25ms
25ms Stylesheet
text/css 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 6525
content-length: 2623
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
etag: "121563-3437-5f217594de500"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 79c993756d313802-FRA
expires: Mon, 20 Feb 2023 23:16:19 GMT

GET
H2 200 forms2-theme-plain.css
app-abj.marketo.com/js/forms2/css/ 828 B
336 B 26ms
26ms Stylesheet
text/css 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 4206
content-length: 246
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
etag: "2c1159-33c-5f217594de500"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 79c993756d323802-FRA
expires: Mon, 20 Feb 2023 23:16:19 GMT

GET
H2 200 getKnownLead Show response
app-abj.marketo.com/index.php/form/ 49 B
256 B 395ms
394ms Script
application/javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/getKnownLead?form=10895&lpId=&munchkinId=309-RHV-619&filledFields=true&_mkt_trk=id%3A309-RHV-619%26token%3A_mch-proofpoint.com-1676920578882-56945&callback=jQuery112409215754092876458_1676920578444&_=1676920578446

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bd6ed4b74794fb0ce61977f282afb8acbc93dd7bb356615c4b9ee75d9474ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
server: cloudflare
content-type: application/javascript; charset=utf-8
cf-ray: 79c993756d373802-FRA

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/ 42 B
835 B 12ms
12ms Script
text/javascript 2600:9000:225e:c200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f51a75f2ede4c5e0457f05d60bfa39290b59348a71cdae4cc701236e6f552ad9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

X-Amz-Version-Id: YpLV8gffck5D.rMdZ0xQXtTLU4RzR.kz
Date: Mon, 20 Feb 2023 19:16:19 GMT
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Age: 207
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 42
Last-Modified: Thu, 05 Jan 2023 13:22:33 GMT
Server: AmazonS3
Etag: "2ff5e20519778d0385c77e7f6e12de10"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Euj6a3YJAs0XCG8r8D3Q4JmVticNoFp962vCauZ7l6z6r_SNHyPdnw==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

12ms
11ms

Script
application/javascript

2600:9000:225e:c200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 2600:9000:225e:c200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Date: Mon, 20 Feb 2023 07:02:42 GMT
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Age: 44019
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: PHSPfl1UYxLflOGKEDvqSoJamG8WzW2TKj0jlEWMJdN9kk9dWiv6JA==

Redirect headers

Date: Mon, 20 Feb 2023 05:14:38 GMT
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Age: 50500
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: eRfBYz4JDPnIrdBztHnsJKtKPxtEU-Khr2ZPFQVgvMo9dI4uBJM3jg==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/ 0
809 B 24ms
10ms Script
text/javascript 2600:9000:225e:c200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

X-Amz-Version-Id: TI8G3DUlRZpunHZpo3ouIFqa9gWaseAm
Date: Mon, 20 Feb 2023 18:38:31 GMT
Via: 1.1 70d755f7200c02162c7545e4ce74649a.cloudfront.net (CloudFront)
Age: 2317
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Feb 2023 19:40:36 GMT
Server: AmazonS3
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: jGfZ9ovCySYY89huoWPdpOUGIl8cOcKXhMSWZQ5Pq1zo7EAS5uTnPA==

GET
H2 200 d7557a63ab8c88be
pixel.sitescout.com/up/ Frame 6DFB 43 B
267 B 48ms
14ms Image
image/gif 98.98.134.242
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/d7557a63ab8c88be?url=retargeting&cntr_revenue=&cntr_transactionId=3957702941705&u1=&u2=&u3=&u4=&u5=&cntr_url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Requested by: Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.242 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:18 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=*;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents...
adservice.google.com/ddm/fls/z/ Frame 6DFB 42 B
107 B 51ms
50ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=*;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware

Requested by

Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/ Frame 33A7
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQIk_n55x3D7IwAAAYZwQWYjJ6Lq1yIJsxV0m5Ok_VP3Iyt5dLaqUyyg7ZRt-Nzz2P-u23yAvy8nJplsD9rBAlOpVYQ

43 B
347 B

177ms
155ms

Image
image/gif

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQIk_n55x3D7IwAAAYZwQWYjJ6Lq1yIJsxV0m5Ok_VP3Iyt5dLaqUyyg7ZRt-Nzz2P-u23yAvy8nJplsD9rBAlOpVYQ
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287?
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D3388B742D6045DE822AE521F41AFD52 Ref B: FRAEDGE2007 Ref C: 2023-02-20T19:16:19Z
linkedin-action: 1
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
content-type: image/gif
x-li-proto: http/2
content-length: 65
x-li-uuid: AAX1Jn95n7kps783FSU49g==

Redirect headers

date: Mon, 20 Feb 2023 19:16:19 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 6A28A92F1B684BA5B0D863E3F6AD5297 Ref B: VIEEDGE3017 Ref C: 2023-02-20T19:16:19Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQIk_n55x3D7IwAAAYZwQWYjJ6Lq1yIJsxV0m5Ok_VP3Iyt5dLaqUyyg7ZRt-Nzz2P-u23yAvy8nJplsD9rBAlOpVYQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX1Jn924p9Vi/ZqmGDMLA==

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 33A7 43 B
550 B 121ms
46ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1442966&mt_adid=226348&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=&ord=538908040
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 475 4bd2ccd master cdg-pixel-x31 config:1.0.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:19 GMT
Server: MT3 475 4bd2ccd master cdg-pixel-x31 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Mon, 20 Feb 2023 19:16:18 GMT

GET
H3 200 dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287
adservice.google.com/ddm/fls/z/ Frame 33A7 42 B
63 B 44ms
43ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287

Requested by

Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=COPt0PvnpP0CFcjKmgodA7YKKA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=7220261041013.287?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 1AF7 0
51 B 7ms
6ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.proofpoint.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 20 Feb 2023 19:16:19 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 314ms
21ms Script
application/x-javascript 23.35.233.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1676920578524
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.233.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-233-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=60797
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ Frame 6DFB 13 KB
5 KB 14ms
14ms Script
application/x-javascript 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Jan 2023 17:22:56 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=81640
accept-ranges: bytes
content-length: 4777

GET
H2 200 7YJ7XZCLMRHSVCXIHB5HIT Show response
d.adroll.com/consent/check/ 462 B
948 B 116ms
41ms Script
application/javascript 2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT?pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&_s=1433bdd99131d7a93f6f3481151b0ac1&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: d238e774be1be42eaf7f335980d7cf7ec0989c8bbfa1ae7114366ccb07809c5a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: application/javascript
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 462
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/2782676/domain/10487471.fls.doubleclick.net/ Frame 6DFB 36 B
368 B 7ms
6ms XHR
application/json 2600:9000:225e:fc00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/2782676/domain/10487471.fls.doubleclick.net/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:fc00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://10487471.fls.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 12:48:33 GMT
content-encoding: gzip
via: 1.1 5b21c56dde1a436b4b6766d2406627d2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 23266
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=35973
x-amz-cf-id: ypLuiJSWKctBvgEVzBfsZwfSeLNGYMgYp8PV_E67W-8Wy58PMdo18A==

GET
H2

200

collect
px4.ads.linkedin.com/ Frame 6DFB
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1676920579613&url=https%3A%2F%2Fwww.proofpoint.com%2F
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1676920579613&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQKiso3bFN89tgAAAYZwQWZzJLW5-UV8W3IaooNZtLpZ00K3qO3A6qGPmcOukmZSijELM05...

0
143 B

148ms
146ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1676920579613&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQKiso3bFN89tgAAAYZwQWZzJLW5-UV8W3IaooNZtLpZ00K3qO3A6qGPmcOukmZSijELM05ep5OI2BVUB0Zx8SlP3VU
Requested by: Host: 10487471.fls.doubleclick.net
URL: https://10487471.fls.doubleclick.net/activityi;dc_pre=CITz0PvnpP0CFcnmmgodRT4HiA;src=10487471;type=retar0;cat=retar0;ord=3957702941705;gtm=45He32f0;auiddc=51911406.1676920577;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware?
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://10487471.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 8F51FAFDD8ED407CB7EEFBE9DCE3EE19 Ref B: FRAEDGE2007 Ref C: 2023-02-20T19:16:19Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX1Jn963o/Ukcvgc6mkkA==

Redirect headers

date: Mon, 20 Feb 2023 19:16:19 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 7880C07340404D34935273BC30C44ACB Ref B: VIEEDGE3017 Ref C: 2023-02-20T19:16:19Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2782676&time=1676920579613&url=https%3A%2F%2Fwww.proofpoint.com%2F&e_ipv6=AQKiso3bFN89tgAAAYZwQWZzJLW5-UV8W3IaooNZtLpZ00K3qO3A6qGPmcOukmZSijELM05ep5OI2BVUB0Zx8SlP3VU
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX1Jn94FEJVtv2krsdzWg==

GET
H/1.1 200
OK saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
445 B 101ms
101ms XHR
text/plain 52.204.14.109
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=dG-GbvdPxi8YOQyjVLjRlg&is_js=true&landing_url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&t=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&tip=tEHWqR4SIDDYPoW2WUeiqxs8FuV6CIHb4qoJCN1Sq5M&host=https://www.proofpoint.com&sa_conv_data_css_value=%20%220-a20d3e4a-c66b-4e68-5c35-fbd48ad14876%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9b76a3b59a0a149035de200db0f6fa8ebd98ac2a3&sa-user-id-v2=s%253Aog0-SsZrTmhcNfvUitFIdtmKwqM.7qGAttDHQwNPRSAVrCtJiK6y7VR5bDkLUM8DYEoiiLo&sa-user-id=s%253A0-a20d3e4a-c66b-4e68-5c35-fbd48ad14876.s2SIOWLoUFskqBNMbDz9LJnEQoeOt9s4Q8aWQBWuKys
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.204.14.109 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-14-109.compute-1.amazonaws.com
Software: /
Resource Hash: 0305f002cec9f1f9f900c6bb1ce8836e4d9d54b1157ef1057db2601267c3d22d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:19 GMT
Access-Control-Allow-Methods: GET
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.proofpoint.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 138

GET
H/1.1

200
OK

T47Y2VPPABDUBJXFROMZZM.js Show response
s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/
Redirect Chain

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus...
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

4 KB
2 KB

10ms
9ms

Script
text/javascript

2600:9000:225e:c200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 2600:9000:225e:c200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea0a66087c5669d9c516399640336a37d06d722e1ef0ada8047db1869af0de96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

X-Amz-Version-Id: eY2T11Jsv3Zn8_XUkedB..UFmyuYffin
Content-Encoding: gzip
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Date: Mon, 20 Feb 2023 19:07:37 GMT
Age: 560
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Mon, 23 Jan 2023 14:52:47 GMT
Server: AmazonS3
Etag: W/"7f84d82d1aa6399333730db224ff6e4c"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: HCcJ_e6NsA2eZujQgF_Ydhtq6az2HRjhig98OR_x3BBfTP0MCysAFg==

