www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Submission: On August 01 via api (August 1st 2023, 2:11:06 am UTC) from TR — Scanned from DE

Summary HTTP 197 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 40 IPs in 4 countries across 36 domains to perform 197 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com. The Cisco Umbrella rank of the primary domain is 169930.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on April 4th 2023. Valid for: a year.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2a02:e980:107... 2a02:e980:107::cf	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
4	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:1344	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.102.38.132 104.102.38.132	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	185.89.210.101 185.89.210.101	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:21f... 2600:9000:21f3:e600:12:3734:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
9	95.101.111.170 95.101.111.170	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:480... 2a02:26f0:480:f::213:7ec6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	3.252.158.15 3.252.158.15	16509 (AMAZON-02) (AMAZON-02)
2 4	52.48.249.243 52.48.249.243	16509 (AMAZON-02) (AMAZON-02)
5	2606:4700::68... 2606:4700::6812:1e49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
67	18.66.112.41 18.66.112.41	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6812:d9f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	35.158.29.183 35.158.29.183	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
4	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
3	2600:9000:20e... 2600:9000:20eb:6c00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
5 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2.19.224.115 2.19.224.115	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.124.251.238 3.124.251.238	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
1	95.101.148.198 95.101.148.198	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:480... 2a02:26f0:480:23::1726:62a7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
2	3.127.67.224 3.127.67.224	16509 (AMAZON-02) (AMAZON-02)
12	34.193.113.164 34.193.113.164	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:8e:... 2a04:4e42:8e::720	54113 (FASTLY) (FASTLY)
197	40

29 2a02:e980:107::cf (United States)

ASN19551 (INCAPSULA, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1344 (United States)

ASN13335 (CLOUDFLARENET, US)

geoip-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.38.132 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-38-132.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.101 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:e600:12:3734:2a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 95.101.111.170 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-170.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.252.158.15 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-252-158-15.eu-west-1.compute.amazonaws.com

ads.avocet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.48.249.243 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-249-243.eu-west-1.compute.amazonaws.com

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:1e49 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

67 18.66.112.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-41.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d9f (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.158.29.183 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-29-183.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

309-rhv-619.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20eb:6c00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 5 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.224.115 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-224-115.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.251.238 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-251-238.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.230 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

4788165.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.148.198 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-148-198.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:23::1726:62a7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.127.67.224 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.193.113.164 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-113-164.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
flow.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:8e::720 (United States)

ASN54113 (FASTLY, US)

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
67	driftt.com js.driftt.com — Cisco Umbrella Rank: 6322	770 KB
29	proofpoint.com www.proofpoint.com — Cisco Umbrella Rank: 169930	3 MB
12	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 7117 metrics.api.drift.com — Cisco Umbrella Rank: 6970 event.api.drift.com — Cisco Umbrella Rank: 7736 targeting.api.drift.com — Cisco Umbrella Rank: 7228 flow.api.drift.com — Cisco Umbrella Rank: 11834	12 KB
10	6sc.co j.6sc.co — Cisco Umbrella Rank: 5514 c.6sc.co — Cisco Umbrella Rank: 8744 ipv6.6sc.co — Cisco Umbrella Rank: 5717 b.6sc.co — Cisco Umbrella Rank: 3597	18 KB
9	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2693 www.google.com — Cisco Umbrella Rank: 3 adservice.google.com — Cisco Umbrella Rank: 118	1 KB
8	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 504	42 KB
7	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 384 www.linkedin.com — Cisco Umbrella Rank: 543 px4.ads.linkedin.com — Cisco Umbrella Rank: 5993	6 KB
7	doubleclick.net 1 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 114 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 4788165.fls.doubleclick.net — Cisco Umbrella Rank: 341220	7 KB
5	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8314	3 KB
5	google.de www.google.de — Cisco Umbrella Rank: 5772	797 B
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 3274	9 KB
4	avct.cloud 2 redirects ads.avct.cloud — Cisco Umbrella Rank: 4469	2 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 58	21 KB
3	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 876	1 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 14565 ibc-flow.techtarget.com — Cisco Umbrella Rank: 16282	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 383	13 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 73	275 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9651	585 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	236 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 170	155 KB
2	avocet.io 2 redirects ads.avocet.io — Cisco Umbrella Rank: 12757	280 B
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 461	1 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3724	6 KB
2	geoip-js.com geoip-js.com — Cisco Umbrella Rank: 15435	2 KB
1	imgix.net driftt.imgix.net — Cisco Umbrella Rank: 14949	13 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 302	467 B
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 1800	564 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 350	146 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 2760	360 B
1	mktoresp.com 309-rhv-619.mktoresp.com — Cisco Umbrella Rank: 328537	318 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 795	5 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 79	1 KB
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 19315	234 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 15355	279 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 163	18 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 1241	48 KB
197	36

	Domain	Requested by
67	js.driftt.com	www.proofpoint.com js.driftt.com
29	www.proofpoint.com	www.proofpoint.com
8	js-agent.newrelic.com	www.proofpoint.com
7	b.6sc.co	www.proofpoint.com
5	tracking.g2crowd.com	www.proofpoint.com
5	www.google.de	www.proofpoint.com
4	targeting.api.drift.com	js.driftt.com
4	px.ads.linkedin.com	4 redirects
4	www.google.com	www.proofpoint.com
4	tags.srv.stackadapt.com	www.proofpoint.com tags.srv.stackadapt.com
4	ads.avct.cloud	2 redirects www.proofpoint.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	region1.analytics.google.com	www.googletagmanager.com
3	cdn.linkedin.oribi.io	snap.licdn.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.proofpoint.com
3	googleads.g.doubleclick.net	www.googletagmanager.com www.googleadservices.com
3	www.googletagmanager.com	www.proofpoint.com www.googleoptimize.com
2	flow.api.drift.com	js.driftt.com
2	event.api.drift.com	js.driftt.com
2	metrics.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	epsilon.6sense.com	j.6sc.co
2	4788165.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	www.facebook.com	www.proofpoint.com
2	px4.ads.linkedin.com	www.proofpoint.com 4788165.fls.doubleclick.net
2	connect.facebook.net	www.proofpoint.com connect.facebook.net
2	ads.avocet.io	2 redirects
2	secure.adnxs.com	2 redirects
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	geoip-js.com	www.proofpoint.com geoip-js.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
1	driftt.imgix.net
1	bam.nr-data.net	js-agent.newrelic.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	adservice.google.com	4788165.fls.doubleclick.net
1	pixel.mathtag.com	4788165.fls.doubleclick.net
1	x.bidswitch.net	www.proofpoint.com
1	s7.addthis.com	www.proofpoint.com
1	www.linkedin.com	1 redirects
1	309-rhv-619.mktoresp.com	munchkin.marketo.net
1	trk.techtarget.com	www.proofpoint.com
1	snap.licdn.com	www.proofpoint.com
1	j.6sc.co	www.proofpoint.com
1	fonts.googleapis.com	www.proofpoint.com
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	www.googleadservices.com	www.proofpoint.com
1	www.googleoptimize.com	www.proofpoint.com
197	50

This site contains links to these domains. Also see Links.

Domain
proofpointcommunities.force.com
suite.nexgate.com
emaildefense.proofpoint.com
threatintel.proofpoint.com
us1.proofpointessentials.com
partners.proofpoint.com
go.proofpoint.com
twitter.com
ipcheck.proofpoint.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
proofpoint.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-17` - `2024-05-16`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-06` - `2024-02-05`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
6sc.co R3	`2023-05-25` - `2023-08-23`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
drift.com Amazon RSA 2048 M02	`2023-03-01` - `2023-09-21`	7 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-05-10` - `2023-08-08`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-02-14` - `2023-11-07`	9 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-07-26` - `2023-10-24`	3 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-07`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2023 Q1	`2023-03-05` - `2024-04-05`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Frame ID: 4A4053A2666CBEF86D4BED7FC557CE72
Requests: 120 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438
Frame ID: E97156DE7E8DCFE392C49803A656164B
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 5957DDE92D93EF78ED7D0279FA03EC2D
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
Frame ID: 2B0609399AEEE516DAB4738506C32153
Requests: 40 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
Frame ID: 214A0FE76F745B51362F075CAD2E7C3E
Requests: 35 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Out of the Sandbox: WikiLoader Digs Sophisticated Evasion | Proofpoint UK

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AddThis (Widgets) Expand

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Page Statistics

197
Requests

97 %
HTTPS

53 %
IPv6

36
Domains

50
Subdomains

40
IPs

4
Countries

4605 kB
Transfer

10307 kB
Size

44
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://proofpointcommunities.force.com/community/s/
Title: Support Log-in

Search URL Search Domain Scan URL

URL: https://suite.nexgate.com/users/sign_in
Title: Digital Risk Portal

Search URL Search Domain Scan URL

URL: https://emaildefense.proofpoint.com/login.php
Title: Email Fraud Defense

Search URL Search Domain Scan URL

URL: https://threatintel.proofpoint.com/
Title: ET Intelligence

Search URL Search Domain Scan URL

URL: https://us1.proofpointessentials.com/app/login.php
Title: Proofpoint Essentials

Search URL Search Domain Scan URL

URL: https://proofpointcommunities.force.com/community
Title: Sendmail Support Log-in

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/prm/English-UK/s/applicant
Title: Become a Channel Partner

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/English-UK/
Title: Channel Partner Portal

Search URL Search Domain Scan URL

URL: https://go.proofpoint.com/New-Perimeters.html
Title: New Perimeters MagazineGet the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts.

Search URL Search Domain Scan URL

URL: https://twitter.com/JAMESWT_MHT
Title: @JAMESWT_MHT

Search URL Search Domain Scan URL

URL: https://ipcheck.proofpoint.com/
Title: IP Address Blocked?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/proofpoint
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/proofpoint
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/proofpoint
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 31

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=4714019036497078514

Request Chain 52

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j HTTP 307
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j HTTP 307
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

Request Chain 58

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j HTTP 307
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j HTTP 307
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

Request Chain 74

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1690855859988%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fuk%252Fblog%252Fthreat-insight%252Fout-sandbox-wikiloader-digs-sophisticated-evasion%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&cookiesTest=true&liSync=true&e_ipv6=AQKekzPP1L6sVgAAAYmu3OoTkMHWJ1faUhUiSAXxTaY_nOXJrCk0DEyyDExjvAEM4H0aI6HQk-NoQA

Request Chain 92

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438 HTTP 302
https://4788165.fls.doubleclick.net/activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438

Request Chain 98

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQI3kFMONN-lOAAAAYmu3OnEMw3MOs5VLBq0fjTIos6wDOS4_uBQASNf-hUOX5j0WqJm52jKb_GXgw