Redirect headers

date: Mon, 20 Feb 2023 19:16:19 GMT
x-segment-display-name: Visitors to Unsegmented Pages
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
x-rule-type: p
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.22.1
x-rule: *
x-segment-eid: T47Y2VPPABDUBJXFROMZZM
location: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: YV5KYXXEJZATZCT37YRTMK
x-segment-name: *
x-advertisable-eid: 7YJ7XZCLMRHSVCXIHB5HIT
x-conversion-currency

GET
H2 200 YV5KYXXEJZATZCT37YRTMK
ipv4.d.adroll.com/px4/7YJ7XZCLMRHSVCXIHB5HIT/ 42 B
176 B 111ms
29ms Image
image/gif 52.30.116.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ipv4.d.adroll.com/px4/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&cookie=&adroll_s_ref=&keyw=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.116.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-116-28.eu-west-1.compute.amazonaws.com
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 42
content-type: image/gif

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 8 KB
3 KB 10ms
10ms Script
application/javascript 2600:9000:225e:c200:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&cookie=&adroll_s_ref=&keyw=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c200:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e5cf82e4a17e79c80c6f17c3fff873756de944e1301fa01c1d03aba1e359669

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

X-Amz-Version-Id: wG3UJevK_dyyBSOJeVU2_V1xC3jx_aLw
Content-Encoding: gzip
Via: 1.1 a5a8e743f28968822c126102a78bb7c6.cloudfront.net (CloudFront)
Date: Mon, 20 Feb 2023 07:16:31 GMT
Age: 43215
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 30 Jun 2022 21:48:50 GMT
Server: AmazonS3
Etag: W/"9f2aa6ae991d93164d9512029d813cad"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: kgzXh8bz52I9kt-wpYsmY3H1Xjz4XiVeojpYagdbxe4jr7BxC5sjXQ==

GET
H3 200 389545881899618 Show response
connect.facebook.net/signals/config/ 377 KB
108 KB 143ms
143ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/389545881899618?v=2.9.96&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1b1ab7879aa2fd8b15125ad858143c427b9ae8c805f1f1ddaece7ecb336b34df

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 20 Feb 2023 19:16:19 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: ia34muE1sg+9PTWM9+Eg46xPM6pINFq9M0NX5Hg7uKNAwaviFbaN/M6zqyGvIlgltWq1M259E8BOpmOIyI9krQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

sync
x.bidswitch.net/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-document...
https://x.bidswitch.net/sync?dsp_id=44&user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM

43 B
145 B

8ms
8ms

Image
image/gif

52.57.1.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=44&user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 52.57.1.21 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-1-21.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/sync?dsp_id=44&user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 96
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-document...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=SJrfokY_Y1EiTlH1D90njA
https://d.adroll.com/cm/g/in

42 B
552 B

32ms
31ms

Image
image/gif

2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
server: nginx/1.22.1
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://d.adroll.com/cm/g/in
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-docu...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expiration=1708456579
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expiration=1708456579&C=1

43 B
766 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expiration=1708456579&C=1
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 19:16:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 19:16:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=105&external_user_id=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expiration=1708456579&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 35ms
30ms Image
image/gif 2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&advertisable=7YJ7XZCLMRHSVCXIHB5HIT
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.22.1
content-length: 42
vary: Cookie
content-type: image/gif

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-document...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expires=365

0
239 B

73ms
8ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expires=365
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&expires=365
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-document...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=489adfa2463f6351224e51f50fdd278c&gdpr=1&gdpr_consent=

43 B
273 B

68ms
16ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537103138&val=489adfa2463f6351224e51f50fdd278c&gdpr=1&gdpr_consent=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537103138&val=489adfa2463f6351224e51f50fdd278c&gdpr=1&gdpr_consent=
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 108
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-d...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=

0
145 B

378ms
88ms

Image
text/plain

64.202.112.31
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: HTTP/1.1
Server: 64.202.112.31 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:20 GMT
Cache-Control: no-cache
X-TraceId: a8ac0e56fdcb947172b388dfd072d60b
Content-Length: 0

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 121
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-d...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...

42 B
493 B

98ms
21ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 20 Feb 2023 19:16:18 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 212
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-document...
https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
125 B

59ms
10ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.25 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.25
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55980/sync?_origin=1&uid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 169
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-do...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM

0
90 B

78ms
14ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 12750

Redirect headers

location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote...
https://eb2.3lift.com/xuid?mid=4714&xuid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&dongle=c85e

37 B
140 B

59ms
8ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=4714&xuid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&dongle=c85e
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

location: https://eb2.3lift.com/xuid?mid=4714&xuid=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&dongle=c85e
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 102
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=33da703986076098f79d465244bc7e6c-1676920579725&pv=34103583426.364258&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-document...
https://ib.adnxs.com/setuid?entity=172&code=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM

43 B
1 KB

73ms
13ms

Image
image/gif

185.89.211.116
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

HTTP/1.1

Server

185.89.211.116 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 19:16:19 GMT
AN-X-Request-Uuid: b8c0ca65-efab-4048-9e92-3519573953bf
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.138.194.163; 217.138.194.163; 956.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/setuid?entity=172&code=NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM
pragma: no-cache
date: Mon, 20 Feb 2023 19:16:19 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.22.1
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 XDFrame Show response
app-abj.marketo.com/index.php/form/ Frame CCC1 2 KB
861 B 118ms
117ms Document
text/html 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/XDFrame

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 79c993784a9c3802-FRA
content-encoding: gzip
content-length: 650
content-type: text/html; charset=utf-8
date: Mon, 20 Feb 2023 19:16:19 GMT
server: cloudflare
strict-transport-security: max-age=63113904
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ Frame CCC1 208 KB
69 KB 22ms
22ms Script
application/x-javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app-abj.marketo.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Thu, 12 Jan 2023 20:56:20 GMT
server: cloudflare
cf-cache-status: HIT
age: 777
etag: "2c115f-33e51-5f217594de500"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 79c993791bf33802-FRA
expires: Mon, 20 Feb 2023 23:16:20 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 7ms
7ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=389545881899618&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&rl=&if=false&ts=1676920580022&cd[segment_eid]=T47Y2VPPABDUBJXFROMZZM&sw=1600&sh=1200&v=2.9.96&r=stable&ec=0&o=29&cs_est=true&fbp=fb.1.1676920579001.741986432&it=1676920578676&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 20 Feb 2023 19:16:20 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 29 B
997 B 13ms
13ms XHR
application/json 185.89.211.132
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.132 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e9eb23aaa392f26a611f5e52c470c456fb190c0f74fb8649a83bef8f6264780b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Feb 2023 19:16:20 GMT
AN-X-Request-Uuid: a2c1cacf-d241-4a02-a7b2-98051097d170
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.proofpoint.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.138.194.163; 217.138.194.163; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 29
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
204 B 28ms
20ms XHR
text/html 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-23-244.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:20 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 34 B
281 B 68ms
24ms XHR
text/html 2a02:26f0:ab00:3b3::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00:3b3::1c91 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b86e9b6e6d2bf38132369af200cceb6a5a69f5a986661c0724bf2ee2f686e014

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:20 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:20:3c00:1012:9fc:f79:2898
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 34
expires: Mon, 20 Feb 2023 19:16:20 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame 10E0 2 KB
1 KB 110ms
109ms Document
text/html 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1676920800000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

09d3561e03ada8fad9e775913a66b7d5abc4a2f16299f13f7b04d416b110f6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 20 Feb 2023 19:16:20 GMT
etag: W/"c67428c125d174aaf85216a5a50cf004"
last-modified: Thu, 16 Feb 2023 17:14:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-id: uWvkmfdE5dWUgAhNt0OrJt8tUfYQISoJ0YBPWdowLdPHP_w2w8Jvkg==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: ZTHwaOUorp1P5m9vEvyrK6g6S8PFGWM5
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 4BCF 2 KB
1 KB 109ms
109ms Document
text/html 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1676920800000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

09d3561e03ada8fad9e775913a66b7d5abc4a2f16299f13f7b04d416b110f6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 20 Feb 2023 19:16:20 GMT
etag: W/"c67428c125d174aaf85216a5a50cf004"
last-modified: Thu, 16 Feb 2023 17:14:52 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-id: amaNaexzTfzZ6fN_bD76pBbD_cdbaZXqw2rYQW8O6pqch46SeIcdpg==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: ZTHwaOUorp1P5m9vEvyrK6g6S8PFGWM5
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 15

GET
H2 200 async-api.6bb277af-1225.min.js Show response
js-agent.newrelic.com/ 2 KB
2 KB 29ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f95b22047abcb76190421e53f133601b1006cfb23a01fb03caaad506a9b4d321

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: ccu4IA9M.iSFjMQAJQZ9WRC6vNK74xfk
content-encoding: gzip
via: 1.1 varnish
date: Mon, 20 Feb 2023 19:16:20 GMT
x-amz-request-id: 87ZMH8RH0D8VZXGF
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1094
x-amz-id-2: Lt5AgkCax7VaO938x0/KPePc4XkKTsmu8umdNbeY21eT7ZKVdI/nHfiYNgrACjuhbtHTv3UV80o=
x-served-by: cache-hhn-etou8220060-HHN
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
server: AmazonS3
x-timer: S1676920580.308247,VS0,VE0
etag: "dd573d973dfb2a2559befdfb616d511d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11144

GET
H2 200 lazy-loader.48127245-1225.min.js Show response
js-agent.newrelic.com/ 2 KB
725 B 29ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a8356d715c4bd117081a0893777439ce054bbd692b8426505d358b93c1d9a7a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: x72sIi24uKUpr9UhD5QY7PCKtNgMfeY4
content-encoding: gzip
via: 1.1 varnish
date: Mon, 20 Feb 2023 19:16:20 GMT
x-amz-request-id: ZFPVBT3GMQ3HSS9D
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 520
x-amz-id-2: 9vR0mJ3gYJ6akDVLAkAPpGgWPRfd/tfJUpaD/8399EbadQFN7DKBYnnjptyqgJuZLzsVU2uWniQ=
x-served-by: cache-hhn-etou8220060-HHN
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
server: AmazonS3
x-timer: S1676920580.308233,VS0,VE0
etag: "a3759bbbd15fffd73531bda1e8166ae7"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11097

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 182ms
173ms Script
application/javascript 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=63f3c7031e98ef24&bkl=0&bl=1&pdt=6227&sid=63f3c7031e98ef24&pub=&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.proofpoint.com&fp=us%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=0&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1676920580298&jsl=8193&uvs=63f3c703344359c5000&skipb=1&callback=addthis.cbs.jsonp__70062517302450260
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1676920578524
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-206-208-114.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7ae84ab3a4eccd5d796196d3ab71c34944493345c0c293d0c1af42ca2802fa38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:20 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 4C9A 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 0741 71 KB
26 KB 49ms
49ms Document
text/html 23.206.208.114
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1676920578524