197 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request out-sandbox-wikiloader-digs-sophisticated-evasion Show response
www.proofpoint.com/uk/blog/threat-insight/ 109 KB
37 KB 1593ms
1191ms Document
text/html 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

e2508410e61728ce5097597099aae34d7e1f0450b17492e4a77cabf8b6f7eeaa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' ; img-src 'self' 'unsafe-inline' data: blob: ; media-src 'self'; frame-src 'self' 'unsafe-inline' ; child-src 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' ; report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' ; img-src 'self' 'unsafe-inline' data: blob: ; media-src 'self'; frame-src 'self' 'unsafe-inline' ; child-src 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' ; report-uri /report-csp-violation
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 61005
Cache-Control: max-age=86400, public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 31206
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' data: blob: *; media-src 'self'; frame-src 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation
Content-Type: text/html; charset=UTF-8
Content-language: en-gb
Date: Tue, 01 Aug 2023 02:10:58 GMT
ETag: "1690794851-gzip"
Expires: Tue, 01 Aug 2023 09:14:12 GMT
Feature-Policy: geolocation 'self'
Last-Modified: Mon, 31 Jul 2023 09:14:11 GMT
Link: <https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion>; rel="canonical", <https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion>; rel="shortlink"
Permissions-Policy: interest-cohort=()
Referrer-Policy: origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Cookie,Accept-Encoding,Host
Via: varnish
X-AH-Environment: prod
X-CDN: Imperva
X-Cache: HIT
X-Cache-Hits: 217
X-Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' data: blob: *; media-src 'self'; frame-src 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation
X-Content-Type-Options: nosniff
X-Drupal-Cache: MISS
X-Drupal-Dynamic-Cache: MISS
X-Frame-Options: SAMEORIGIN
X-Iinfo: 14-45256535-45256543 NNNN CT(263 263 0) RT(1690855857311 132) q(0 0 5 0) r(8 10) U18
X-Imperva-Purge-Tags: fk0h,2171,rsmc,0plh,r6o8,li2r,ebfb,unor,vunp,j90e,jamf,p7tt,khv0,8qo7,eken,6bqn,bvs8,1sjk,h17a,4lsk,hl98,5val,qoui,vrlm,rmi0,bequ,olh0,lof7,fijm,aie9,gc0u,2j81,910q,fbk9,pm8m,hj2s,tg9m,okra,o3sc,tgaj,q2ri,kokj,bj2i,7nqj,u3s6,ii2b,eeho,9lcq,fj6k,shcs,8g9j,r1oq,kuit,tp2i,kj5r,fllv,l2u0,5cr3,80b8,us5v,vkkb,prna,j81r,83q8
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: v-9c5443f2-2f82-11ee-b5af-9f10d394e6a5
X-UA-Compatible: IE=edge
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' *; img-src 'self' 'unsafe-inline' data: blob: *; media-src 'self'; frame-src 'self' 'unsafe-inline' *; child-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *; report-uri /report-csp-violation

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 122 KB
48 KB 39ms
15ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4c54702033aef67e176e3b62a43c6cb81699162bec3a2853adb7855fca726936

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:10:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48315
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 00:45:36 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 01 Aug 2023 02:10:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
85 KB 76ms
30ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

53566933025df8291732c4f741fbfcf8fc74bd9dba836e5011041e2caa40ff12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:10:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86835
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 01 Aug 2023 02:10:58 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 383 KB
105 KB 49ms
49ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

51ae21e1c67c19a822d22dbdb60ef73da5dca20a16b413821f76582d3860dcb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:10:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 107042
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 00:45:36 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 01 Aug 2023 02:10:58 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 251 KB
85 KB 30ms
25ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL&l=dataLayer&cx=c

Requested by

Host: www.googleoptimize.com
URL: https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1bae987f079e93255da7aeabc8fa713d4ecc0739c50862a0c46241b9f6a2370e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:10:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86907
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 01 Aug 2023 02:10:58 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 67ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je37q0&_p=213885732&_gaz=1&cid=278507206.1690855859&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690855858&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 63ms
20ms Ping
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B1V8SZE3GL&cid=278507206.1690855859&gtm=45je37q0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 43ms
18ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B1V8SZE3GL&cid=278507206.1690855859&gtm=45je37q0&aip=1&z=1976396499

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 18 KB
18 KB 139ms
139ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:58 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Apr 2023 08:57:01 GMT
X-CDN: Imperva
Etag: "01c16c31"
X-Iinfo: 14-45256535-0 0CNN RT(1690855857311 1494) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=354377, public
Content-Length: 18296
Expires: Sat, 05 Aug 2023 04:37:15 GMT

GET
H/1.1 200
OK RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 140ms
139ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:58 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Apr 2023 08:57:01 GMT
X-CDN: Imperva
Etag: "39ed386e"
X-Iinfo: 13-34113933-0 0CNN RT(1690855857423 1386) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=342382, public
Content-Length: 21036
Expires: Sat, 05 Aug 2023 01:17:20 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 20 KB
20 KB 395ms
130ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Apr 2023 08:38:00 GMT
X-CDN: Imperva
Etag: "3a88d25f"
X-Iinfo: 10-13843998-0 0CNN RT(1690855858935 139) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=342381, public
Content-Length: 19976
Expires: Sat, 05 Aug 2023 01:17:20 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 16 KB
17 KB 398ms
131ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Apr 2023 08:38:00 GMT
X-CDN: Imperva
Etag: "80852160"
X-Iinfo: 5-26978018-0 0CNN RT(1690855858935 141) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=354376, public
Content-Length: 16540
Expires: Sat, 05 Aug 2023 04:37:15 GMT

GET
H/1.1 200
OK RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 403ms
133ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Origin: https://www.proofpoint.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Apr 2023 08:57:01 GMT
X-CDN: Imperva
Etag: "8df65834"
X-Iinfo: 13-34113977-0 0CNN RT(1690855858936 146) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=342381, public
Content-Length: 21384
Expires: Sat, 05 Aug 2023 01:17:20 GMT

GET
H/1.1 200
OK css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
www.proofpoint.com/sites/default/files/css/ 25 KB
5 KB 268ms
128ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 06 Jun 2023 18:30:35 GMT
X-CDN: Imperva
Etag: "032a9b05"
Content-Type: text/css
X-Iinfo: 14-45256535-0 0CNN RT(1690855857311 1635) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=354377, public
Content-Length: 4376
Expires: Sat, 05 Aug 2023 04:37:15 GMT

GET
H/1.1 200
OK css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css
www.proofpoint.com/sites/default/files/css/ 2 MB
1 MB 393ms
131ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e97558016f5d001dd30657edd04f5ae579bcee8f10bf823eb28c8b8da95084dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 20 Jul 2023 23:13:26 GMT
X-CDN: Imperva
Etag: "b9bfb7a0"
Content-Type: text/css
X-Iinfo: 13-34113933-0 0CNN RT(1690855857423 1648) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=253019, public
Content-Length: 1107236
Expires: Fri, 04 Aug 2023 00:27:58 GMT

GET
H/1.1 200
OK js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js Show response
www.proofpoint.com/sites/default/files/js/ 310 B
706 B 398ms
129ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 06 Jun 2023 18:30:35 GMT
X-CDN: Imperva
Etag: "2c787c81"
Content-Type: text/javascript
X-Iinfo: 14-45256535-0 0CNN RT(1690855857311 1765) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=342381, public
Content-Length: 235
Expires: Sat, 05 Aug 2023 01:17:20 GMT

GET
H/1.1 200
OK modernizr.min.js Show response
www.proofpoint.com/modules/custom/pp_theme/js/ 5 KB
3 KB 399ms
130ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/modules/custom/pp_theme/js/modernizr.min.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

084390577243b6986d5564d152916a37a3124305e11b2817d0c2eabc863e081b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 27 Apr 2023 08:38:00 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 14-45256629-0 0CNN RT(1690855858936 143) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=342381, public
Content-Length: 2533
Expires: Sat, 05 Aug 2023 01:17:20 GMT

GET
H/1.1 200
OK modernizr-additional-tests.js Show response
www.proofpoint.com/core/misc/ 2 KB
1 KB 525ms
127ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/misc/modernizr-additional-tests.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 27 Apr 2023 08:56:58 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 14-45256535-0 0CNN RT(1690855857311 1895) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=342381, public
Content-Length: 972
Expires: Sat, 05 Aug 2023 01:17:20 GMT

GET
H/1.1 200
OK logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 135ms
133ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 27 Apr 2023 08:57:02 GMT
X-CDN: Imperva
Etag: "13fdd2ef"
Content-Type: image/svg+xml
X-Iinfo: 13-34113933-0 0CNN RT(1690855857423 2438) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=344500, public
Content-Length: 1124
Expires: Sat, 05 Aug 2023 01:52:39 GMT

GET
H/1.1 200
OK pfpt-sb-nav-promo-696x708.png
www.proofpoint.com/sites/default/files/nav-promo-images/ 581 KB
582 KB 130ms
128ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/nav-promo-images/pfpt-sb-nav-promo-696x708.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

32dffddd1bfd33d7568ee8501d3a7dc111f7b8177bd78b41fa668328f0ed8dbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Oct 2022 23:44:13 GMT
X-CDN: Imperva
Etag: "685ed7ba"
Content-Type: image/png
X-Iinfo: 14-45256535-0 0CNN RT(1690855857311 2546) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=342384, public
Content-Length: 595407
Expires: Sat, 05 Aug 2023 01:17:23 GMT

GET
H/1.1 200
OK home.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 784 B
944 B 133ms
131ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/home.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 27 Apr 2023 08:57:01 GMT
X-CDN: Imperva
Etag: "4c25cdee"
Content-Type: image/svg+xml
X-Iinfo: 5-26978018-0 0CNN RT(1690855858935 924) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=357632, public
Content-Length: 477
Expires: Sat, 05 Aug 2023 05:31:31 GMT

GET
H/1.1 200
OK pfpt-us-abstract-overhead.webp
www.proofpoint.com/sites/default/files/styles/image_1920_750/public/blog-banners/ 130 KB
131 KB 656ms
654ms Image
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/image_1920_750/public/blog-banners/pfpt-us-abstract-overhead.webp?itok=fc2P4on2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

8b0fa5b403c11d275fbdc00832420565d7db9fad4b58af1532bef3851c34ca2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

X-Cache-Hits: 321
Date: Tue, 01 Aug 2023 02:11:00 GMT
Via: varnish
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-CDN: Imperva
Age: 61889
X-Cache: HIT
X-Iinfo: 10-13843998-13844006 NNNY CT(263 262 0) RT(1690855858935 924) q(0 0 0 -1) r(3 5) U18
Connection: keep-alive
X-AH-Environment: prod
Content-Length: 133250
X-Request-ID: v-8f5ac434-2f80-11ee-a581-c3f20ac9e394
Last-Modified: Thu, 27 Jul 2023 15:16:17 GMT
Server: nginx
Vary: Host
Cache-Control: max-age=1209600
Accept-Ranges: bytes
Expires: Mon, 14 Aug 2023 08:59:30 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 49 KB
18 KB 47ms
18ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

8ff0571e454b75517b28b02b1749dbcafa80d1cf6c4786c8fc45ee6f3fd13bcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:10:59 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18398
x-xss-protection: 0
server: cafe
etag: 17414105932935890869
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 01 Aug 2023 02:10:59 GMT

GET
H/1.1 200
OK js_cA1y6JAfhSkylP46ZMkC-Se2yaKNergh4-xiZXsAcDo.js Show response
www.proofpoint.com/sites/default/files/js/ 173 KB
60 KB 131ms
131ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_cA1y6JAfhSkylP46ZMkC-Se2yaKNergh4-xiZXsAcDo.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

700d72e8901f85293294fe3a64c902f927b6c9a28d7ab821e3ec62657b00703a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 20 Jul 2023 23:13:28 GMT
X-CDN: Imperva
Etag: "85d2dd61"
Content-Type: text/javascript
X-Iinfo: 13-34113977-0 0CNN RT(1690855858936 456) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=272197, public
Content-Length: 60536
Expires: Fri, 04 Aug 2023 05:47:36 GMT

GET
H2 200 geoip2.js Show response
geoip-js.com/js/apis/geoip2/v2.1/ 3 KB
2 KB 46ms
13ms Script
application/javascript 2606:4700::6812:1344
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1344 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:10:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 31 Jul 2023 19:54:19 GMT
server: cloudflare
age: 1609
etag: W/"64c8116b-da4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=43200
cf-ray: 7efa8c431d67367b-FRA
expires: Tue, 01 Aug 2023 14:10:59 GMT