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.206.208.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-206-208-114.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Mon, 20 Feb 2023 19:16:20 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 217ms
198ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=6a5c1d8b-c435-4d3a-8f49-c89366e08ab5&session=dc2c472b-8a47-494e-8acc-e6a6c6c4a42e&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2020%20Feb%202023%2019%3A16%3A18%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2020%20Feb%202023%2019%3A16%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2276d4adecd2340b300ba5d4296ecef89d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2020%20Feb%202023%2019%3A16%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22cf897ce61a58c53c1861f742ebebc2622f6b0fcf%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2020%20Feb%202023%2019%3A16%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2020%20Feb%202023%2019%3A16%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2020%20Feb%202023%2019%3A16%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=afe27336-96ea-44c9-864d-4b91cd3846ea&an_uid=8071638764689695959

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:20 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 118.d37755e4-1225.min.js Show response
js-agent.newrelic.com/ 8 KB
4 KB 7ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/118.d37755e4-1225.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c94b68341f642fc63f7f5b385f1d08434c533a5f113415f82d5786de36d9a709

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: 8iuwUwYODDWrlAN7lGJW4CKaVaPtd.FC
content-encoding: gzip
via: 1.1 varnish
date: Mon, 20 Feb 2023 19:16:20 GMT
x-amz-request-id: N4PBCM13EVY56HT8
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 3412
x-amz-id-2: 1HNNpatjy7/7YqsYpClx49CzurfQru47SPgczm5HuIaW77KXyAcNiAvyq1tDyI2zkt9HlIYyruY=
x-served-by: cache-hhn-etou8220060-HHN
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
server: AmazonS3
x-timer: S1676920580.317233,VS0,VE0
etag: "9c8a05b5703a1c30e0418f9ba42337df"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11060

GET
H2 200 page_view_event-aggregate.29613e65-1225.min.js Show response
js-agent.newrelic.com/ 4 KB
2 KB 7ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/page_view_event-aggregate.29613e65-1225.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ce1fe34f915fd2ff5c44d4541dad55a7bf416d55e2f9d6dc5c4a28d6c4ae3a2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: Q2wYJMaFVSMNo7QiSpnsS727o5X3kt_1
content-encoding: gzip
via: 1.1 varnish
date: Mon, 20 Feb 2023 19:16:20 GMT
x-amz-request-id: 11K6QQ36A62DGVY1
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1682
x-amz-id-2: wCJv5IK1f2opSUJXWvx0bM26l6jdns6m7Sva/xcSSuQc+8SOvEYynqynZQjhagMdvjAPksyDgYE=
x-served-by: cache-hhn-etou8220060-HHN
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
server: AmazonS3
x-timer: S1676920580.318084,VS0,VE0
etag: "0743ee0ec30428f3654ee07d779efb64"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11087

GET
H2 200 page_view_timing-aggregate.e791ce32-1225.min.js Show response
js-agent.newrelic.com/ 5 KB
3 KB 7ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/page_view_timing-aggregate.e791ce32-1225.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5251292502f489870fd167ed3da10585b68bfc903dbcc086c8729b35f00a60aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: 5Hc0bLUe_lA8zF4035AV9Xl5FkevBdYq
content-encoding: gzip
via: 1.1 varnish
date: Mon, 20 Feb 2023 19:16:20 GMT
x-amz-request-id: EJPNNHZE9GZ78260
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2248
x-amz-id-2: o+8w9WCqmiMkUuqZ1LnHxE+zzUijrQcYmxL/b/CQuLKIEQlZQTGzeHe6hp5ddCwFmpjGx3aNUGI=
x-served-by: cache-hhn-etou8220060-HHN
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
server: AmazonS3
x-timer: S1676920580.318106,VS0,VE0
etag: "84ba19034cf0206a49ecf68893086bdd"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11049

GET
H2 200 metrics-aggregate.b4a54ed9-1225.min.js Show response
js-agent.newrelic.com/ 1 KB
934 B 7ms
7ms Script
application/javascript 151.101.130.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/metrics-aggregate.b4a54ed9-1225.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7168fe91c0a2521e7f93b29b1cde798db4859202d2ea5c798ee40a79b69ef969

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: 0sI71h2BU2Q4FabSOYi.9wzegJNG1fuh
content-encoding: gzip
via: 1.1 varnish
date: Mon, 20 Feb 2023 19:16:20 GMT
x-amz-request-id: XZ4XJ30TRZ2RES1C
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 730
x-amz-id-2: 3Dt653pVx/94FdAbbwe0sJsYHCqc8U3Xxo+YmC4eqcyMB0M+OkapA5KL+Asx6hpe60tqdDtnkns=
x-served-by: cache-hhn-etou8220060-HHN
last-modified: Fri, 10 Feb 2023 20:23:02 GMT
server: AmazonS3
x-timer: S1676920580.318119,VS0,VE0
etag: "395608505dac1e4fbe08bd146e09f5c0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 11056

GET
H/1.1 200
OK 0ae22ad83e Show response
bam.nr-data.net/1/ 49 B
518 B 319ms
241ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/0ae22ad83e?a=573869349&v=1225.PROD&to=bgQBYERQXBBWVBFbDldOIldCWF0NGEcEVQRmAgJXXlQ%3D&rst=7191&ck=0&s=74074ddbfdf67b76&ref=https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware&ap=43&be=3546&fe=3602&dc=2621&perf=%7B%22timing%22:%7B%22of%22:1676920573136,%22n%22:0,%22r%22:0,%22re%22:2190,%22f%22:2190,%22dn%22:2191,%22dne%22:2191,%22c%22:2191,%22s%22:2372,%22ce%22:2554,%22rq%22:2554,%22rp%22:3359,%22rpe%22:3541,%22dl%22:3361,%22di%22:6167,%22ds%22:6167,%22de%22:6232,%22dc%22:7131,%22l%22:7147,%22le%22:7166%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=5297&fcp=5297&at=QkMCFgxKTx4%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Apex, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Mon, 20 Feb 2023 19:16:20 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
access-control-allow-credentials: true
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
CF-Ray: 79c9937b8ad63664-FRA

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 196ms
196ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=6a5c1d8b-c435-4d3a-8f49-c89366e08ab5&session=dc2c472b-8a47-494e-8acc-e6a6c6c4a42e&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A20%3A3c00%3A1012%3A9fc%3Af79%3A2898%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&pageViewId=afe27336-96ea-44c9-864d-4b91cd3846ea&an_uid=8071638764689695959

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:20 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 runtime~main.f28524d3.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 6 KB
3 KB 9ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd8c7f7aae00c226824b8caad79b25703a1b017f6034e11ac53a4fa3dd564b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 17:14:52 GMT
x-amz-version-id: kd17yzt.94F43DDJ5FwwRFZj9O5Kj1p6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 352888
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 16 Feb 2023 17:02:31 GMT
server: istio-envoy
etag: W/"33b3081afd797e9b0eaa1bd3a7ffadd3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tDSXmYQnAn79RafF25U4qFd1VReukcwm65eBRcq6PDptvxospe2tDw==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 35 KB
13 KB 9ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: JKKo6ErNrTe3bA0p84W7WUlbkpQHsmMAmquarQjATJGd3fv_b8vucw==

GET
H2 200 main~493df0b3.6a8a7bc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 7 KB
3 KB 10ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.6a8a7bc7.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5ccd2287af72e2d56e11ebfcdb02dede2b9e39277e121ca53cbfbcc9cb529d3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:25 GMT
x-amz-version-id: pqJrRdr9rCUt5d48MN3IAyIbN5cCPBJp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 445855
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Wed, 15 Feb 2023 15:10:14 GMT
server: istio-envoy
etag: W/"f0643a140ae55663635d2a3849d7a9ab"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vbjLUbj2O1bym9c26O4zPkZTCVp7iUXfjhYXY7hjm1Byhl81CBGIng==

GET
H2 200 runtime~main.f28524d3.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 6 KB
3 KB 7ms
6ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd8c7f7aae00c226824b8caad79b25703a1b017f6034e11ac53a4fa3dd564b1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 17:14:52 GMT
x-amz-version-id: kd17yzt.94F43DDJ5FwwRFZj9O5Kj1p6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 352888
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 16 Feb 2023 17:02:31 GMT
server: istio-envoy
etag: W/"33b3081afd797e9b0eaa1bd3a7ffadd3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kbPJsuqoUhWpUDtlMoOqdQ1oqPG5P3paIyiELVX28sUDH6q6OtkQiA==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 35 KB
13 KB 8ms
7ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 81wtKr_Bf6TDIz_xpcpxxlAUHllECqcWEwxJ7KgoV16cycaMTI2-DA==

GET
H2 200 main~493df0b3.6a8a7bc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 7 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.6a8a7bc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5ccd2287af72e2d56e11ebfcdb02dede2b9e39277e121ca53cbfbcc9cb529d3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:25 GMT
x-amz-version-id: pqJrRdr9rCUt5d48MN3IAyIbN5cCPBJp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 445855
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Wed, 15 Feb 2023 15:10:14 GMT
server: istio-envoy
etag: W/"f0643a140ae55663635d2a3849d7a9ab"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: t6VK84fC8ccH96thmMsUjg8Big_p4YJjl9sryJXePwH46h0SAxX5AA==

GET
H2 200 52.b1edaf4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 23 KB
8 KB 10ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: TtzAkuiFg5ajpar.KJembGW97mIyyYtK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"cd29b9bc973e48a7fcd0ee7153bdf03b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: tihU3xs4OQFgxFe6Y91h-hiG3LL26-aJ1wHfLod0AX-NBrrHjhefHw==

GET
H2 200 36.b49bf23f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 36 KB
10 KB 10ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: SWSsVLzyOcOhQhmvR.pbvKyQeo7W0A10
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"4ae92c53ef226eb2a201fc855ccb7835"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: LVc_U0SCkVlnB0Dcy9-PbELTlcKZyQ6Zvc8SQmn7cDePty8xqzHR-Q==

GET
H2 200 25.22647a55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 32 KB
11 KB 11ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.22647a55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 3Dq5XEj76miHFBtzwx_L1gh4_UbdDQYk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"2ce6c446f71a395ff41647c9ba4b9c19"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: RGPmRKCFUuH353wTRDdbvbz7QBdm5H17TA-p4ENtuCwt-1LmQw01Rw==

GET
H2 200 20.2ffef383.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 17 KB
6 KB 11ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: Sl_LzJMe7m6MkWEK9Fxqk3gRf.6SeAYu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"ec6e94b6cea3a27506634867a8009ded"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SSEWYnM6_pu73krzIX3bZl83mpWNQvsG9FKJtTlGIHdRcHsrz0IODg==

GET
H2 200 42.67956b13.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 25 KB
8 KB 12ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.67956b13.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:25 GMT
x-amz-version-id: LwoHxJH_FBDxYvxZo.xGVaPPrUBqnUk_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 445854
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Wed, 15 Feb 2023 15:10:12 GMT
server: istio-envoy
etag: W/"d53cdfd4559700cfe085380882a8e897"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3lALERpWWvSynT8uu82nidKFbyUYGS1kIZJzQHUaymsie4O3zsWaZg==

GET
H2 200 21.b3438b1b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 74 KB
23 KB 14ms
12ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b3438b1b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:25 GMT
x-amz-version-id: VElN.rYQUfZc8FwuS3oQUAN0Q9xeEifo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 445854
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Wed, 15 Feb 2023 15:10:12 GMT
server: istio-envoy
etag: W/"10e1bfa61646f14df045c581bc9410fd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jiWSqL87T4GNPpjGwLGp0L_tcJlYealuruO8QmknnTHNkRNL-PXfrg==

GET
H2 200 27.f44ab9c1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 59 KB
19 KB 15ms
13ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.f44ab9c1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a04ca4a38cfded547daa7993112f5dcc2fbdf13f93b968d676e1313e8d8e98f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: wrgwLo8Ut7GsYvCwhzW617Km3EuBTw6K
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"768714622a8a2db20ece85777ba47642"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0rtUMJ_KMKtP56GUlovLs3V6ljWQ_fapmAELkbx56UH6ONcxoL6kLw==

GET
H2 200 15.699b0dc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 91 KB
28 KB 16ms
15ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: jUF4GGgcG34JdLv0MHXRHyWvmwH3OQeO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"43d1442a9d30453da9eaeb12b9daafff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OmajCFFUwdotY8QrqsGTrPRjGhgtCFLe-n0nlZbxB_UXO0P85Xc8BQ==

GET
H2 200 12.d33926cb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 23 KB
7 KB 17ms
15ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: KyS4g55V4uBz7fjaZ0R1pHyOHsEBkZV6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"bdcb035523ec144399213aa65a8430ff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Q8XWDWGX2ZQJ6_nrJG99OqVSOjp03SLd4qr9X1Uj32CPE3PwsAQR3A==

GET
H2 200 19.8e79a39a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 62 KB
20 KB 18ms
17ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 04:02:34 GMT
x-amz-version-id: bwRea7wDCbR4ncTw_WLwO3izZD3MoPy9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 659626
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 42
last-modified: Fri, 10 Feb 2023 18:18:27 GMT
server: istio-envoy
etag: W/"c478a5bb4d7885e2b9250c6beeb4fd6d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xR2EBu33uKZMcQpPMMTZAHNk5WNAZz-2FwR2RzJPwSlU68xWP9ikUg==

GET
H2 200 50.de3b5864.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 105 KB
34 KB 19ms
18ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 1DnDsXjV5U2x4yjXf3GCnDIDPlyIffBu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"114785899ceb423273fcc17aaad202e9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: L2-llR_2LQG1mSqDtF9tySuLCrcO9de9i7bDbnYJVTBRbhUYuQNW9w==

GET
H2 200 41.a1867ad4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 12 KB
4 KB 20ms
19ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: X151O2if9SUzZhsBRIHlOqKUakbFDRo_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"299dd262bf32831c99dc78a9c5b5ca43"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: juOhve0IUSUaJ2FQhtuuTyVcTyNdigXabk6Mt8KfHRPJutHQs335_g==

GET
H2 200 30.57dfb56c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 13 KB
6 KB 20ms
19ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: PRu.RNHym52TA_hlIcQB1Vv5VUA1vVKS
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"b8addee34a5cd2241740a2e3094039b3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Fr5WobuzAVtijxvVm_27TPZIP745QOCRaRGykGPjmExtjYfW26Owaw==

GET
H2 200 22.4cb40074.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 17 KB
7 KB 21ms
20ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.4cb40074.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:26 GMT
x-amz-version-id: ykeUDE2sWwwza8uCQZo8fLwm_hGj240R
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 445854
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 39
last-modified: Wed, 15 Feb 2023 15:10:12 GMT
server: istio-envoy
etag: W/"6cf24f8ea74f43662c776ce6af09d469"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lTVC6L5ZEyVB9sapFAlQuSgWADP1g_i5Gw0pOC8JksSCkdUeS0B0Xg==

GET
H2 200 10.18bfca70.chunk.css
js.driftt.com/core/assets/css/ Frame 10E0 14 KB
3 KB 21ms
20ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/10.18bfca70.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: W.Ed7skdAN0dSG59eVgsVvIsNBx.BMsL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"dd670379de64b0621ee84574f3b8e73d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HSBLeg607_WUsXwvWuGl6scebNuaiBXZ11rkT-mnsYYKG1NDHu70-w==

GET
H2 200 10.b76eb677.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 79 KB
25 KB 21ms
20ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.b76eb677.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c878baf3b2bee3185daa3b0812e979a96e077fdf924b536f6c3e7e373882aa1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:44:11 GMT
x-amz-version-id: Fcq2O7wHOQRvkyxIvw6HFTAA4EV_e5Q7
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433929
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Wed, 15 Feb 2023 18:18:24 GMT
server: istio-envoy
etag: W/"cbc9a75b208589ec9edc4611d5aaf6ae"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xk52a-F3iU4vJF04o82-tZ8jXTigzwp_W8SMTW8DuhFebFF75LYRiw==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 10E0 24 B
696 B 22ms
21ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 20:13:51 GMT
x-amz-version-id: eR0JFDWwyA3gsnd_XajqmmtDUbC85CBL
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 2156549
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 24
last-modified: Tue, 11 Oct 2022 19:09:27 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: eJMcKCGK95T1n5qL8GP1SwskUsDXF2qkumeYcOkaxK9hawj8b4TMFA==

GET
H2 200 17.2d19c66a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 89 KB
23 KB 22ms
22ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.2d19c66a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a4ea37f8af67e84a4d330d3ccfb44eab01c877d0c4100c48c67ea57f1663552c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:44:11 GMT
x-amz-version-id: ik3ByTJPnYyhtI0DOm2S_2nEjNOtG0Ct
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433929
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Wed, 15 Feb 2023 18:18:25 GMT
server: istio-envoy
etag: W/"4de3ff81b975e5a8a5f39e782840df52"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _I9CO7dQ96Oh1uIH-EQTdcDCPbE9Qp5OMVFUYCfDrYM9J677jf2pNQ==

GET
H2 200 26.804680a6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 50 KB
14 KB 23ms
23ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.804680a6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

672e9b04f273c7bc6b2b23413d590fa1ac1aec88429f4d73998a7cbfbae5bbe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 17:14:52 GMT
x-amz-version-id: pfpspt3Jz6W..QQ5vkwVPcMWjcOyyF7H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 352888
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 16 Feb 2023 17:02:28 GMT
server: istio-envoy
etag: W/"4150cb239859b4872dfc55d0064ba661"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CAkAk6HMkfZ94yFlp4X3UpNvG-syexNgznc41ZTk_i6Va3B1y_ODfw==

GET
H2 200 18.34dac473.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 40 KB
13 KB 24ms
24ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.34dac473.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5d959e050c61344f264ee87cf81e9ffd30cb5ad5b5ae749218e9360a6403c1e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 17:14:52 GMT
x-amz-version-id: lv3aFKpN07qrROaTanaC4C4GvuUpSYk3
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 352888
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 16 Feb 2023 17:02:28 GMT
server: istio-envoy
etag: W/"084fc6a6981258c55945f0f6ddf4a771"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: nuzMaSh7o2r6-7OrGjyyUj3lYwwMKtwlYoRjpMNrJbw0DfwRbmv0sQ==

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 746 B
586 B 23ms
9ms XHR
application/json 3.126.151.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.151.226 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-151-226.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 9b2dc2a6592abd91e0dee577ef85461138e643d96bf3f3756f7c6d856d8d5e8b

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
Authorization: Token cf897ce61a58c53c1861f742ebebc2622f6b0fcf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:20 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
content-length: 399

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 44ms
6ms Preflight 3.126.151.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.126.151.226 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-126-151-226.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.proofpoint.com
access-control-max-age: 1800
date: Mon, 20 Feb 2023 19:16:20 GMT
server: nginx

GET
H2 200 52.b1edaf4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 23 KB
8 KB 20ms
12ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: TtzAkuiFg5ajpar.KJembGW97mIyyYtK
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"cd29b9bc973e48a7fcd0ee7153bdf03b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: je7QHQZaZzv4ANfJNjopHRdlMG_1LU3_eWcEh3LohYgls5ZT82wtDQ==

GET
H2 200 36.b49bf23f.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 36 KB
10 KB 22ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/36.b49bf23f.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: SWSsVLzyOcOhQhmvR.pbvKyQeo7W0A10
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"4ae92c53ef226eb2a201fc855ccb7835"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cbY95kF-5E0zvq0chgwLP9SLvzK1_YCKsL5mVKricSdmR-_Vja7APg==

GET
H2 200 25.22647a55.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 32 KB
11 KB 23ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.22647a55.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 3Dq5XEj76miHFBtzwx_L1gh4_UbdDQYk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"2ce6c446f71a395ff41647c9ba4b9c19"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Xw6ZSlDhWsc1f19PEjCzVRMnPN7vFWuhNoVm_oBHIgoUxG9xWJZdRw==

GET
H2 200 20.2ffef383.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 17 KB
6 KB 23ms
11ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.2ffef383.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: Sl_LzJMe7m6MkWEK9Fxqk3gRf.6SeAYu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"ec6e94b6cea3a27506634867a8009ded"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dVbrSq7Jzwu9Y0iAPW7zjZfoCHXpP90Gt0cmVZZjdGquvpXMGYZoBg==

GET
H2 200 42.67956b13.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 25 KB
8 KB 23ms
11ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/42.67956b13.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:25 GMT
x-amz-version-id: LwoHxJH_FBDxYvxZo.xGVaPPrUBqnUk_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 445854
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Wed, 15 Feb 2023 15:10:12 GMT
server: istio-envoy
etag: W/"d53cdfd4559700cfe085380882a8e897"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3Ae3Ijw1YtuGqiyL9afKqYUzBnmxQnW8PKruCLVLHs2zMVlblabHAQ==

GET
H2 200 21.b3438b1b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 74 KB
23 KB 24ms
12ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b3438b1b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:25 GMT
x-amz-version-id: VElN.rYQUfZc8FwuS3oQUAN0Q9xeEifo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 445854
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Wed, 15 Feb 2023 15:10:12 GMT
server: istio-envoy
etag: W/"10e1bfa61646f14df045c581bc9410fd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mhFUx0UDbRAZfMDnN4hmXB5x7TmHmUiVcGBfccRsXgrpQJF078BX8g==

GET
H2 200 27.f44ab9c1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 59 KB
19 KB 25ms
13ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.f44ab9c1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a04ca4a38cfded547daa7993112f5dcc2fbdf13f93b968d676e1313e8d8e98f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: wrgwLo8Ut7GsYvCwhzW617Km3EuBTw6K
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"768714622a8a2db20ece85777ba47642"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1k4W0GDpj-dpmADbRaQ38hlMHyQJJPGZXNFOEKelJKTd7Wl7Aj5d8A==

GET
H2 200 15.699b0dc7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 91 KB
28 KB 26ms
14ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.699b0dc7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: jUF4GGgcG34JdLv0MHXRHyWvmwH3OQeO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"43d1442a9d30453da9eaeb12b9daafff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ty4b8iY3HtEKrV1yoFP3VY4p4lk2u7HZ6ZNaNROHZn6844KMWoqFjg==