GET
H/1.1 200
OK js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js Show response
www.proofpoint.com/sites/default/files/js/ 9 KB
3 KB 130ms
130ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 09 Jun 2023 04:43:51 GMT
X-CDN: Imperva
Etag: "6e3ea0aa"
Content-Type: text/javascript
X-Iinfo: 13-34113977-0 0CNN RT(1690855858936 769) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=342381, public
Content-Length: 2188
Expires: Sat, 05 Aug 2023 01:17:20 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 48ms
8ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H/1.1 200
OK js_TcXLAOxeEBjaEG-FvO99w2LtraO5Aj_9W9sWMh2teNE.js Show response
www.proofpoint.com/sites/default/files/js/ 1 MB
443 KB 136ms
132ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_TcXLAOxeEBjaEG-FvO99w2LtraO5Aj_9W9sWMh2teNE.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4dc5cb00ec5e1018da106f85bcef7dc362edada3b9023ffd5bdb16321dad78d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 25 Jul 2023 23:14:09 GMT
X-CDN: Imperva
Etag: "2c8eb8ba"
Content-Type: text/javascript
X-Iinfo: 13-34113977-0 0CNN RT(1690855858936 922) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=701680, public
Content-Length: 453122
Expires: Wed, 09 Aug 2023 05:05:39 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 38ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 01 Aug 2023 01:44:24 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1595
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 01 Aug 2023 03:44:24 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 3 KB
2 KB 76ms
53ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1690855858852&cv=11&fst=1690855858852&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&hn=www.googleadservices.com&frm=0&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&auid=802731899.1690855859&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69a1845e58a65294abedd4863bd9438f9d5b1d127ef4b785570f07309d449011

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1390
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 42 KB
13 KB 66ms
35ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 01 Aug 2023 02:10:59 GMT
last-modified: Fri, 28 Jul 2023 18:19:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E549454D1DE24B7996723881296500DF Ref B: FRAEDGE1117 Ref C: 2023-08-01T02:10:59Z
etag: "806f3b1280c1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12469

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/833074663/ 3 KB
2 KB 44ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/833074663/?random=1690855858857&cv=11&fst=1690855858857&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&hn=www.googleadservices.com&frm=0&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&auid=802731899.1690855859&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6cd32b3da7d3bb005bf1adc95908ed83688aea529774415e02e8ef8d987977d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1391
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=4714019036497078514

0
234 B

443ms
355ms

Image
application/json

2600:9000:21f3:e600:12:3734:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=4714019036497078514
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: H2
Server: 2600:9000:21f3:e600:12:3734:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
via: 1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: qnWbZg4bcLRPBJKDjsh9lmG-Zf5tN2eEnXVb3vvu4Hpz6IAgAUDQkQ==
content-length: 0
apigw-requestid: I9V0ShBQoAMEJOg=

Redirect headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:00 GMT
an-x-request-uuid: 8c07c065-01e8-477f-9c60-409f9edc173a
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=proofpoint.com&pId=4714019036497078514
x-proxy-origin: 37.58.57.1; 37.58.57.1; 953.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 14ms
12ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je37q0&_p=213885732&cid=278507206.1690855859&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1690855858&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&dt=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&en=scroll&epn.percent_scrolled=90&_et=15
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 40ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d44a47ef3690dc4fa9cc87b331021aa953bc022facc2ca5074039f4cab9ec10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 01 Aug 2023 02:10:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 01 Aug 2023 02:10:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 01 Aug 2023 02:10:59 GMT

GET
DATA 200
OK truncated
/ 44 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 82 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 90 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/webp

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 8ms
7ms Script
application/x-javascript 104.102.38.132
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.102.38.132 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-38-132.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Thu, 09 Nov 2023 02:10:59 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 3 KB
2 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1690855859862&cv=9&fst=1690855859862&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d35d21373d18f0ca04092ccd9dc4e69e1bcaf9c66bda696dcdc7d5766609dae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1476
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 48 KB
14 KB 48ms
8ms Script
application/javascript 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jul 2023 16:27:10 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64b9605e-bf6f"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14190
expires: Tue, 01 Aug 2023 02:10:59 GMT

GET
DATA 200
OK truncated
/ 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK ransomware-bg-img.png
www.proofpoint.com/sites/default/files/nav-promo-images/ 14 KB
14 KB 130ms
130ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/nav-promo-images/ransomware-bg-img.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6907f421de451fd5e7f962c48d39191bd7d86390df35df8b416d3ca0eb558436

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sat, 22 Jan 2022 06:00:50 GMT
X-CDN: Imperva
Etag: "ebf7b974"
Content-Type: image/png
X-Iinfo: 14-45256629-0 0CNN RT(1690855858936 973) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=358290, public
Content-Length: 13846
Expires: Sat, 05 Aug 2023 05:42:29 GMT

GET
H/1.1 200
OK footer-logo.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 45 KB
45 KB 132ms
132ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/footer-logo.png?ce2288c3a730ae0f2d542b0f6dab0914=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 20 Jul 2023 23:12:36 GMT
X-CDN: Imperva
Content-Type: image/png
X-Iinfo: 13-34113933-0 0CNN RT(1690855857423 2613) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=253390, public
Content-Length: 46089
Expires: Fri, 04 Aug 2023 00:34:10 GMT

GET
H/1.1 200
OK regions.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 131ms
131ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/regions.svg?813714b329f308b0ad52d12b7fc4ddd2=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 20 Jul 2023 23:12:57 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 14-45256629-0 0CNN RT(1690855858936 1140) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=259056, public
Content-Length: 1355
Expires: Fri, 04 Aug 2023 02:08:36 GMT

GET
H/1.1 200
OK Picture1_29.png
www.proofpoint.com/sites/default/files/inline-images/ 376 KB
376 KB 132ms
132ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Picture1_29.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

df0b1df1d346e246f1dc6b3c87fd183a7a39b099406d716f5783b7c5128d5cbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Jul 2023 15:39:00 GMT
X-CDN: Imperva
Etag: "ffd8d12a"
Content-Type: image/png
X-Iinfo: 5-26978018-26951725 2CNN RT(1690855858935 1147) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1148468, public
Content-Length: 384964
Expires: Mon, 14 Aug 2023 09:12:08 GMT

GET
H/1.1 200
OK Picture2_17.png
www.proofpoint.com/sites/default/files/inline-images/ 67 KB
67 KB 133ms
132ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Picture2_17.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3a164e1ce79fa9e812c364134ef02b30586ee26acd6ef26d74358beddff018ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Jul 2023 15:39:25 GMT
X-CDN: Imperva
Etag: "a303e2ce"
Content-Type: image/png
X-Iinfo: 13-34113933-34000562 2CNN RT(1690855857423 2747) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1148576, public
Content-Length: 68382
Expires: Mon, 14 Aug 2023 09:13:56 GMT

GET
H/1.1 200
OK Picture3_18.png
www.proofpoint.com/sites/default/files/inline-images/ 108 KB
108 KB 131ms
131ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Picture3_18.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ba774d740ac5fa1e77c1471aee0b3ae0d866fd545746d9736837f416334450bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:10:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Jul 2023 15:39:40 GMT
X-CDN: Imperva
Etag: "7e5ef2bc"
Content-Type: image/png
X-Iinfo: 14-45256629-45239328 2CNN RT(1690855858936 1271) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1148577, public
Content-Length: 110379
Expires: Mon, 14 Aug 2023 09:13:56 GMT

GET
H/1.1 200
OK Picture4_8.png
www.proofpoint.com/sites/default/files/inline-images/ 112 KB
112 KB 131ms
131ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Picture4_8.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

de89e0378a3d91d39b989b9d8476c7c30802714ce50e94b26a3e037f0b498a50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Jul 2023 15:40:08 GMT
X-CDN: Imperva
Etag: "defa022d"
Content-Type: image/png
X-Iinfo: 13-34113977-34000562 2CNN RT(1690855858936 1326) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1148624, public
Content-Length: 114653
Expires: Mon, 14 Aug 2023 09:14:44 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 59ms
8ms Script
application/x-javascript 2a02:26f0:480:f::213:7ec6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:10:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=30469
accept-ranges: bytes
content-length: 4862

GET
H/1.1

200
OK

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

0
417 B

33ms
33ms

Script
application/javascript

52.48.249.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: HTTP/1.1
Server: 52.48.249.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-249-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Date: Tue, 01 Aug 2023 02:11:00 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: application/javascript

Redirect headers

Location: /s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
Date: Tue, 01 Aug 2023 02:11:00 GMT
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
Content-Length: 100
Content-Type: text/html; charset=utf-8

GET
H2 200 1594.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
409 B 156ms
127ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 4e17c935-a80d-409f-8b31-dac16510fac4
x-runtime: 0.005061
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7efa8c44bea39171-FRA

GET
H2 200 1644.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
412 B 157ms
129ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 4eaeebef-8e5d-4d37-8bb5-18880724ec81
x-runtime: 0.009279
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7efa8c44bea59171-FRA

GET
H2 200 1645.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
411 B 162ms
134ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 04c6ad6e-591e-4c51-8a05-c840716e69b9
x-runtime: 0.010877
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7efa8c44bea69171-FRA

GET
H2 200 1646.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 149ms
121ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: a7d4316c-05c4-4f5d-848a-95164585e648
x-runtime: 0.005310
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7efa8c44bea79171-FRA

GET
H2 200 1647.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
410 B 158ms
131ms Script
text/javascript 2606:4700::6812:1e49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1e49 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: c5066fb4-e5aa-43eb-99b1-7ca12dbbcac5
x-runtime: 0.009518
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 7efa8c44bea89171-FRA

GET
H/1.1

200
OK

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

123 B
542 B

34ms
34ms

Script
application/javascript

52.48.249.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: HTTP/1.1
Server: 52.48.249.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-249-243.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e25d36c6586ad2fde35328af102cdbf05f63934e37eb8c63c0adf76d667401e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Date: Tue, 01 Aug 2023 02:11:00 GMT
Connection: keep-alive
Content-Length: 123
Content-Type: application/javascript

Redirect headers

Location: /s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
Date: Tue, 01 Aug 2023 02:11:00 GMT
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
Content-Length: 100
Content-Type: text/html; charset=utf-8

GET
H2 200 5dfsgn7m2kst.js Show response
js.driftt.com/include/1690856100000/ 213 KB
60 KB 210ms
134ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1690856100000/5dfsgn7m2kst.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

521b858a4fcc33d56f0248f7aa72997c4acf17e0843bbb00e144f8ae41a40f82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: Keekb6kZnpYaUsja4pqi_bkfDDfkvdzU
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Tue, 01 Aug 2023 02:11:00 GMT
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Fri, 28 Jul 2023 18:57:24 GMT
server: istio-envoy
etag: W/"eeb61db8ecbbdf93bc87a27f6322a98b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 04sHyOsMUkfR5-ZHetSyzOsV8fYZwjq4ffk326qIJf1Q7Zo6iKCWOg==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 172 KB
47 KB 31ms
10ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c99ff58c3dc4deb821c87dc9c45aed4af66541ceb1b0f62ec208114ffc37dbf4

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 01 Aug 2023 02:11:00 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 47198
x-xss-protection: 0
pragma: public
x-fb-debug: kKjNrAV1UVdlC3uTBEAS2nbxCSK/aVxisCHTlqD9PAeE7EqozVoTzgSYNiaP3VKkRtzLanNaeP6N/+Yzww258g==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 79ms
29ms Script
text/javascript 2606:4700::6812:d9f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d9f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 32306
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 7efa8c45dd2b5c62-FRA
expires: Tue, 01 Aug 2023 02:31:00 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 138ms
101ms Script
text/javascript 35.158.29.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.29.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-29-183.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 0745768a43f86c3179479137fcdf5b9fa61dec4935b4772463b99c3ada324df1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 01 Aug 2023 02:11:00 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

POST
H/1.1 200
OK visitWebPage
309-rhv-619.mktoresp.com/webevents/ 2 B
318 B 583ms
98ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1690855859940&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1690855859939-95870&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 9a1c7725-06f1-45b7-87e9-4392a7ae1614

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
455 B 49ms
23ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1690855859862&cv=9&fst=1690855200000&num=1&guid=ON&eid=375603260%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&fmt=3&is_vtc=1&random=540015025&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
154 B 24ms
24ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1690855859862&cv=9&fst=1690855200000&num=1&guid=ON&eid=375603260%2C466465925%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&fmt=3&is_vtc=1&random=540015025&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 19ms
19ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=213885732&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&ul=en-us&de=UTF-8&dt=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAEK~&jid=114165228&gjid=136660232&cid=278507206.1690855859&tid=UA-2257074-1&_gid=45577446.1690855860&_r=1&_slc=1&gtm=45He37q0n81MGR7P8X&cd19=278507206.1690855859&z=2037683326