GET
H2 200 12.d33926cb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 23 KB
7 KB 23ms
14ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/12.d33926cb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: KyS4g55V4uBz7fjaZ0R1pHyOHsEBkZV6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 27 Jan 2023 17:00:20 GMT
server: istio-envoy
etag: W/"bdcb035523ec144399213aa65a8430ff"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BO3JfL2tFbXs2en6zlsNwU7pyCOkOsSY2uvCPrulQ8rS_0DWzuBXjA==

GET
H2 200 19.8e79a39a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 62 KB
20 KB 24ms
15ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.8e79a39a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 13 Feb 2023 04:02:34 GMT
x-amz-version-id: bwRea7wDCbR4ncTw_WLwO3izZD3MoPy9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 659626
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 42
last-modified: Fri, 10 Feb 2023 18:18:27 GMT
server: istio-envoy
etag: W/"c478a5bb4d7885e2b9250c6beeb4fd6d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: zMGhkaNUvTLCjIqDgOK2TX2IlHH07ptYnNpzrhaOnf1fk9u5_fp2Wg==

GET
H2 200 50.de3b5864.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 105 KB
34 KB 25ms
16ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/50.de3b5864.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: 1DnDsXjV5U2x4yjXf3GCnDIDPlyIffBu
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"114785899ceb423273fcc17aaad202e9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: x-GTl1PDKjbUkvnIOLURfl3ULFz4oszzf0BsqoFP-WxlTyg9YXt-Zw==

GET
H2 200 41.a1867ad4.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 12 KB
4 KB 25ms
17ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.a1867ad4.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: X151O2if9SUzZhsBRIHlOqKUakbFDRo_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"299dd262bf32831c99dc78a9c5b5ca43"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XZlOrjDYXeeIKjTr-pY9FG4VEHjHk0KaytM9utpECKTKcLHwB5N-DA==

GET
H2 200 30.57dfb56c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 13 KB
6 KB 26ms
18ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/30.57dfb56c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: PRu.RNHym52TA_hlIcQB1Vv5VUA1vVKS
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080284
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"b8addee34a5cd2241740a2e3094039b3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NFSXRHPA_-7M_DXvM9HxGX9uuKuBm2l_1uwTCc9PVvduYCeGA61k_A==

GET
H2 200 22.4cb40074.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 17 KB
7 KB 26ms
18ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.4cb40074.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:26 GMT
x-amz-version-id: ykeUDE2sWwwza8uCQZo8fLwm_hGj240R
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 445854
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 39
last-modified: Wed, 15 Feb 2023 15:10:12 GMT
server: istio-envoy
etag: W/"6cf24f8ea74f43662c776ce6af09d469"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fSz5M1Wnhin4B-LMQsSoLO6LMzfWr79FKtmCrm48tXv1IvXgRYM4sQ==

GET
H2 200 10.18bfca70.chunk.css
js.driftt.com/core/assets/css/ Frame 4BCF 14 KB
3 KB 16ms
8ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/10.18bfca70.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: W.Ed7skdAN0dSG59eVgsVvIsNBx.BMsL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"dd670379de64b0621ee84574f3b8e73d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rpBIRxArCazWE2SjZIJDmtuUq1gBVxuB_dTs_qhsSUPBBxa69kCuig==

GET
H2 200 10.b76eb677.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 79 KB
25 KB 27ms
19ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/10.b76eb677.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c878baf3b2bee3185daa3b0812e979a96e077fdf924b536f6c3e7e373882aa1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:44:11 GMT
x-amz-version-id: Fcq2O7wHOQRvkyxIvw6HFTAA4EV_e5Q7
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433929
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Wed, 15 Feb 2023 18:18:24 GMT
server: istio-envoy
etag: W/"cbc9a75b208589ec9edc4611d5aaf6ae"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HnFyVFNIiKvOW-bdRL2rVgud1KbFV-Q-b7O_ZP6pozXnkz22XwOLAA==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 4BCF 24 B
697 B 16ms
9ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 26 Jan 2023 20:13:51 GMT
x-amz-version-id: eR0JFDWwyA3gsnd_XajqmmtDUbC85CBL
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 2156549
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
content-length: 24
last-modified: Tue, 11 Oct 2022 19:09:27 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ui7TkNoTGHqoxILtXR6DJXNniKqExAsXjSoBrbnDVt43fkFNwFkOnA==

GET
H2 200 17.2d19c66a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 89 KB
23 KB 27ms
20ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.2d19c66a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a4ea37f8af67e84a4d330d3ccfb44eab01c877d0c4100c48c67ea57f1663552c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:44:11 GMT
x-amz-version-id: ik3ByTJPnYyhtI0DOm2S_2nEjNOtG0Ct
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433929
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Wed, 15 Feb 2023 18:18:25 GMT
server: istio-envoy
etag: W/"4de3ff81b975e5a8a5f39e782840df52"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: GSdJdDSS4l34FzUyqz36V5nb0BMbgDm-1IOdFBEzAt-ruoHcrSajBg==

GET
H2 200 26.804680a6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 50 KB
14 KB 28ms
20ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.804680a6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

672e9b04f273c7bc6b2b23413d590fa1ac1aec88429f4d73998a7cbfbae5bbe5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 17:14:52 GMT
x-amz-version-id: pfpspt3Jz6W..QQ5vkwVPcMWjcOyyF7H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 352888
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Thu, 16 Feb 2023 17:02:28 GMT
server: istio-envoy
etag: W/"4150cb239859b4872dfc55d0064ba661"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8W1DLJ75-11rZnvwISgMzWnjKA2iXFac-M0SAEjfXi3SRHrtO3jK0g==

GET
H2 200 18.34dac473.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 40 KB
13 KB 29ms
22ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.34dac473.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5d959e050c61344f264ee87cf81e9ffd30cb5ad5b5ae749218e9360a6403c1e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 17:14:52 GMT
x-amz-version-id: lv3aFKpN07qrROaTanaC4C4GvuUpSYk3
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 352888
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 16 Feb 2023 17:02:28 GMT
server: istio-envoy
etag: W/"084fc6a6981258c55945f0f6ddf4a771"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: f75XINaMEoON8TuBEJZ8kP0w1tAt7DeI29oTkwkrxPPCzzR33Bp4CA==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 9 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 03:20:43 GMT
x-amz-version-id: bxbBo6tiShmSVkJPl3yRp.s0jVilttxU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2044537
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Fri, 27 Jan 2023 17:00:19 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MlOvoRKBTeWRpZmJcNtB0KJOO7oJmYZJHnIOxdDk9DOdgWzg0WE5GA==

GET
H2 200 28.01a0fe87.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 35 KB
10 KB 10ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.01a0fe87.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: oCx9yWccW.dlty4hHqWiey7h_DwTeEBh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"0ad089f0617a0fa8014a23c2afa90ddd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KXDX4I2yYr6f0Vb0-TkKYB3C4sQ2VUeDe6pQZHdsO_FRKRoj2mTjtQ==

GET
H2 200 29.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame 10E0 8 KB
2 KB 9ms
8ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/29.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: qzro7282BXz7SnLdWr3hLeI1pZAqJ2A1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9ewfSTbxWkTmAvcoTyo3GSE9wEAZA1we7fd_NWm4aKhlOG5ehbRYGg==

GET
H2 200 29.e1a4ff99.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 14 KB
6 KB 11ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.e1a4ff99.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

01db0d203405ed4ec9c98bdcb0db8781188bcf88582788fb0e1c3c92c3e24f4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:44:12 GMT
x-amz-version-id: wkdbw8qtPlaabmxKODiZTD6dxLLQ34XZ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433928
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 23
last-modified: Wed, 15 Feb 2023 18:18:25 GMT
server: istio-envoy
etag: W/"deee6d1dc2f18623bf7e1f6bbb50a94e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uTer4qzWl3ODGemd8CN7ct05xn53sHHXq-zo7nXp9CLLx-aHGvFL_Q==

GET
H2 200 23.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 10E0 365 B
1 KB 9ms
9ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/23.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 15:25:26 GMT
x-amz-version-id: JFaqZy69NwkYwPRskCJMqjuf0WwUdgeN
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 445854
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
content-length: 365
last-modified: Wed, 15 Feb 2023 15:10:08 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Av6p81x2OMYk8GfMpx-XqhMejpzSOim_yed9YneYCioY2yhpAQTEhA==

GET
H2 200 23.1c26597e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 10E0 90 KB
25 KB 11ms
11ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/23.1c26597e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

af5b0b20321a33d0b6e139babf5aa8c775dff093cb035f24c1caeae16a9cf784

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=2e1f1a6f-2702-49f7-92a0-dec76419996b&sessionStarted=1676920580.271&campaignRefreshToken=eca862a1-3dbc-45b7-a202-aaa6bd51336c&hideController=false&pageLoadStartTime=1676920576677&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 00:06:27 GMT
x-amz-version-id: Jgyjp1qJtdFKSj8y4xwuXMW.KS3jNgyD
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 414593
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Wed, 15 Feb 2023 23:10:27 GMT
server: istio-envoy
etag: W/"c413e017bebe8cadf301a83ef747eb00"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: y0sXz2MTAFRYmxmvgcY8Q4flgzVMM0NuRHdYIcdveKmtGTG7YfU79g==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1643854783&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&ul=en-us&de=UTF-8&dt=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABAAAAACAEK~&jid=&gjid=&cid=1408794318.1676920577&tid=UA-2257074-1&_gid=779092280.1676920577&gtm=45He32f0n81MGR7P8X&cd19=1408794318.1676920577&cd2=&cd3=&cd5=&cd6=&cd10=Frankfurt%20am%20Main&cd11=Hesse&cd12=Germany&cd17=&z=1973530527

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 00:56:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 65994
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 38.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 4BCF 3 KB
1 KB 7ms
7ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/38.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: hzHYKpyiaZmITNnBC_LqpsxusmNF7FFl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -IBoWaOaNPnj4SfoHV-nYpBdgZQgKz4kvcAT9ixKKMMHi1Y9s9SCbg==

GET
H2 200 38.627f88e6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 3 KB
2 KB 8ms
7ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/38.627f88e6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

43580e037fc59487c315cc0a33e1167f17c8430dd41aa375e21f4d6d325e8f28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: VrL4qVVdcSDrKVxDzMDZ1ibCwb1LgkQ.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"d03d4e13d59e06f8ec44e39d9d85fa54"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QdVIPZ1ZraImrs39abH4DQHg0dIgL4g5FCBo5JkRz19ySHWw8n8dFw==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 9 KB
3 KB 6ms
6ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 03:20:43 GMT
x-amz-version-id: bxbBo6tiShmSVkJPl3yRp.s0jVilttxU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2044537
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Fri, 27 Jan 2023 17:00:19 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XtyKMTGZ33YEUKGnN5XVRR34Q8aMqD5YHIUiZ-yV_rdcPa3mwfcpGQ==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 4BCF 7 KB
2 KB 7ms
6ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 10 Feb 2023 05:12:45 GMT
x-amz-version-id: gVdN1RDJQn3fgJjMXCjyl2aSPTHaRcFJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 914615
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 75
last-modified: Wed, 08 Feb 2023 18:35:23 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rbjb_0C2x9kUAfxxbf5va8tKpCSZ7tJR9oh53Fwkxw0obtiuDE5PJg==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 54 KB
15 KB 7ms
6ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sun, 15 Jan 2023 02:22:28 GMT
x-amz-version-id: XjyDJs7tJQ_66vN6EdQbFkXQ4j4BABRH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3171232
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Wed, 11 Jan 2023 18:48:21 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ad-G1Io3fDGesQqBgqhOtyxkqiW-_Qc8X2UbDt95Y37EuFCmN4p_UA==

GET
H2 200 1.5b69d480.chunk.css
js.driftt.com/core/assets/css/ Frame 4BCF 44 KB
7 KB 8ms
7ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.5b69d480.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

504ff3efe64294cb4fd8b982dadb288136e511a05d4b068356c371dc6057865f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 02 Feb 2023 15:28:31 GMT
x-amz-version-id: yFEFrbt3Vox_ceR8jg0L9VJqKO7sanHh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1568869
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 47
last-modified: Thu, 02 Feb 2023 14:58:15 GMT
server: istio-envoy
etag: W/"3237f71ac06bcb0447f60fe4b1d5948e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: B1sF4W6WnBXkvNh1gkXE-mMt7RZiKLjZzLfXs8rO3z9ZOBDPZYjrFQ==

GET
H2 200 1.24f0fded.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 54 KB
18 KB 8ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.24f0fded.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6556ae8681d92a9f36b8ad0cc99324bf66f58a72de301e3e8d3111f2763da457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:44:12 GMT
x-amz-version-id: PACtl77vzSIoWF597S6Kspns69JeHoaG
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433928
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Wed, 15 Feb 2023 18:18:24 GMT
server: istio-envoy
etag: W/"6e339cc2be7ba9014460db695dae5832"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mZazrD8TbRWPCk5RHf7tO-zqbhp8-tpIJnbZmZiKCu3kKVXFx7XPPQ==

GET
H2 200 4.ed93461c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 23 KB
10 KB 9ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.ed93461c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

07aa00aa3aa0d7f661d70680b81bb38d1af1160d7b8d391b1812a51070620535

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:44:12 GMT
x-amz-version-id: yVPbckZMywHJCh15VMsKBgjNpzoO6E7h
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 433928
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Wed, 15 Feb 2023 18:18:26 GMT
server: istio-envoy
etag: W/"9e6f90256eeae9f2d8530b147e4694e7"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QL2-a-Zbcja-QNlEE0Di1V25GaFIDWlz1NLnaiByr_bQicdLHNgLDQ==

GET
H2 200 35.a3318c5e.chunk.css
js.driftt.com/core/assets/css/ Frame 4BCF 14 KB
3 KB 10ms
9ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/35.a3318c5e.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: zduXhdkhoojuHNWfrJL3OG7UtCFvJe6h
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 27 Jan 2023 17:00:18 GMT
server: istio-envoy
etag: W/"b06e02b360914b25e58305b1b9b954dc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: F_8yz2xMaBnGfvWBikHDNbV2Zy-iujLpmzZjBwvbmttkwbxHJSOQnA==

GET
H2 200 35.2db13da8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 4BCF 12 KB
5 KB 10ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.2db13da8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.f28524d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7e05c4fabf6d02fa4c14937ca467cc7d4ebbb02f295e3cff6ba999e6369fc663

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1676920576677
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:57 GMT
x-amz-version-id: cZsJMbphr0g_Rs503LmupKJPT7bBS_rp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2080283
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Fri, 27 Jan 2023 17:00:21 GMT
server: istio-envoy
etag: W/"b335cb429753b2c3dabe45686f46aee9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xuS4z0_e58xj3X3Y_mUuyCQzxSbn4hj85VsJgMKgKbYPd6-xqa3htg==

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame 10E0 177 B
295 B 105ms
105ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

fa8c32e4cf3d3e6a515ed02bcb7c24c87a1371ff8b888ca12332e4da8e4c5e65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 20 Feb 2023 19:16:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: b9bdde0a7c7b9236
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 177

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 331ms
106ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 20 Feb 2023 19:16:20 GMT
requestid: drift7832c64424084a388ff6ed19f20
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 2

GET
H2 401 ip.json Show response
api.company-target.com/api/v2/ 12 B
512 B 54ms
38ms Fetch
text/plain 18.66.97.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v2/ip.json?key=79a80d0e3f65c8809c2d2c9dda90c2b5&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&page_title=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&referrer=

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1676920800000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-17.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:21 GMT
via: 1.1 4d0ae7ca3bb5e2d6eaa1450e1906adb4.cloudfront.net (CloudFront)
www-authenticate: DemandBase API v2
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-P2
x-cache: Error from cloudfront
request-id: 82b15fdc-e291-4c4c-ab05-16fe07737ef3
content-length: 12
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://www.proofpoint.com
access-control-expose-headers
vary: Origin
access-control-allow-credentials: true
x-amz-cf-id: X1ZAVY4DoAJWmifglaOo2AUqOs3GFV67Tt-dUj2HEwS5F_GOg8EOCg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 205ms
205ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:21 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je32f0&_p=1643854783&cid=1408794318.1676920577&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1676920576&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&dt=&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 20 Feb 2023 19:16:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 220ms
220ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:22 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame 10E0 25 B
89 B 116ms
115ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 20 Feb 2023 19:16:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 99b00a9ae37133fa
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 111ms
102ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 20 Feb 2023 19:16:23 GMT
requestid: drift46fff1048798ed5518670c3102a
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 193ms
193ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:23 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 188ms
188ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:24 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 230ms
229ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:25 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/add/ Frame 10E0 25 B
87 B 103ms
103ms XHR
application/json 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/52.b1edaf4a.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 20 Feb 2023 19:16:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 92125c39753dc0c9
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/add/ Frame 0
0 102ms
102ms Preflight
text/plain 3.94.218.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/add/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.94.218.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-94-218-138.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 20 Feb 2023 19:16:26 GMT
requestid: drift32583e8418dac1079435d46725d
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 205ms
205ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:26 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 267ms
266ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:27 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 190ms
190ms Image
image/gif 23.220.23.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.220.23.244 Paris, France, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-23-244.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 19:16:28 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