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/833074663/ 42 B
108 B 21ms
21ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/833074663/?random=1690855858857&cv=11&fst=1690855200000&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&frm=0&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&fmt=3&is_vtc=1&random=3186280988&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/833074663/ 42 B
108 B 21ms
21ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/833074663/?random=1690855858857&cv=11&fst=1690855200000&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&frm=0&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&fmt=3&is_vtc=1&random=3186280988&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 17087961.js Show response
bat.bing.com/p/action/ 0
116 B 35ms
35ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17087961.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 01 Aug 2023 02:10:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C9E6B27D9A5E4867BED25E0A097E1EA7 Ref B: FRAEDGE1117 Ref C: 2023-08-01T02:10:59Z
x-cache: CONFIG_NOCACHE

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
108 B 21ms
20ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1690855858852&cv=11&fst=1690855200000&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&frm=0&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&fmt=3&is_vtc=1&random=268177325&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:00 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
64 B 24ms
22ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1690855858852&cv=11&fst=1690855200000&bg=ffffff&guid=ON&async=1&gtm=45He37q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&frm=0&tiba=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&fmt=3&is_vtc=1&random=268177325&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:10:59 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 21ms
19ms XHR
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2257074-1&cid=278507206.1690855859&jid=114165228&gjid=136660232&_gid=45577446.1690855860&_u=YADAAEAAAAAAACAEK~&z=1986279152

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 01 Aug 2023 02:10:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
399 B 36ms
10ms XHR
application/json 2600:9000:20eb:6c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:20:29 GMT
content-encoding: gzip
via: 1.1 c3b74c81fdcb7942211a6c721efa13fc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 6631
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=38852
x-amz-cf-id: zUHqML4VGg6vAUtX1Bn2S_V-rqpzFd6y6SJyCr8Wu6TUSTLS4IxVMQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-soph...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-soph...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1690855859988%26url%3Dhttps%253A%252F%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-soph...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sop...

0
162 B

154ms
154ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&cookiesTest=true&liSync=true&e_ipv6=AQKekzPP1L6sVgAAAYmu3OoTkMHWJ1faUhUiSAXxTaY_nOXJrCk0DEyyDExjvAEM4H0aI6HQk-NoQA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CD8E50A43F4F4105A3C5CFC50E400B2A Ref B: FRAEDGE1713 Ref C: 2023-08-01T02:11:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYB0w70i+mqNJ+5pVAIDA==

Redirect headers

date: Tue, 01 Aug 2023 02:11:00 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: B57A9424C06E4B74B8E5D8D6CFC89B3C Ref B: FRAEDGE1515 Ref C: 2023-08-01T02:11:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1690855859988&url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&cookiesTest=true&liSync=true&e_ipv6=AQKekzPP1L6sVgAAAYmu3OoTkMHWJ1faUhUiSAXxTaY_nOXJrCk0DEyyDExjvAEM4H0aI6HQk-NoQA
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYB0w7yRL5A/LVFoVIg7A==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
400 B 32ms
9ms XHR
application/json 2600:9000:20eb:6c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:20:29 GMT
content-encoding: gzip
via: 1.1 c3b74c81fdcb7942211a6c721efa13fc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 6631
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=38852
x-amz-cf-id: qi_NMkR0X0qZn0IaZzjROpEIhJbfR9PCFjJD_bp9C6RxEEi3hrSLmw==

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/ 36 B
398 B 30ms
10ms XHR
application/json 2600:9000:20eb:6c00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/169250,3955937,3976212/domain/proofpoint.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:20:29 GMT
content-encoding: gzip
via: 1.1 c3b74c81fdcb7942211a6c721efa13fc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 6631
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=38852
x-amz-cf-id: NYqj-HSmZnsD6KEOk6d_5tyipNXF5c4gP308Jgr879XEa4a7Tbkrgw==

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 20ms
18ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2257074-1&cid=278507206.1690855859&jid=114165228&_u=YADAAEAAAAAAACAEK~&z=1314154080

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 22ms
21ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2257074-1&cid=278507206.1690855859&jid=114165228&_u=YADAAEAAAAAAACAEK~&z=1314154080

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 143852102935619 Show response
connect.facebook.net/signals/config/ 378 KB
108 KB 12ms
11ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/143852102935619?v=2.9.120&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

24d6de95dce9cefc6dfeff25325436aebd247f25e777dfed92b547f3ed03450d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 01 Aug 2023 02:11:00 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110371
x-xss-protection: 0
pragma: public
x-fb-debug: /5OgF6/3ZHiXttYZW0T+bBTRtBAsskwP08QgrEa4+GZ2UHIxrvi9ZcEJVQOIHlkE5FFFD860KyGX7gxSdgGsGA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 25ms
7ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=143852102935619&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&rl=&if=false&ts=1690855860133&sw=1600&sh=1200&v=2.9.120&r=stable&ec=0&o=30&fbp=fb.1.1690855860130.1010999323&cs_est=true&it=1690855860048&coo=false&exp=a3&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 01 Aug 2023 02:11:00 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
470 B 122ms
121ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1690855860165&ref=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1268939
Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdt4lbre_XwxoVy2mtuPXV6_crj2HMFBJxfpjD97GFJC6ugCJ1jblL1TBDGNsv44aJ0I0RicUf7W8HmWK8kxDMRnxXC6-tqZ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Tue, 01 Aug 2023 03:11:00 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 157ms
111ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1690855860165&ref=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 01 Aug 2023 02:11:00 GMT
expires: Tue, 01 Aug 2023 02:11:00 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdt88D2wSSU8pLW4chQioMBw7GsfEfkbgpRpLWopu0oSAHbFq8gSUTnr0Id7ui-M2sc3fCE8Wf5CPXxmD1XSYLqmuPrknCDU

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 105ms
100ms Stylesheet
text/css 35.158.29.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.29.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-29-183.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 0c922621ddc4910472a15b28bf30bfb206784213a6bfbf9d71e0ba68bb9b459c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 01 Aug 2023 02:11:00 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 129ms
100ms Fetch
image/jpeg 35.158.29.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.29.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-29-183.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 01 Aug 2023 02:11:00 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 me Show response
geoip-js.com/geoip/v2.1/country/ 751 B
951 B 80ms
61ms XHR
application/vnd.maxmind.com-country+json 2606:4700::6812:1344
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com

Requested by

Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1344 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84f34f69435cc44f2bcbc18d973988733687f8149c2453f73325fd078f471e14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 7efa8c478f198fec-FRA
content-length: 751

GET
H/1.1 200
OK header-email.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 951 B
965 B 127ms
127ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-email.svg?5dd8f7254d23339c87d236dd5ed71ca0=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 27 Apr 2023 08:38:00 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 14-45256535-0 0CNN RT(1690855857311 3077) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=360617, public
Content-Length: 514
Expires: Sat, 05 Aug 2023 06:21:17 GMT

GET
H/1.1 200
OK header-shield.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 298 B
655 B 131ms
130ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-shield.svg?846ea5f31dbef4de45aaa03516f7b708=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 27 Apr 2023 08:57:01 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 13-34113933-0 0CNN RT(1690855857423 2968) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=360618, public
Content-Length: 204
Expires: Sat, 05 Aug 2023 06:21:18 GMT

GET
H/1.1 200
OK header-security.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 934 B
887 B 134ms
130ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-security.svg?09afb7a95c693b3a41940d4e34bd70d3=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_6XVYAW9dAB3TBlft0E9a5Xm87o8Qv4I-soyLjalQhN0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 27 Apr 2023 08:38:00 GMT
X-CDN: Imperva
Content-Type: image/svg+xml
X-Iinfo: 13-34113977-0 0CNN RT(1690855858936 1462) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=365411, public
Content-Length: 436
Expires: Sat, 05 Aug 2023 07:41:11 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 56 B
360 B 60ms
16ms Script
text/javascript 2.19.224.115
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js?_=1690855859871

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_cA1y6JAfhSkylP46ZMkC-Se2yaKNergh4-xiZXsAcDo.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.224.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-19-224-115.deploy.static.akamaitechnologies.com

Software

Oracle API Gateway /

Resource Hash

f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 01 Aug 2023 02:11:00 GMT
server: Oracle API Gateway
opc-request-id: /FEA83DB542575217B0BB826D2E506192/A302E232D4B2A0AB6DC9138F0C4DE719
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/javascript
x-distribution: 99
x-host: s7.addthis.com
content-length: 76
x-xss-protection: 1; mode=block

GET
H2 200 sync
x.bidswitch.net/ 43 B
146 B 225ms
11ms Image
image/gif 3.124.251.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=59&user_group=2&user_id=35f7e3da-6383-473b-988c-fc1c4614a6bb
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.124.251.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-251-238.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H2 204 0
bat.bing.com/action/ 0
284 B 33ms
33ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17087961&tm=gtm002&Ver=2&mid=391566a3-7df5-4618-8303-014ffca2eeee&sid=a8c424f0301011eeb36c47181e31c462&vid=a8c46470301011ee8144d50adcf51939&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&p=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&r=&lt=3365&evt=pageLoad&sv=1&rn=205848

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 01 Aug 2023 02:10:59 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9A0F2306D20B4405B0F2D5807D0FAC67 Ref B: FRAEDGE1117 Ref C: 2023-08-01T02:11:00Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438 Show response
4788165.fls.doubleclick.net/ Frame E971
Redirect Chain

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438?
https://4788165.fls.doubleclick.net/activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438?

688 B
713 B

52ms
51ms

Document
text/html

142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4788165.fls.doubleclick.net/activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

65b5a8ddace09d6d9d930f2ffdb484ee2ebd30fba7c1352b6446d79aae6d23e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 375
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 01 Aug 2023 02:11:00 GMT
expires: Tue, 01 Aug 2023 02:11:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 01 Aug 2023 02:11:00 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://4788165.fls.doubleclick.net/activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
334 B 102ms
102ms XHR
text/plain 35.158.29.183
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=dG-GbvdPxi8YOQyjVLjRlg&is_js=true&landing_url=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&t=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&tip=FVn8Ud41qLL7eD-D1uqngQBw4_Obgr7gXD1HUlhXxWM&host=https://www.proofpoint.com&sa_conv_data_css_value=%270-035ee0ac-639d-5e2a-70d6-34d172b7eb9c%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9035ee0ac639d5e2a70d634d172b7eb9c253a3901&sa-user-id-v3=s%253AAQAKIGKXlqx22MAcZBc_LdzMN5TK8xTWIFDwnvz1APIN43ppEHwYBCC006GmBjABOgRVNED5QgTSjWbp.Wfgj35PLfTPeNPQT5S2uoveS2OV8B3klATGNqrAs4Bo&sa-user-id-v2=s%253AA17grGOdXipw1jTRcrfrnCU6OQE.SUl9KsCjl9o8LwIDFNFMkIYAJCTQ9r4tpgn9tQelYq0&sa-user-id=s%253A0-035ee0ac-639d-5e2a-70d6-34d172b7eb9c.Iw0t3Fnz6TxitN2KLjkcsCnpaz4z1UkRGgUS0HNw2h8
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.158.29.183 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-29-183.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 0305f002cec9f1f9f900c6bb1ce8836e4d9d54b1157ef1057db2601267c3d22d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-origin: https://www.proofpoint.com
date: Tue, 01 Aug 2023 02:11:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
BLOB 200
OK af1af34b-2afa-4da0-999d-ed8627c99600
https://www.proofpoint.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.proofpoint.com/af1af34b-2afa-4da0-999d-ed8627c99600
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK DE.png
www.proofpoint.com/modules/custom/pp_i18n/images/ 3 KB
4 KB 169ms
131ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/modules/custom/pp_i18n/images/DE.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Apr 2023 08:57:00 GMT
X-CDN: Imperva
Etag: "cc0c264c"
Content-Type: image/png
X-Iinfo: 14-45256535-0 0CNN RT(1690855857311 3208) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=453435, public
Content-Length: 3329
Expires: Sun, 06 Aug 2023 08:08:15 GMT

GET
DATA 200
OK truncated
/ 129 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2