223 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

65 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.proofpoint.com/us/blog/threat-insight	1969-12-31 23:59:59	Name: hide_lang_switcher Value: 1
www.proofpoint.com/us/blog/threat-insight	1969-12-31 23:59:59	Name: pp_user_country Value: de
.proofpoint.com/	1970-01-20 18:34:02	Name: visid_incap_177663 Value: jrwaD7FwRZe65Xs7pB6ge/zG82MAAAAAQUIPAAAAAABIFw5bI+PTHvM/eiTMTclZ
.proofpoint.com/	1969-12-31 23:59:59	Name: incap_ses_6548_177663 Value: unp1F2EZQX3pgL6XfyvfWv7G82MAAAAA/tfYVQD4H8t5XMAMJzRo3g==
.proofpoint.com/	1970-01-20 11:58:16	Name: _gcl_au Value: 1.1.51911406.1676920577
.proofpoint.com/	1970-01-20 19:24:40	Name: _ga_B1V8SZE3GL Value: GS1.1.1676920576.1.1.1676920576.60.0.0
.proofpoint.com/	1970-01-20 19:24:40	Name: _ga Value: GA1.2.1408794318.1676920577
.proofpoint.com/	1970-01-20 09:50:06	Name: _gid Value: GA1.2.779092280.1676920577
.proofpoint.com/	1970-01-20 09:48:40	Name: _gat_UA-2257074-1 Value: 1
.app-abj.marketo.com/	1970-01-20 09:48:42	Name: __cf_bm Value: GTRTMRria_eiLzxzlgvZ_AccskwHlBU2PxQ3fA17sTw-1676920577-0-AdC056U3kGLXJIx7kTFSTst6/jK4sUsqnqZwe0/0ygGv/mKkyiaFU+71rsACFDyd32Z0CLk84fNfHvj1M5+0tik=
.proofpoint.com/	1970-01-20 18:35:42	Name: _vwo_uuid_v2 Value: D66DC7A060326F4AC8DBC759BBF9F957C\|130185cc28502dea6b3391c7440b01b9
.doubleclick.net/	1970-01-20 19:10:16	Name: IDE Value: AHWqTUnmxRGNCykMA7N8W1IS9IjH8JOiaVmBPwpvExEVOmp_aaC-v0CNzUJfE8WN
www.proofpoint.com/	1970-01-20 09:50:06	Name: ln_or Value: eyIxNjkyNTAsMzk1NTkzNywzOTc2MjEyIjoiZCJ9
.www.proofpoint.com/	1970-01-20 19:24:40	Name: _rtfl_s_handshake_guid Value: 8c6c81ef-98c0-4437-b358-f8fb51970a50
ads.avct.cloud/	1970-01-20 18:34:16	Name: uuid Value: 61a00ea8-0eca-4610-ac5a-9f2b6bd5963a
.techtarget.com/	1970-01-20 09:48:42	Name: __cf_bm Value: PIOlwjSQw41k8q9.BGHdWOjuY6sPMKyTBAIBSeHXgGc-1676920578-0-ARx47uL8vYEpe2Zt1sQKJB0UaqGUe+aheBbIFS5rm5+9JXzZ5FMfBiVerK6Xxe0oaLuwZEAPBn59U9JLCFjFjwg=
.adnxs.com/	1970-01-20 11:58:16	Name: uuid2 Value: 8071638764689695959
.proofpoint.com/	1970-01-20 19:24:40	Name: _mkto_trk Value: id:309-RHV-619&token:_mch-proofpoint.com-1676920578882-56945
tracking.g2crowd.com/	1970-01-20 10:08:50	Name: _session_id Value: d86f1c72f97aea29c68c79bcf221abaf
.g2crowd.com/	1970-01-20 09:48:42	Name: __cf_bm Value: fLLNMhO5EoG6jycRDM._FSHGdNKffkBA77H6oUW58ak-1676920578-0-AdFXWfHU8rj1PxaPo1y/vtmzDDndwLce890zio0Jtg9Up2NauePbOjhwSihIG7YJIijisvdP+ZACDENSW1I5ZAg=
.proofpoint.com/	1970-01-20 11:58:16	Name: _fbp Value: fb.1.1676920579001.741986432
tags.srv.stackadapt.com/	1970-01-20 18:34:16	Name: sa-user-id Value: s%3A0-a20d3e4a-c66b-4e68-5c35-fbd48ad14876.s2SIOWLoUFskqBNMbDz9LJnEQoeOt9s4Q8aWQBWuKys
.srv.stackadapt.com/	1970-01-20 18:34:16	Name: sa-user-id-v2 Value: s%3Aog0-SsZrTmhcNfvUitFIdtmKwqM.7qGAttDHQwNPRSAVrCtJiK6y7VR5bDkLUM8DYEoiiLo
www.proofpoint.com/	1970-01-20 18:34:16	Name: sa-user-id Value: s%253A0-a20d3e4a-c66b-4e68-5c35-fbd48ad14876.s2SIOWLoUFskqBNMbDz9LJnEQoeOt9s4Q8aWQBWuKys
www.proofpoint.com/	1970-01-20 18:34:16	Name: sa-user-id-v2 Value: s%253Aog0-SsZrTmhcNfvUitFIdtmKwqM.7qGAttDHQwNPRSAVrCtJiK6y7VR5bDkLUM8DYEoiiLo
gwmtracking.com/	1970-01-20 19:24:40	Name: kwsu Value: 63f3c7039b88041d4d7fda3a
.t.co/	1970-01-20 19:24:40	Name: muc_ads Value: ca244d62-8310-4969-a31b-5e9037be9782
.bidswitch.net/	1970-01-20 18:34:16	Name: tuuid Value: 0766015e-5ea0-464c-b468-db47f446032c
.bidswitch.net/	1970-01-20 18:34:16	Name: c Value: 1676920579
.bidswitch.net/	1970-01-20 18:34:16	Name: tuuid_lu Value: 1676920579
.twitter.com/	1970-01-20 19:24:40	Name: personalization_id Value: "v1_M+EqobeKpBSlMwMgx1wlvg=="
.linkedin.com/	1970-01-20 10:31:52	Name: UserMatchHistory Value: AQJdWEUshuq5xQAAAYZwQWTRLLyKT3CgPmn7CCGzqnGyUr36gST3CDjs3o9swg7wHfDD3DNi63Wq7A
.linkedin.com/	1970-01-20 10:31:52	Name: AnalyticsSyncHistory Value: AQKhHGdCJJ_WWgAAAYZwQWTRSQl3cOe4EyIBewAl9vU0EIPtPDU9ttT2_d-WGoqEDazZA1FXyyIqEatUMBadJw
.linkedin.com/	1970-01-20 18:34:16	Name: bcookie Value: "v=2&1be1a1a2-580c-4a1d-8110-851aebc9d38c"
.linkedin.com/	1970-01-20 09:50:06	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2714:u=1:x=1:i=1676920579:t=1677006979:v=2:sig=AQGLTtsiqKQ-tOf4z6PBdMfxcDrKJPno"
.proofpoint.com/	1970-01-20 09:50:06	Name: _uetsid Value: 0e04f210b15311eda6ced1fe1f0d9adc
.proofpoint.com/	1970-01-20 19:10:16	Name: _uetvid Value: 0e052710b15311edb66f99719234c3d4
.bing.com/	1970-01-20 19:10:16	Name: MUID Value: 316955903E326B0B0F4D472E3F326A92
.proofpoint.com/	1970-01-20 18:34:16	Name: _hjSessionUser_1456002 Value: eyJpZCI6Ijk0ZTQ3YWQ0LTM2ZjMtNTYzNS05ZjdmLTZmNGY5Yzg3NzM3YiIsImNyZWF0ZWQiOjE2NzY5MjA1Nzg5NjYsImV4aXN0aW5nIjpmYWxzZX0=
.proofpoint.com/	1970-01-20 09:48:42	Name: _hjFirstSeen Value: 1
.proofpoint.com/	1970-01-20 09:48:40	Name: _hjIncludedInSessionSample_1456002 Value: 0
.proofpoint.com/	1970-01-20 09:48:42	Name: _hjSession_1456002 Value: eyJpZCI6ImE1MzhiYzFjLTY0YjQtNDQwZS1hNjE3LTJjNDFhZDU4YTUzZCIsImNyZWF0ZWQiOjE2NzY5MjA1Nzk0NjgsImluU2FtcGxlIjpmYWxzZX0=
.proofpoint.com/	1970-01-20 09:48:42	Name: _hjAbsoluteSessionInProgress Value: 0
.www.linkedin.com/	1970-01-20 18:34:16	Name: bscookie Value: "v=1&202302201916199bada277-6bc4-4a34-8ebd-d9225a252523AQFdpJNLlDuWPdJ5LTLUlK68URXbqR_g"
.linkedin.com/	1970-01-20 14:07:52	Name: li_gc Value: MTswOzE2NzY5MjA1Nzk7MjswMjGZrPy/CShNXcux6BEucU8RL5H9aH/YLxxNlqFneto9mA==
.mathtag.com/	1970-01-20 19:14:35	Name: uuid Value: 6e1863f3-c703-4100-b6f3-abef5d01d524
.www.proofpoint.com/	1970-01-20 18:34:38	Name: __adroll_fpc Value: 33da703986076098f79d465244bc7e6c-1676920579725
.www.proofpoint.com/	1970-01-20 18:34:16	Name: __ar_v4 Value: %7C7YJ7XZCLMRHSVCXIHB5HIT%3A20230222%3A1%7CYV5KYXXEJZATZCT37YRTMK%3A20230222%3A1%7CT47Y2VPPABDUBJXFROMZZM%3A20230222%3A1
.adnxs.com/	1970-01-20 11:58:16	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2H`hFEW^!@wnfH1Ya.O4]7Q=EDhAm+%qP0t[u#j'i[`3Dvq$kChMu_iV2djFl0>if9X21UgjqjIV9A1r.rw0YG2P(hw9P-HC_#ty+F+BA.5
.d.adroll.com/	1970-01-20 19:17:28	Name: __adroll Value: 489adfa2463f6351224e51f50fdd278c-g_1676920579-a_1676920579
.adroll.com/	1970-01-20 19:17:28	Name: __adroll_shared Value: 489adfa2463f6351224e51f50fdd278c-g_1676920579-a_1676920579
.casalemedia.com/	1970-01-20 18:34:16	Name: CMID Value: Y-PHA081iv09H-DZSKBquAAA
.casalemedia.com/	1970-01-20 11:58:16	Name: CMPS Value: 1104
.casalemedia.com/	1970-01-20 11:58:16	Name: CMPRO Value: 1104
.pubmatic.com/	1970-01-20 11:58:16	Name: KRTBCOOKIE_10 Value: 22808-NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM&KRTB&22883-NDg5YWRmYTI0NjNmNjM1MTIyNGU1MWY1MGZkZDI3OGM
.pubmatic.com/	1970-01-20 10:31:52	Name: PugT Value: 1676920578
www.proofpoint.com/	1970-01-20 09:48:42	Name: drift_campaign_refresh Value: eca862a1-3dbc-45b7-a202-aaa6bd51336c
www.proofpoint.com/	1970-01-20 19:16:02	Name: __atuvc Value: 1%7C8
www.proofpoint.com/	1970-01-20 09:48:42	Name: __atuvs Value: 63f3c703344359c5000
www.proofpoint.com/	1970-01-20 09:58:45	Name: _an_uid Value: 8071638764689695959
www.proofpoint.com/	1970-01-20 19:24:40	Name: _gd_visitor Value: 6a5c1d8b-c435-4d3a-8f49-c89366e08ab5
www.proofpoint.com/	1970-01-20 09:48:54	Name: _gd_session Value: dc2c472b-8a47-494e-8acc-e6a6c6c4a42e
.addthis.com/	1970-01-20 19:16:02	Name: uvc Value: 1%7C8
.6sc.co/	1970-01-20 19:24:40	Name: 6suuid Value: 526ecc170b5a000004c7f36309020000bf77b600
.addthis.com/	1970-01-20 19:16:02	Name: loc Value: MDAwMDBFVURFTkkyMzMzMTg4NTAwMTAwMDBDSA==

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
javascript	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware(Line 1539) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/onenote-documents-increasingly-used-to-deliver-malware(Line 1539) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://api.company-target.com/api/v2/ip.json?key=79a80d0e3f65c8809c2d2c9dda90c2b5&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fonenote-documents-increasingly-used-to-deliver-malware&page_title=OneNote%20Documents%20Increasingly%20Used%20to%20Deliver%20Malware%20%7C%20Proofpoint%20US&referrer= Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10487471.fls.doubleclick.net
309-rhv-619.mktoresp.com
4788165.fls.doubleclick.net
ad.doubleclick.net
ads.avct.cloud
ads.avocet.io
adservice.google.com
analytics.twitter.com
api.company-target.com
app-abj.marketo.com
attr.ml-api.io
b.6sc.co
bam.nr-data.net
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
cdn.linkedin.oribi.io
cm.g.doubleclick.net
connect.facebook.net
cpm.convergeselect.net
d.adroll.com
data.adxcel-ec2.com
dev.visualwebsiteoptimizer.com
dsum-sec.casalemedia.com
eb2.3lift.com
epsilon.6sense.com
fonts.googleapis.com
geoip-js.com
googleads.g.doubleclick.net
gwmtracking.com
ib.adnxs.com
ibc-flow.techtarget.com
image2.pubmatic.com
ipv4.d.adroll.com
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
js.driftt.com
m.addthis.com
metrics.api.drift.com
munchkin.marketo.net
pixel.mathtag.com
pixel.rubiconproject.com
pixel.sitescout.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
s.ml-attr.com
s7.addthis.com
script.hotjar.com
secure.adnxs.com
secure.chip2gift.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.co
tags.srv.stackadapt.com
track.accountinsight.cloud
tracking.g2crowd.com
trk.techtarget.com
ups.analytics.yahoo.com
us-u.openx.net
vars.hotjar.com
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
www.proofpoint.com
x.bidswitch.net
z.moatads.com
s7.addthis.com
104.16.94.80
104.244.42.133
104.244.42.67
13.107.42.14
141.226.228.48
142.250.185.166
142.250.185.66
142.250.185.70
146.75.120.157
151.101.130.137
158.255.109.19
162.247.241.14
18.66.112.55
18.66.147.116
18.66.97.17
18.66.97.37
185.64.190.80
185.80.39.216
185.89.211.116
185.89.211.132
192.28.144.124
2.18.233.201
2001:4860:4802:34::36
216.200.122.11
216.58.212.130
23.206.208.114
23.220.23.244
23.35.233.151
2600:9000:2251:e400:12:3734:2a40:93a1
2600:9000:225e:c200:6:9280:1080:93a1
2600:9000:225e:fc00:2:53b2:240:93a1
2606:4700::6812:1244
2606:4700::6812:1f49
2606:4700::6812:c9f
2620:1ec:22::14
2620:1ec:c11::200
2a00:1450:4001:80b::2002
2a00:1450:4001:811::2013
2a00:1450:4001:813::2003
2a00:1450:4001:813::2004
2a00:1450:4001:813::2008
2a00:1450:4001:828::200a
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2002
2a00:1450:400c:c00::9b
2a02:26f0:3500:16::215:14a0
2a02:26f0:ab00:3b3::1c91
2a02:e980:107::cf
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a05:d018:cc3:fe05:65ff:3732:9cc1:b9d6
3.126.151.226
3.126.56.137
3.94.218.138
34.111.208.231
34.96.102.137
34.98.64.218
51.11.20.152
52.204.14.109
52.222.236.122
52.30.116.28
52.57.1.21
54.170.158.38
54.85.119.1
64.202.112.31
68.67.153.60
69.173.144.165
76.223.111.18
77.245.57.72
95.100.75.244
98.98.134.242
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
01db0d203405ed4ec9c98bdcb0db8781188bcf88582788fb0e1c3c92c3e24f4f
0305f002cec9f1f9f900c6bb1ce8836e4d9d54b1157ef1057db2601267c3d22d
047d14c117d25e9e0a1a2ba3f4aa23a602d417fc7402294e484d20b19140ecf1
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0694124dd8cf871b521cf06ce0b2419ebbe18d3f45658b50c4b038b647fbc849
07aa00aa3aa0d7f661d70680b81bb38d1af1160d7b8d391b1812a51070620535
084390577243b6986d5564d152916a37a3124305e11b2817d0c2eabc863e081b
09d3561e03ada8fad9e775913a66b7d5abc4a2f16299f13f7b04d416b110f6dc
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
0e5cf82e4a17e79c80c6f17c3fff873756de944e1301fa01c1d03aba1e359669
13f8638e932bd9b91fc68c0baf723fc0dc801548ce4a1ff4ee8251afd82a29a2
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
1b1ab7879aa2fd8b15125ad858143c427b9ae8c805f1f1ddaece7ecb336b34df
1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f
1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70
2147b6441c1220224f3e4818dc9e35d2ba9c20305ec4bb5577a03ad71baaba65
22962c0ecbc0d9843ca34f9a2eddc992a2d510ff5da420e4080db38ca2328633
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
259c4bc56c9ac5ef4bdbaff761ab32522a4b97f2129d1bccd5478139002da685
28816769ece0ee343025ff388216c645e175c92cce4db6bd812a321b1ad345c6
29cd59aa3bf14290910ab2f5ec1b4ff80185d6eca5b167544d60bf184168b7ab
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e58bc2de93f6db954c4601d24b1eb0986e82f9b5ee590a1429a012d68ccddc2
3169ab3142fbf3ecf7eee1b5682a4556ed8a3d4ba940befa71c31b5a43991d92
32dffddd1bfd33d7568ee8501d3a7dc111f7b8177bd78b41fa668328f0ed8dbf
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
38315838c9af81de0eaee3cad5690b144c2b96e42080d42005a949d43dade705
38a674c1fcaa31a7e02046bda9fbc303302a9c1735ef872094ec2cdc702da640
3c11c380f0fd80c64976a059ff85d9e5086ef0ec55f9f5cb04c46ed077aa0598
3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
43580e037fc59487c315cc0a33e1167f17c8430dd41aa375e21f4d6d325e8f28
4377d0dafa9b167e56fd0c51a3aa34b3a1e029e81ea4cb4e86a49e176bbdaad1
4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4
4ad97caba8db328ca9e0fee2782647c9775963c718776157ee8e9a986ef3155b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b726ff42627a2755175c451d8a6441e0d973317807e8057643a20e6a9819772
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
4fb8c0d4bfc0d4334ead7bfedc14b41cc88b40c4411d8e60a9f6183717ed319d
504ff3efe64294cb4fd8b982dadb288136e511a05d4b068356c371dc6057865f
5251292502f489870fd167ed3da10585b68bfc903dbcc086c8729b35f00a60aa
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a9c5554342e72affd754b8ba49d075a11a4d2919e3c5f440cd860775b26e9f9
5aa93e7401f9a3344d1f891eacfb0cf698bf56cc5d7cb2586bfe0d82d1c8c4b0
5ccd2287af72e2d56e11ebfcdb02dede2b9e39277e121ca53cbfbcc9cb529d3e
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5d959e050c61344f264ee87cf81e9ffd30cb5ad5b5ae749218e9360a6403c1e4
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
632f1e0c45f66b1c70706f6402d0771dbc83f6f280542b6a3b747ff03d34589e
6556ae8681d92a9f36b8ad0cc99324bf66f58a72de301e3e8d3111f2763da457
672e9b04f273c7bc6b2b23413d590fa1ac1aec88429f4d73998a7cbfbae5bbe5
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
6907f421de451fd5e7f962c48d39191bd7d86390df35df8b416d3ca0eb558436
693d949d8c3fdc7fd4ace7c340b5f177a9f0c5be7bafee8bc93a7d88b7523d75
6a9f4a7fdaed340429c448b9132181f72a59635ec28a42beb2b180b176c006ef
6bd6ed4b74794fb0ce61977f282afb8acbc93dd7bb356615c4b9ee75d9474ea4
70ea2e2325db237a5c365e9a5533ca2070db34ee933d1cbe91bc7a044428f234
7161d65405c262f1bca68b96586216c65b1eca9b4f6f98c15fa0cf92c32ef4dd
7168fe91c0a2521e7f93b29b1cde798db4859202d2ea5c798ee40a79b69ef969
73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b
785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232
7ae84ab3a4eccd5d796196d3ab71c34944493345c0c293d0c1af42ca2802fa38
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7cb58278c8f54a62c0afa6da0c67b3a45aad637a0bf614e9c0dd42b73cee266b
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
7e05c4fabf6d02fa4c14937ca467cc7d4ebbb02f295e3cff6ba999e6369fc663
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
840a9e2a90edd4f8329d574d26cd4f997dda80529c17adecf9ba1118cadf43cb
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8ab6891019c69c729441517bed2c703ec68058f913e9fe0d9840617f89473421
8de86d71297dc0c8a04caeab00e28f1fcadaa2574558098cccfddd3aa27b8172
914ae362937120d900bb5c5d95c70f3957fa2270c308925e4a72ad56446911cb
94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae
9b2dc2a6592abd91e0dee577ef85461138e643d96bf3f3756f7c6d856d8d5e8b
9d88866c6295ffc0cadaa1ccb951367e196737a413482176d5787b70aae04ef0
a04ca4a38cfded547daa7993112f5dcc2fbdf13f93b968d676e1313e8d8e98f6
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394
a4ea37f8af67e84a4d330d3ccfb44eab01c877d0c4100c48c67ea57f1663552c
a8356d715c4bd117081a0893777439ce054bbd692b8426505d358b93c1d9a7a3
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af5b0b20321a33d0b6e139babf5aa8c775dff093cb035f24c1caeae16a9cf784
b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3eef75decadc91e863f376b960ade61991801ed72b6003681abc350493482cf
b7c5d1d3e03d31b9b450c0aac2972f3aef995be2a69ec5ecfa6200c4a321ef40
b86e9b6e6d2bf38132369af200cceb6a5a69f5a986661c0724bf2ee2f686e014
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
ba95ed077caa1b5b8b0938c45e2223e486f179f659a64bcc4d6ea3d240235734
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
beeb705b69f299ad7567ae7ba292ae685556a7082531220a088a0d3b3307c410
c0c4051e3d8291daef72f19aeb8076c2be50f6147842840dfd48dbe3f910f438
c2b7a45d31339f18ed57fd095feca4da1b3fbab75a5afbc053957f6e8e1613a2
c878baf3b2bee3185daa3b0812e979a96e077fdf924b536f6c3e7e373882aa1e
c8c302716cf94980a0d77e614d9fb6c430f166b5ef7c42b7c382771955e52ba6
c94b68341f642fc63f7f5b385f1d08434c533a5f113415f82d5786de36d9a709
c96b2cd5b57e02ce65ab0a787a6c8ea69efbf424064e15500691847cd879e8ca
ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a
cb278c73f375f7ff6ccba60313f94d2431c01784b0405b53935f01fd06108b6e
cdeb836f7f77cd2174fa0bb4aa3825963aa64faf657a24f988b82f1c4d28ce69
ce1fe34f915fd2ff5c44d4541dad55a7bf416d55e2f9d6dc5c4a28d6c4ae3a2a
cea918e6af14ac3645e0e33b30cb802820aed3e549defbd618be220c31546625
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d238e774be1be42eaf7f335980d7cf7ec0989c8bbfa1ae7114366ccb07809c5a
d641c13a78017e11f15b152b78082bcd0cf474766f13ba649bfa6378d956c492
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
dca9b6afcb6c37d6a32456973fe5f2986a348a70d11774e102de6fc420992a19
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
dd526f2495b939b744a150e0a07435e928817393f7f947987b09b79fedcd653b
dd8c7f7aae00c226824b8caad79b25703a1b017f6034e11ac53a4fa3dd564b1d
ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e86cbcde174346c83cc616195a21881cef0962e982ddf16ed992698a4979381c
e9b3c1ef5622bc620a5c1d364aa9fbec2c9d6230bb5f6ab825825db09dd71f6a
e9eb23aaa392f26a611f5e52c470c456fb190c0f74fb8649a83bef8f6264780b
ea0a66087c5669d9c516399640336a37d06d722e1ef0ada8047db1869af0de96
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ec547a2f9fde5ce8e398da2810828ba3c30c641ce2761f5bf915225efb35f919
eee51d0715d2f5efd605e8c6020900a6aa8a1678867cac80e0bd43628f7e1bcf
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2ea684e3b845732d5688c534995dded4f2b5639e4b51b23540b00424f2736ad
f3342c52eee43a2ea931cae2ee2d6d9a2939432ffcb03bb4f2983ac7e49b26cc
f46108976666130f89c43a82ee045f7a3afb264494060ef6b3d9eb6589e49d16
f51a75f2ede4c5e0457f05d60bfa39290b59348a71cdae4cc701236e6f552ad9
f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
f7ef83a76a4d82a068af0fa519808cc2a3e367b7f77b123313cd083ed8d0d1b4
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f92333a45b532bdb5248178674b041b1c35edfd33a55df48192256f0bfe49e4e
f95b22047abcb76190421e53f133601b1006cfb23a01fb03caaad506a9b4d321
fa8c32e4cf3d3e6a515ed02bcb7c24c87a1371ff8b888ca12332e4da8e4c5e65
fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd
fd3fd207f0f0b1d867cfe75cda0e24ed0dbd25cc7ee8397ac3d9e48e26125154
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a
fe5f594c3c7547792df136089a50c235f3dbedc974d716ed7e9a88431bea4039
fffcc021124d70080ddd0c52562645c46e03ff39c924ced85c1bfd62cb8b8767

www.proofpoint.com Open in urlscan Pro 2a02:e980:107::cf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

240 Requests

90 %HTTPS

34 %IPv6

59 Domains

79 Subdomains

67 IPs

9 Countries

7684 kBTransfer

14659 kBSize

65 Cookies

17 Outgoing links

Page URL History

Redirected requests

240 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Screenshot
Live screenshot

Full Image

240
Requests

90 %
HTTPS

34 %
IPv6

59
Domains

79
Subdomains

67
IPs

9
Countries

7684 kB
Transfer

14659 kB
Size

65
Cookies

240 HTTP transactions
13 data transactions