200

collect
px4.ads.linkedin.com/ Frame E971
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif
https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQI3kFMONN-lOAAAAYmu3OnEMw3MOs5VLBq0fjTIos6wDOS4_uBQASNf-hUOX5j0WqJm52jKb_GXgw

43 B
347 B

209ms
155ms

Image
image/gif

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQI3kFMONN-lOAAAAYmu3OnEMw3MOs5VLBq0fjTIos6wDOS4_uBQASNf-hUOX5j0WqJm52jKb_GXgw
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438?
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:00 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 7AB0F4B94200435EACFA35058A731D8E Ref B: FRAEDGE1713 Ref C: 2023-08-01T02:11:00Z
linkedin-action: 1
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
content-type: image/gif
x-li-proto: http/2
content-length: 65
x-li-uuid: AAYB0w70KUc1hLhyvuBRVQ==

Redirect headers

date: Tue, 01 Aug 2023 02:11:00 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 3FA13FB03224407DBC99C7A98E9719D2 Ref B: FRAEDGE1515 Ref C: 2023-08-01T02:11:00Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&e_ipv6=AQI3kFMONN-lOAAAAYmu3OnEMw3MOs5VLBq0fjTIos6wDOS4_uBQASNf-hUOX5j0WqJm52jKb_GXgw
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYB0w7xEl38bmV02KcCeQ==

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame E971 43 B
564 B 68ms
23ms Image
image/gif 95.101.148.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1442966&mt_adid=226348&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=&ord=1558330155
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.101.148.198 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-101-148-198.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master cdg cdg-pixel-x27 config_version:"1438" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Tue, 01 Aug 2023 02:11:00 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x27 config_version:"1438"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Tue, 01 Aug 2023 02:10:59 GMT

GET
H2 200 dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438
adservice.google.com/ddm/fls/z/ Frame E971 42 B
401 B 75ms
46ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438

Requested by

Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CLH6uvewuoADFQGRmwod75AJHg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=6544075070698.438?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 5957 0
51 B 8ms
8ms Document
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.proofpoint.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 01 Aug 2023 02:11:00 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 9ms
8ms XHR
text/html 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-170.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:01 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 24 B
313 B 48ms
9ms XHR
text/html 2a02:26f0:480:23::1726:62a7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:23::1726:62a7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8f6a20bba0a1139f660d9a27ff45d2082b3467fe5909fabd6b4cf6c7a833e017

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:01 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a00:c98:2030:a004:1::14
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469682_388391911_735997999_18_860_6_0_219";dur=1
content-length: 24
expires: Tue, 01 Aug 2023 02:11:01 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 207ms
205ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=39149a35-da3a-43d1-81e0-797f4abe1506&session=169f6195-8d17-432a-83e7-523e3bae8e23&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Tue%2C%2001%20Aug%202023%2002%3A10%3A59%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2002%3A10%3A59%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2276d4adecd2340b300ba5d4296ecef89d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2002%3A10%3A59%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2002%3A10%3A59%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22cf897ce61a58c53c1861f742ebebc2622f6b0fcf%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2002%3A10%3A59%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Tue%2C%2001%20Aug%202023%2002%3A10%3A59%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Key%20Takeaways%5Cn%5CnProofpoint%20identified%20a%20new%20malware%20we%20call%20WikiLoader.%5Cn%5CtIt%20has%20been%20observed%20delivered%20in%20multiple%20campaigns%20conducted%20by%20threat%20actors%20targeting%20Italian%20organizations.%C2%A0%5Cn%5CtThe%20malware%20uses%20multiple%20mechanisms%20to%20evade%20detection.%C2%A0%5Cn%5CtIt%20is%20named%20WikiLoader%20due%20to%20the%20malware%20making%20a%20request%20to%20Wikipedia%20and%20checking%20that%20the%20response%20has%20the%20string%20%E2%80%9CThe%20Free%E2%80%9D%20in%20the%20contents.%C2%A0%5Cn%5CtIt%20is%20likely%20the%20use%20of%20this%20malware%20is%20available%20for%20sale%20to%20multiple%20cybercriminal%20groups.%C2%A0%5CnOverview%5Cn%5CnProofpoint%20re%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%26nbsp%3B%20%7C%20Proofpoint%20UK%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&pageViewId=a097886c-9dd9-4cc2-8307-e70597023c4c&v=1.1.5

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame 2B06 2 KB
1 KB 153ms
152ms Document
text/html 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1690856100000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

70560ba9138d04a53b3d50ad24c6ba38a16a2cacb591ddaf7aabb312f0330a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 01 Aug 2023 02:11:01 GMT
etag: W/"07075ae30994d62a00de2f301bdfb11a"
last-modified: Fri, 28 Jul 2023 18:57:16 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-id: fVTlCOw-PE3gyRLJ_fL9_hMV6OKTvdInRuTv8XjJkGTkQNK8VqAMKw==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: PE8zep.NHo.o1SZeIPA0xq.0zsXy2Uat
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 21

GET
H2 200 chat Show response
js.driftt.com/core/ Frame 214A 2 KB
1 KB 150ms
150ms Document
text/html 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1690856100000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

70560ba9138d04a53b3d50ad24c6ba38a16a2cacb591ddaf7aabb312f0330a9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 01 Aug 2023 02:11:01 GMT
etag: W/"07075ae30994d62a00de2f301bdfb11a"
last-modified: Fri, 28 Jul 2023 18:57:16 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-id: pFsrt3WBpD08PhoGu3Sf77iqPAOxbzhp9imARDZE0A0SloZaR9aNfA==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: PE8zep.NHo.o1SZeIPA0xq.0zsXy2Uat
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 async-api.30bd804e-1.236.0.min.js Show response
js-agent.newrelic.com/ 3 KB
3 KB 31ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/async-api.30bd804e-1.236.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fa44ba5620fc182eb36d66b9dea560edeb23af9c3104647e39e2a4d3fabcf8cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: 366JrVMQzTPfkja9KvKWB.1FAlNj2g2u
date: Tue, 01 Aug 2023 02:11:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V160HEFG7EFECRX2
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2851
x-amz-id-2: 0eBKUdrxS14x6LgkTPCmMEB3l0LE6ZMWjtAG9L6qQRKf2HwTDauZumZ0lO0xzHb91rsrxkWwK2Y=
x-served-by: cache-fra-etou8220043-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690855861.086256,VS0,VE0
etag: "ce1527db8799a0ba1913b5c7b7f666aa"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 385

GET
H2 200 860.03a8b7a5-1.236.0.min.js Show response
js-agent.newrelic.com/ 14 KB
6 KB 31ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/860.03a8b7a5-1.236.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

38068c6216d8cd0ebd227e767dea7b85b17c68ee40a2b32c20cb879ea225d274

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: iJSI6dlO2Ys6eX3e0ReqL6kXFai6YRCl
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 02:11:01 GMT
strict-transport-security: max-age=300
x-amz-request-id: V16AM8ZN8PYP562E
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 5507
x-amz-id-2: p53eNBuSl8l54BX4vm/T8MRAZj4+7UF7Zj6Jk8Z1gEGZek7iztQ2HnDO9cdAyyhavWTTx/o/XdA=
x-served-by: cache-fra-etou8220043-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690855861.086429,VS0,VE0
etag: "5c2d33afe15ef1ea0f7dfd3d77677165"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 329

GET
H2 200 session-manager.2a64278a-1.236.0.min.js Show response
js-agent.newrelic.com/ 1 KB
2 KB 31ms
8ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/session-manager.2a64278a-1.236.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c902ff18c7858648be03999d4022c40d66ad694ae218ea4b1558e74703b854a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: ur1tw3MWf2WErGuFKp0fYWjcNIfD4uOb
date: Tue, 01 Aug 2023 02:11:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V16A1FCNY83AK894
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1387
x-amz-id-2: upYMIkDsSKQm716sJRiAZiA1Gcm46rhBIW9aR4KcluiHUzwt5sYZ1qhtDXdlsCvnTJifqO5cU7qsZcXYYhk3cw==
x-served-by: cache-fra-etou8220043-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690855861.086478,VS0,VE0
etag: "a097cb2068fb2d63e521cacf139c921d"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 317

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 205ms
204ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=39149a35-da3a-43d1-81e0-797f4abe1506&session=169f6195-8d17-432a-83e7-523e3bae8e23&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2030%3Aa004%3A1%3A%3A14%22%7D&isIframe=false&m=%7B%22description%22%3A%22Key%20Takeaways%5Cn%5CnProofpoint%20identified%20a%20new%20malware%20we%20call%20WikiLoader.%5Cn%5CtIt%20has%20been%20observed%20delivered%20in%20multiple%20campaigns%20conducted%20by%20threat%20actors%20targeting%20Italian%20organizations.%C2%A0%5Cn%5CtThe%20malware%20uses%20multiple%20mechanisms%20to%20evade%20detection.%C2%A0%5Cn%5CtIt%20is%20named%20WikiLoader%20due%20to%20the%20malware%20making%20a%20request%20to%20Wikipedia%20and%20checking%20that%20the%20response%20has%20the%20string%20%E2%80%9CThe%20Free%E2%80%9D%20in%20the%20contents.%C2%A0%5Cn%5CtIt%20is%20likely%20the%20use%20of%20this%20malware%20is%20available%20for%20sale%20to%20multiple%20cybercriminal%20groups.%C2%A0%5CnOverview%5Cn%5CnProofpoint%20re%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%26nbsp%3B%20%7C%20Proofpoint%20UK%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&pageViewId=a097886c-9dd9-4cc2-8307-e70597023c4c&v=1.1.5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:01 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 lazy-feature-loader.2f55ce66-1.236.0.min.js Show response
js-agent.newrelic.com/ 1 KB
2 KB 7ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/lazy-feature-loader.2f55ce66-1.236.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d9bafbaa07911d0596a806a1177da26c107f735052d28603bc5eb8fa0dc63b55

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: SNNZ70_ndPBZM4f5drSRay_oJEEp97f5
date: Tue, 01 Aug 2023 02:11:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V16FNAZW59HEFJG0
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 1085
x-amz-id-2: pkfKdXF0ec9M5wmr/XnuOdiy3sJ9l2J8W0+mV18C4Y/E7ElWkyPmB6Zv+aJ4N+mCS9iq7HMT8b2lg2w+e+nWnw==
x-served-by: cache-fra-etou8220043-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690855861.104732,VS0,VE0
etag: "e43b565f398109176254b8a9394de5ba"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 376

GET
H2 200 148.1a20d5fe-1.236.0.min.js Show response
js-agent.newrelic.com/ 8 KB
8 KB 8ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/148.1a20d5fe-1.236.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

3e89824dcd4a1d958c6972134bfc50e0c8e4a76d6b47569d14fd7cba455c1f7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: ScUpW5z6XcbV4AsRwaGpjCwUtY9KtEdV
date: Tue, 01 Aug 2023 02:11:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V16DR883D7PM3805
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 7826
x-amz-id-2: V+aas5/YiB8hULXvDfZhIsWW+TevCOkgVGk/Fj6tlHSP/nHDKK7wQoHIzNE/dowYKiIKBmcwbTA=
x-served-by: cache-fra-etou8220043-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690855861.114935,VS0,VE0
etag: "bed1f74897d091a7dfc2b06e8a1e29a3"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 394

GET
H2 200 page_view_event-aggregate.06482edd-1.236.0.min.js Show response
js-agent.newrelic.com/ 11 KB
4 KB 10ms
9ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/page_view_event-aggregate.06482edd-1.236.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f1249e3503b8a12598e09882e9ded38155ac212298143dec459ce6820c6d3f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: olBWVnN3KrZD.7AbCiVQ_LmF1ZBKIJEh
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 02:11:01 GMT
strict-transport-security: max-age=300
x-amz-request-id: V16FEYSTFEDPYHC4
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 4296
x-amz-id-2: H97fZQNmKZjDmD9s6oOERCRPM+eQfEYaPaxM4am5otyv9pCh6VzqGQl9ZFts5wWPUkATcktLtmE=
x-served-by: cache-fra-etou8220043-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690855861.115194,VS0,VE0
etag: "553d27144d4f9fbe7e31b802107a2071"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 389

GET
H2 200 page_view_timing-aggregate.bd6de33a-1.236.0.min.js Show response
js-agent.newrelic.com/ 15 KB
15 KB 8ms
7ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/page_view_timing-aggregate.bd6de33a-1.236.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6dc5a41a72f6c1b4148d0629284183a4db42a28fef188ff4d55d5872d0ea3561

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: 9W2va1QLSUaCTJ3OoHH2ZOYSIAKsuvOr
date: Tue, 01 Aug 2023 02:11:01 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: V166MSHRXDKAVVGE
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14879
x-amz-id-2: c6U0F1buvLoUbC7Go6OynO2vSuROf3WSt/D6YI1yr+0jsK94y9koc9qEWfBtaM47/YBf5Yf8NJA=
x-served-by: cache-fra-etou8220043-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690855861.115186,VS0,VE0
etag: "01e96e9ff5c360298d13581ad38e60a8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 409

GET
H2 200 metrics-aggregate.3dc53903-1.236.0.min.js Show response
js-agent.newrelic.com/ 8 KB
3 KB 11ms
10ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/metrics-aggregate.3dc53903-1.236.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

11b4a5f186edf838f6e951559bef8aa85c686a83e0a226c5a82622da95e54307

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

x-amz-version-id: Z8jxLQfOXuFmYqpMJ60TDp7HscNrmk8O
content-encoding: br
via: 1.1 varnish
date: Tue, 01 Aug 2023 02:11:01 GMT
strict-transport-security: max-age=300
x-amz-request-id: V160X7JZ0EG0626C
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 2987
x-amz-id-2: 5+0z6v9iOJAmzGseP7niEmvz+uxWao1VALb8NoZbCquSjddcdg/5b+W1EwLWyPB/uQ66j8dwtBs=
x-served-by: cache-fra-etou8220043-FRA
last-modified: Tue, 27 Jun 2023 17:17:41 GMT
server: AmazonS3
x-timer: S1690855861.115334,VS0,VE0
etag: "a912f1cb80b2d3cf15f10d9d022b6188"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 379

POST
H/1.1 200
OK 0ae22ad83e Show response
bam.nr-data.net/1/ 40 B
467 B 553ms
485ms XHR
text/plain 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/0ae22ad83e?a=573869349&v=1.236.0&to=bgQBYERQXBBWVBFbDldOIldCWF0NGHMXRxFYDT9aWVVXP3RYC0YTVg0PUURtfAxTUjNbBE4iDFpCQ10PW1IXH19PCAZD&rst=4091&ck=0&s=8bb01deae19bc385&ref=https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion&qt=9&ap=1188&be=1594&fe=2425&dc=1771&at=QkMWFgxKT08VVkcIGkQc&perf=%7B%22timing%22:%7B%22of%22:1690855857043,%22n%22:0,%22dn%22:1,%22dne%22:146,%22c%22:146,%22s%22:271,%22ce%22:403,%22rq%22:403,%22rp%22:1594,%22rpe%22:1723,%22di%22:3334,%22ds%22:3334,%22de%22:3365,%22dc%22:3999,%22l%22:4017,%22le%22:4019%7D,%22navigation%22:%7B%7D%7D&fp=2906&fcp=2906
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/async-api.30bd804e-1.236.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
content-type: text/plain

Response headers

Date: Tue, 01 Aug 2023 02:11:01 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.proofpoint.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7efa8c4c88862bf6-FRA
Content-Length: 40

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 746 B
585 B 45ms
14ms XHR
application/json 3.127.67.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.67.224 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5ccf0efcbf4e94ddfde7d5723bf36026e21e0cbd93f51e6b72bf29c6dd8b9f75

Request headers

Referer: https://www.proofpoint.com/
accept-language: de-DE,de;q=0.9
Authorization: Token cf897ce61a58c53c1861f742ebebc2622f6b0fcf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
X-6s-CustomID: WebTag1.0 76d4adecd2340b300ba5d4296ecef89d

Response headers

date: Tue, 01 Aug 2023 02:11:01 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
content-length: 398

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 57ms
10ms Preflight 3.127.67.224
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.127.67.224 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-67-224.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.proofpoint.com
access-control-max-age: 1800
date: Tue, 01 Aug 2023 02:11:01 GMT
server: nginx

GET
H2 200 runtime~main.d3870f72.js Show response
js.driftt.com/core/assets/js/ Frame 214A 6 KB
3 KB 7ms
6ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d74324ac5719aa202221018cd0181776040570d0d6b94112fef8e841ef3d6c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: nYREScR.bpGpZR41m1r79Ea9oNUo0dkc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 285226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 28 Jul 2023 18:55:12 GMT
server: istio-envoy
etag: W/"ee97d74de0a92e3518199e701c19ee0f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Q36xYZOW-sqT6CgOk3NW1WkMszQ9bSGCndsM2wu77jmJJ31a4kjaZg==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 35 KB
13 KB 8ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 16015565
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _qzqMw2C4e5gqIM6oW1bwaEBIiEED-3UgHG4XuJrKVfSSG-5nyaX7Q==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 7 KB
3 KB 9ms
8ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 02:18:12 GMT
x-amz-version-id: UAS9fZEsWJhy55_yzrvbe0LqT9eTyvUT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2073169
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 75
last-modified: Thu, 29 Jun 2023 18:36:40 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: d1sdXO2AGq5DCwRMeD8I114sEmEPXhFqWUoXPotNKe2Gz2woKVEL-g==

GET
H2 200 runtime~main.d3870f72.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 6 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d74324ac5719aa202221018cd0181776040570d0d6b94112fef8e841ef3d6c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: nYREScR.bpGpZR41m1r79Ea9oNUo0dkc
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 285226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 28 Jul 2023 18:55:12 GMT
server: istio-envoy
etag: W/"ee97d74de0a92e3518199e701c19ee0f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7ZP-W6jnRzcgDe6Jvxu7HAmeWaWxP2oBHTFVQhD5wiccr_WTDK-8pA==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 35 KB
13 KB 8ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 17:24:56 GMT
x-amz-version-id: hzm2Healt7ZjvNDM3nYQ47BRwWjFuLrw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 16015565
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 27 Jan 2023 17:00:22 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -WCWTs9GJi6Ly_O4dU7hDKcLTp8xfH3dk8SlSaDEFX9zbnt0SwWaSw==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 7 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 02:18:12 GMT
x-amz-version-id: UAS9fZEsWJhy55_yzrvbe0LqT9eTyvUT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2073169
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 75
last-modified: Thu, 29 Jun 2023 18:36:40 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Kk9jGvYGc-kLGP6r-KwmIt4qr-HFz00JTjppjjcWmf77aG4fmb1sCw==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 23 KB
8 KB 9ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: 5TonZ2q4BzUrPKpbgBIsyV0ypFLgVCeU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PJUqcYkbD7yCM3mupXaeKubPgdCEwrddWpz_smzcE2T6cDOHsGqKXg==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 36 KB
10 KB 10ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:30:14 GMT
x-amz-version-id: qXDwNGmcU.i_gy6zABPrFxJLJu0M1pqs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2256047
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jfMU4oA1vUuRKWRr8jzYJmtDCv2KnOBPWMlJeQSnG5EuElvbR3CRTw==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 32 KB
11 KB 11ms
8ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: zK.I5gIdSwLDVz8paigwY_NlFGMXuMgL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3581354
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9V1c7eZau_u8TakJOADKtozsEzl02pXYd2-BVi3zk6I0JCHhCBhisQ==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 17 KB
6 KB 11ms
9ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 06:35:14 GMT
x-amz-version-id: NhB69SBKJZmuUtXDH0xsEetKhzurSV2H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4908947
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Kq7jxV17QraK6VYeiLnvx2RA5HE7ZAHIpUdUHDGyL0n5v7pBqGZGLw==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 25 KB
8 KB 11ms
9ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:25:03 GMT
x-amz-version-id: aw1f3uGwXuU6S2OomkpX1DCMYaDfscU9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2155557
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _pM9GBol5MqlRo4R0Pw62NsDXsO9MlB4rNfa3MhjOUx5VWBwaunQmg==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 74 KB
23 KB 12ms
10ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ukuXMqZaBoE6xID056KmWB0xEHmIXKmX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 69
last-modified: Fri, 16 Jun 2023 20:26:54 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 31IlSW2Rplvv54WoQWPm-Gnok0l3dD6bXiE1CWWycqIHGt4hdmSgRw==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 66 KB
20 KB 13ms
12ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 25 May 2023 07:08:48 GMT
x-amz-version-id: pbTO4uU1iA_kBPCkMqV8rm3AioPcDtRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5857333
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Wed, 24 May 2023 17:36:06 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kjvPSfZ0DnhaRtCfHYJTG69aq7lh8tvu8lBSSf8SoXZVrDyv5gT5qg==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 91 KB
28 KB 14ms
12ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 12:05:00 GMT
x-amz-version-id: SrUur3gTkOE1yjoDcy53ibL6t3rDB5tT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2124361
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: z_lv2jyE2JTLBvFl3m-WXItKMSEC9bM5KYDlQDBJa0uSB2KaZOkRtw==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 23 KB
7 KB 16ms
14ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 30 May 2023 11:02:53 GMT
x-amz-version-id: IgOK_MQbEszp7MebOhF6oyS1BThWXb5o
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5411288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 26 May 2023 19:24:42 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oPWYPc2peLcA8zs0nAwsbxUCNIBXOswPhjMqmQWyRYzOFq2DulNiqA==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 62 KB
20 KB 16ms
15ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:01:51 GMT
x-amz-version-id: 4sXKEKnf1MP6Oxg8R9s.0Ul7nOjxTe89
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2938150
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Mon, 26 Jun 2023 20:12:19 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5gyfg8yv04RQ8RQ4g58kDape4ozKfSKPMnLkH_9fltNxt0fMxoJtmw==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 105 KB
34 KB 17ms
16ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gBpCCsntSn2IWEffEf2F8DC2OtX8qv0J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 100
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oHr0e0o5aN4t3w5ajXYYYTNG4QnQ_l9Q5Sip20gXpb6jPAMHYUmNFw==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 12 KB
4 KB 19ms
17ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 26 May 2023 02:53:30 GMT
x-amz-version-id: d.D0r_vXgX7w1FTWdc3SLpv412I4sjOB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5786251
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Wed, 24 May 2023 17:52:54 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VqL_dcJgEHJKuSmvWeNT5DcHu8ioPCpc_1Q0odlhlMmMakItTDYLWg==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 13 KB
6 KB 19ms
18ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ncEfPgGiy8bvtpJNwnTX.NMziBwYghK4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qZ8LuotXrR_aVocFIDpENrAv5BLNglanhbshLqU5eHstnVEf0A07Ag==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 17 KB
7 KB 20ms
19ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 09:24:39 GMT
x-amz-version-id: VsfA8TLYa9RNEpzywKZv5LmrplRhx_G6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4898782
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 72
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: yXE_fT7DtjK92_3tz82Nk4TrbhwdzsR3NYmgiFoYLRnHVEQKjS8Z_w==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 214A 31 KB
4 KB 20ms
19ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: a7.YLqd37JZcdeCbrfXC3CfVjfFxsQd4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dveYttf4RkPE8cy2gZnT24zNEOtQvtWzcSz8rpuDOkrkgc-nGYjKcQ==

GET
H2 200 8.94b86ac7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 81 KB
25 KB 21ms
20ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.94b86ac7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:10 GMT
x-amz-version-id: sKS3NtYZ5xBkpnwyRKt297s4ZL0aCKra
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1231191
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 17 Jul 2023 15:59:42 GMT
server: istio-envoy
etag: W/"c01af04dcc374efd61d695b2f1e6a2c5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cSrf7pbkd2l9vMzPlpeRHSCiQ0UhK7Yd53Q5UUb1tK9fMrjxuM4CqA==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 214A 24 B
697 B 20ms
20ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 6958890
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 24
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Tmy-AUksZsLm99phS8Md7_MAcJBMjY4-rh2PmkuNFgCEBIQwNg8IAg==

GET
H2 200 16.8bd9e5a9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 91 KB
23 KB 21ms
21ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.8bd9e5a9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: rzljacJzqN37r9cYvWsZXzr5I9pj.xER
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 285226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"ef144ff505a111b4fe4731aaba1cffed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YdFG4lBm7VM3CjEE3Xt1_Quo16qVvX0rYGkJsEuOZ-xQnRUAGilq-Q==

GET
H2 200 24.1fcb23fd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 50 KB
14 KB 22ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.1fcb23fd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6e60af994c94f52d951f4ba72ce1ad110d02331dc2ab55b61110cd3be60c83f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: mhEzNs3jM3iyiDrVTPsVGu6p3AXJxHOl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 285226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"dfa4b7771ab513175144a5ffeb70e72d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: KvTGx3NqNmdCU6g8E3Sk3RTp3fClQnKJcY_siufzZ78od13eIRCp2w==

GET
H2 200 17.a71bb070.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 40 KB
13 KB 22ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.a71bb070.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6fa317686874e2babbb154c505e6d34dea75adf4cc6621773e1b40970a89419b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: W_RhZ8nhV9MfFiIuzCtGrNuJHr5uhnLe
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 285226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"8f716b28dee3e1937ef5c37d59f4213c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: f7BotCCUUbyqIJC7DM-BKY_zZbEdPfgneKltxeLChSt5AhhGu-dilQ==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 23 KB
8 KB 20ms
20ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: 5TonZ2q4BzUrPKpbgBIsyV0ypFLgVCeU
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 78
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: S9JqmfGUnOz0LPwpSi_pfNLXlTsBuv9gwZATaATF5ZDncrmISYerpA==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 36 KB
10 KB 21ms
21ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 23:30:14 GMT
x-amz-version-id: qXDwNGmcU.i_gy6zABPrFxJLJu0M1pqs
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2256047
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VbC6FhAss15una-Pju7845fz5u2eQ6F9wbd1a_9PKkNsEDSyNaCYBA==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 32 KB
11 KB 22ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: zK.I5gIdSwLDVz8paigwY_NlFGMXuMgL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3581354
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: V2S7sLy2BLrtUROGqXeQcCRbo7Djhnn-SpCQs4N7bn0R5QIm2kmcJA==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 17 KB
6 KB 22ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 06:35:14 GMT
x-amz-version-id: NhB69SBKJZmuUtXDH0xsEetKhzurSV2H
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4908947
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qvQclDaxTE7nfrIlstjqCBs13RrgNvK9nH8t-70YKOR5-zRdaGnaXA==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 25 KB
8 KB 23ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 03:25:03 GMT
x-amz-version-id: aw1f3uGwXuU6S2OomkpX1DCMYaDfscU9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2155557
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 30 Jun 2023 16:16:09 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: C0BlNc1lp75w_Rv7q6bDcOZEYd-QsKUC7nR-BuwBNSdnMC3Gy4l73w==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 74 KB
23 KB 23ms
22ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ukuXMqZaBoE6xID056KmWB0xEHmIXKmX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 69
last-modified: Fri, 16 Jun 2023 20:26:54 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Nm3UeBIv4kfWmxtfsGECkSFQgcE4euiEgbgoYNWXXkfKPVnMJmydog==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 66 KB
20 KB 23ms
21ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 25 May 2023 07:08:48 GMT
x-amz-version-id: pbTO4uU1iA_kBPCkMqV8rm3AioPcDtRp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5857333
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Wed, 24 May 2023 17:36:06 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PFNFgnHIgeZ1BK7ZS75AOTxQANeG5P_K7AZGGgKHQuinI1912s6nxA==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 91 KB
28 KB 25ms
23ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 12:05:00 GMT
x-amz-version-id: SrUur3gTkOE1yjoDcy53ibL6t3rDB5tT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2124361
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 30 Jun 2023 16:16:08 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: uY6AgxcnlxzA2XXWgxqe4_9RrOTat4Mwql4Momx_rLfAxpsQKD6gjw==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 23 KB
7 KB 26ms
24ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 30 May 2023 11:02:53 GMT
x-amz-version-id: IgOK_MQbEszp7MebOhF6oyS1BThWXb5o
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5411288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 26 May 2023 19:24:42 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9R3DtWtvGd5LvOTpUE6Xxtfec22JI-QRa2w4X6qUjtdFpNJA4FB8NQ==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 62 KB
20 KB 27ms
25ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 28 Jun 2023 02:01:51 GMT
x-amz-version-id: 4sXKEKnf1MP6Oxg8R9s.0Ul7nOjxTe89
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2938150
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Mon, 26 Jun 2023 20:12:19 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ew7IHQMxTmn1JX39JjpWcqpYJ1zyF0nTU8JyTAJt29_VpodAenWx6Q==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 105 KB
34 KB 31ms
29ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: gBpCCsntSn2IWEffEf2F8DC2OtX8qv0J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 100
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8lZbTstk3XaiHDNeRpd2bGVw9BE-1lhrpHZdHwHajPkUV2Eg97oaPg==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 12 KB
4 KB 31ms
30ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 26 May 2023 02:53:30 GMT
x-amz-version-id: d.D0r_vXgX7w1FTWdc3SLpv412I4sjOB
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5786251
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 44
last-modified: Wed, 24 May 2023 17:52:54 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OzEbV2EUYhtpkWe2KOa4vY3MHe3oHLtuug1vB1r1eUXPXrBr3jiCSA==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 13 KB
6 KB 33ms
31ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: ncEfPgGiy8bvtpJNwnTX.NMziBwYghK4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 34
last-modified: Fri, 16 Jun 2023 20:26:55 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7UNqsKN3xcWMSbxhANraEAAT11ys4-7T7BwBrz7uECtbm2VKHLUsEQ==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 17 KB
7 KB 34ms
32ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 05 Jun 2023 09:24:39 GMT
x-amz-version-id: VsfA8TLYa9RNEpzywKZv5LmrplRhx_G6
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 4898782
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 72
last-modified: Wed, 31 May 2023 20:40:09 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wxlLRHW0ISW8bG9MUxevDWUIZyYZrl9ahxAJrtngu0gZJ0OrnkT4hQ==

GET
H2 200 8.b5c2854f.chunk.css
js.driftt.com/core/assets/css/ Frame 2B06 31 KB
4 KB 31ms
30ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.b5c2854f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:48:00 GMT
x-amz-version-id: a7.YLqd37JZcdeCbrfXC3CfVjfFxsQd4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3626581
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 50
last-modified: Fri, 16 Jun 2023 14:07:10 GMT
server: istio-envoy
etag: W/"9ef689f5d4cb5dab3b0e463418857c2f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0No2spDLza9azLiFP8Df7dV_36KbAatATnLXOfwQqap9nXSO_-oPSg==

GET
H2 200 8.94b86ac7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 81 KB
25 KB 34ms
33ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.94b86ac7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:10 GMT
x-amz-version-id: sKS3NtYZ5xBkpnwyRKt297s4ZL0aCKra
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1231191
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Mon, 17 Jul 2023 15:59:42 GMT
server: istio-envoy
etag: W/"c01af04dcc374efd61d695b2f1e6a2c5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7CCHplwH3Ned2vrySmw9bqLiRP8Y1GfI7WYxPeK58toYbg75xZjNiA==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 2B06 24 B
696 B 32ms
31ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 12 May 2023 13:09:31 GMT
x-amz-version-id: C6GeoJGSzHnxQmfIIaJPtsDdeomKLjJo
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 6958890
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 24
last-modified: Thu, 11 May 2023 20:21:34 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2lID30lEaY_TicoZYEnPFl70f9uHKsd2Vdyi5C9yx8fT4x8VSAmQSA==

GET
H2 200 16.8bd9e5a9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 91 KB
23 KB 35ms
34ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.8bd9e5a9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: rzljacJzqN37r9cYvWsZXzr5I9pj.xER
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 285226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"ef144ff505a111b4fe4731aaba1cffed"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qRsiMIfv4xJ28-3KeyiudhZuTmrildjI7jTHaaRELU7U9-SO6sys-w==

GET
H2 200 24.1fcb23fd.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 50 KB
14 KB 35ms
35ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.1fcb23fd.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6e60af994c94f52d951f4ba72ce1ad110d02331dc2ab55b61110cd3be60c83f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: mhEzNs3jM3iyiDrVTPsVGu6p3AXJxHOl
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 285226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"dfa4b7771ab513175144a5ffeb70e72d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: llN8dn7FIKT3jMkMiqwGCsGLRPEzzoJm5A5SH0OxyVm5yz5wHGZjVw==

GET
H2 200 17.a71bb070.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 40 KB
13 KB 36ms
35ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.a71bb070.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6fa317686874e2babbb154c505e6d34dea75adf4cc6621773e1b40970a89419b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 18:57:15 GMT
x-amz-version-id: W_RhZ8nhV9MfFiIuzCtGrNuJHr5uhnLe
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 285226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Fri, 28 Jul 2023 18:55:10 GMT
server: istio-envoy
etag: W/"8f716b28dee3e1937ef5c37d59f4213c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UB9YyDdUD3w27RuG8xQTQNac6K1VP2LD1CszFQD-ajvJ6lYurKeBQA==

GET
H2 200 37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame 214A 3 KB
1 KB 8ms
8ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 00:43:49 GMT
x-amz-version-id: 6S9dem0QqRNKdsXJa9pt.hiZoFHo8G8.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2251632
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 58
last-modified: Fri, 30 Jun 2023 16:16:07 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YNVmbpsnn_JDNDVv1b_Jz74D2tpFGlvy5UlVRtcNQRePZl5vLjHIqg==

GET
H2 200 37.298cbb69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 3 KB
2 KB 8ms
8ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.298cbb69.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 04:59:35 GMT
x-amz-version-id: Fv09MwZ9_aib0TbI3DWT7N_8oqF8DxL_
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3618686
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"86b289eeb2bf9d30034f30d9794e8041"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cM60aDV_HuYqsLiuAJZ_H3xnvQs-LtGJ5On2NpbsajNbVwOIObCjUw==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=213885732&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&ul=en-us&de=UTF-8&dt=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABAAAAACAEK~&jid=&gjid=&cid=278507206.1690855859&tid=UA-2257074-1&_gid=45577446.1690855860&gtm=45He37q0n81MGR7P8X&cd19=278507206.1690855859&cd2=&cd3=&cd5=&cd6=&cd10=Frankfurt%20am%20Main&cd11=Hesse&cd12=Germany&cd17=&z=789949086

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 06:46:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 69845
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 15ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je37q0&_p=213885732&cid=278507206.1690855859&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAAC&_s=3&sid=1690855858&sct=1&seg=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&dt=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&en=page_view&_et=46
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 9 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 24 May 2023 04:23:57 GMT
x-amz-version-id: GhA8rzRSUOsszJIxxjXIx4g.f98pPnBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5953624
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Tue, 23 May 2023 23:00:49 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1PoZfzuGefhAe3QiWoFG1uaNA09I9okGGSMC3XVaI5WrnZxV5L_kMg==

GET
H2 200 27.01c2bea5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 35 KB
10 KB 10ms
9ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 02:02:59 GMT
x-amz-version-id: nle0j8birQ7TqZcCTCj2_Aiuc4PU4FBJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3629282
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 37
last-modified: Fri, 16 Jun 2023 14:07:13 GMT
server: istio-envoy
etag: W/"04a233a42dcf8c50a83bfecea8ba552d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: cw_3_2gR4pKZbaB1jbn_S2JsYLroCwSlPFAbGKdCFdQ7yNCvn8JkKQ==

GET
H2 200 28.b5e8f5e1.chunk.css
js.driftt.com/core/assets/css/ Frame 2B06 8 KB
2 KB 9ms
8ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/28.b5e8f5e1.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 26 Jul 2023 13:30:40 GMT
x-amz-version-id: o5Mqj_3FT3WjX9660DbCXWXmwKjwNZDi
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 477621
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Wed, 26 Jul 2023 13:12:09 GMT
server: istio-envoy
etag: W/"e7107bc29ccb3c6d928f0f8f10a0f22d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bOS5kc0N02r3uI1GVwJ6EE0YiKJvt8-n5mJ6oQ9h-tT29pkUIi3KAw==

GET
H2 200 28.bdd92ff2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 14 KB
6 KB 10ms
10ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.bdd92ff2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: FN2mK9FP.1iG0EPXu5GaP7vFrDcTGt2G
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 3581354
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 20 Jun 2023 14:23:09 GMT
server: istio-envoy
etag: W/"260fbabe310bd2cae5c44538f3d833ad"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5D9mdMx9DJSLX18ZnQm5RkajMkhx_DwOCwhBrPRfRxQUDE6Aq08lMg==

GET
H2 200 25.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 2B06 365 B
1 KB 10ms
9ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 20 Jun 2023 15:21:47 GMT
x-amz-version-id: ZuuQmAv287PLv09x8YJDQ63ijAfFLcLS
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA56-P5
age: 3581354
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
content-length: 365
last-modified: Tue, 20 Jun 2023 14:23:06 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DPk59gJFxXTpnHRd9o4RfpClPM4WXSaG3UsDSd3eUm2ArspzKXy__Q==

GET
H2 200 25.a9a52994.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 91 KB
25 KB 11ms
10ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.a9a52994.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d21b490fa72e9cd90e09db07c73ef43c0d65bf38de6a41dfd1c53338f71549a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 20:11:11 GMT
x-amz-version-id: gwpLuUCx14LwmyLJHh.v9ArijcPAHA0d
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 1231190
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 67
last-modified: Mon, 17 Jul 2023 15:59:41 GMT
server: istio-envoy
etag: W/"34109a0bf2906f78b21b4a9f5fa4ab8c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gIDCFUhmSB-JGij7s8H-XV6OI1T8Ijyy6mpFNJoARFSr4ndaLZsE3Q==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 9 KB
3 KB 10ms
9ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Wed, 24 May 2023 04:23:57 GMT
x-amz-version-id: GhA8rzRSUOsszJIxxjXIx4g.f98pPnBY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5953624
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 36
last-modified: Tue, 23 May 2023 23:00:49 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: X3qpFZM-GIlPC-m4V-OmQjSUo4-NxPMaJWCfXlxr5XUkiGYBVUJCvg==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame 214A 7 KB
2 KB 10ms
9ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 26 May 2023 01:55:58 GMT
x-amz-version-id: mj1uBZn49IegQv8DQD1iQuBHBtNoawj8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5789703
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 136
last-modified: Wed, 24 May 2023 17:36:04 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iT96GeFwiaOh9W1rToPW04flexRc5Vt3NA0iP0BdCIy5wa8wEDvhjg==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 54 KB
15 KB 12ms
11ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Mon, 29 May 2023 23:15:04 GMT
x-amz-version-id: FE5y8IPJ04Yp7NIoBaxWwnwnvwyWwyRX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 5453757
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 116
last-modified: Fri, 26 May 2023 19:24:43 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 6geXvoBlwU4-MONBZA7hnRnQ_BoyXWC18gprEGdM2xOzh9v1YO2EyA==

GET
H2 200 1.12ba17b6.chunk.css
js.driftt.com/core/assets/css/ Frame 214A 44 KB
7 KB 11ms
11ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.12ba17b6.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 20 Jul 2023 19:01:02 GMT
x-amz-version-id: 19YOPtagzF0I0emgnq_seBKB.3mPQekh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 976199
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 62
last-modified: Thu, 20 Jul 2023 18:22:08 GMT
server: istio-envoy
etag: W/"3b8ba82e1bac13ee29e9764a55620d99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kMc8PxpQpNA75ZMkvX-azPPd-HaD06N24i8p60QI4dsuM3Uwg8wHXw==

GET
H2 200 1.be8346b1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 54 KB
17 KB 13ms
12ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.be8346b1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

14c31b1fc92b43518a568d37d84d9f67783605ba8a894a17e2eef5d7de283f9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: PLfb_l_4aFe.aYN3FEG.I5zIcM2Rb4sy
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2790252
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 29 Jun 2023 18:36:38 GMT
server: istio-envoy
etag: W/"c2bd45f4e9f02db923342d39137bf141"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Zsuh4CkyOYrwWSmxTldnUqcm8zJzVphVbuAlHkLX6TlUDJmEOW2lTQ==

GET
H2 200 4.9d776499.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 23 KB
10 KB 13ms
13ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.9d776499.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

622373f59cdda9ea36f307c5f7bef0cfd8e140018c995b6394468a26ef499dec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 25 Jul 2023 18:55:58 GMT
x-amz-version-id: uGJ36CDXFf5jc7zFgfXUohqg1i8mPHWM
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 544503
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Tue, 25 Jul 2023 18:08:15 GMT
server: istio-envoy
etag: W/"cc02ad980b6b04f3bba61e68883356d4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Nu1XjDuvHxX6LtuS-KVKbYo22EPNBWb7roSVDv0LkWdE0FvoMjv8zQ==

GET
H2 200 34.0504aac4.chunk.css
js.driftt.com/core/assets/css/ Frame 214A 16 KB
3 KB 13ms
13ms Stylesheet
text/css 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.0504aac4.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2b74bc303570faa3cd261b240078960cd0c28f811ae71cb72352809a42d20f6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: Y0eUMP8TZIUm_xphXPO8Cb7kobR8Sp8P
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2790252
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Thu, 29 Jun 2023 18:36:37 GMT
server: istio-envoy
etag: W/"95b017fb41a8751bd7175f8a73f035f8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: T7CZKSIqdd0RPDeV_Ce4Pwxtf7Jek5WeASNWO2MTnE2e8ci73IwvIw==

GET
H2 200 34.26535e57.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 12 KB
5 KB 13ms
13ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.26535e57.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c7076a6235cd12720cc675334102d16bd5e46a33910f1b3ada0425b74ed020d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 29 Jun 2023 19:06:49 GMT
x-amz-version-id: pP4ZKQ0wl7_jYctuYheBxCj9PF_v.ESa
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2790252
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 29 Jun 2023 18:36:39 GMT
server: istio-envoy
etag: W/"d1f726d8d49e4c3e218775f6ce78039f"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Z6pXnnLkz90S9aLCfvWQVHtDLRIUNzpMcUeCPfx6h8PgOffXPo6iDg==

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame 2B06 146 B
587 B 383ms
114ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

87329409b509468cb7c312b3ad9294f75c75d22022600402656f525bf7750495

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 01 Aug 2023 02:11:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 715b192c4e137660
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 9
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 146

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 2B06 25 B
89 B 144ms
117ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 01 Aug 2023 02:11:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 42a8ee3bca90837f
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame 2B06 26 KB
8 KB 379ms
379ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

8870b0afafd4a03ac62b17b05aa5bbbff45914a24ea26569f1d59733fdc0b57c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 01 Aug 2023 02:11:01 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 1fac36ad9d967aae
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 276
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 205ms
203ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:02 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 track Show response
event.api.drift.com/ Frame 2B06 709 B
769 B 105ms
105ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e16402f0b17b2b4e03632fb29d1396ec0d9816c5578313cc500c43200c4942cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTAwMzk3Nzc2OSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3MjI0NzgyNjIsImlhdCI6MTY5MDg1NTg2Mn0.DL7mbUoyocr_pcQWfp9XawcQx7AbQDtcU4BMOF3QJP94MYMwQir2y7mcbYDCdQdNXOi1OzA11z4AHhRry3Ir_Q
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 01 Aug 2023 02:11:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 2b6d75fc9f3f1a9c
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 709

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 145ms
123ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Tue, 01 Aug 2023 02:11:02 GMT
requestid: drift39e046140ff8236ad192eaeb364
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame 2B06 2 KB
818 B 107ms
106ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

d8515c16c41f9a400eb42d49c052d5e8b87fbd51f2e4f291b196cf5af341041f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTAwMzk3Nzc2OSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3MjI0NzgyNjIsImlhdCI6MTY5MDg1NTg2Mn0.DL7mbUoyocr_pcQWfp9XawcQx7AbQDtcU4BMOF3QJP94MYMwQir2y7mcbYDCdQdNXOi1OzA11z4AHhRry3Ir_Q
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 01 Aug 2023 02:11:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 63dad9d005cf815f
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 754

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 141ms
124ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Tue, 01 Aug 2023 02:11:02 GMT
requestid: drift06cce524b2cb0ff6be595e3bbc3
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

OPTIONS
H2 200 render_initial_v3
flow.api.drift.com/flows/ Frame 0
0 130ms
106ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Tue, 01 Aug 2023 02:11:03 GMT
requestid: drift92f38284895b51527216f06d9bb
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 2

POST
H2 200 render_initial_v3 Show response
flow.api.drift.com/flows/ Frame 2B06 4 KB
2 KB 136ms
136ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://flow.api.drift.com/flows/render_initial_v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

edec8c1a97054beb458336a15b4d8f2f0104b5e679f1eb86e3cbc5c47ee88079

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTAwMzk3Nzc2OSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3MjI0NzgyNjIsImlhdCI6MTY5MDg1NTg2Mn0.DL7mbUoyocr_pcQWfp9XawcQx7AbQDtcU4BMOF3QJP94MYMwQir2y7mcbYDCdQdNXOi1OzA11z4AHhRry3Ir_Q
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 01 Aug 2023 02:11:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: bec7e5f9440c2a54
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 31
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 2013

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 203ms
203ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:03 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 104ms
104ms Preflight
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Tue, 01 Aug 2023 02:11:03 GMT
requestid: drift20df38e4e8cb494d3eeaeefa59c
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame 2B06 0
37 B 111ms
111ms XHR
text/plain 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIxOTAwMzk3Nzc2OSIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3MjI0NzgyNjIsImlhdCI6MTY5MDg1NTg2Mn0.DL7mbUoyocr_pcQWfp9XawcQx7AbQDtcU4BMOF3QJP94MYMwQir2y7mcbYDCdQdNXOi1OzA11z4AHhRry3Ir_Q
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 01 Aug 2023 02:11:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 4794b7d85e634a44
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=213885732&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&ul=en-us&de=UTF-8&dt=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%202592682&_u=aDDAAEABAAAAACAEK~&jid=&gjid=&cid=278507206.1690855859&tid=UA-2257074-1&_gid=45577446.1690855860&gtm=45He37q0n81MGR7P8X&cd19=278507206.1690855859&z=1653320369

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Jul 2023 06:46:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 69847
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 2B06 19 KB
7 KB 8ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=82dec320-8446-490f-9f83-1efb7f00a737&sessionStarted=1690855861.049&campaignRefreshToken=33131a44-e0c8-4c0e-a77b-c15019bdd17a&hideController=false&pageLoadStartTime=1690855858766&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:16:11 GMT
x-amz-version-id: gdLzK0_qjU8jtmmLbxCIMiiKO3ne3if8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2984092
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Mon, 26 Jun 2023 20:12:20 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -DpFSxbVFQI72tlulN7pMBQOvN2Al1nvS4mNDfRsUC4lXIWeCX5PPg==

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 214A 19 KB
7 KB 7ms
7ms Script
application/javascript 18.66.112.41
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.d3870f72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.41 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-41.fra56.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1690855858766
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 27 Jun 2023 13:16:11 GMT
x-amz-version-id: gdLzK0_qjU8jtmmLbxCIMiiKO3ne3if8
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2984092
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 24
last-modified: Mon, 26 Jun 2023 20:12:20 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VW9sSG8eiOLUMJExpgSSD7gWa5NyRTosKbjFe4ggKZqRCljrZzMZhA==

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1309750%252F9e77f9d489fc3ad74f32090ae6922ff1fdkai8s866gp%3Ffit%3Dmax%26fm%3Dpng%26h...
driftt.imgix.net/ Frame 2B06 13 KB
13 KB 61ms
8ms Image
image/png 2a04:4e42:8e::720
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1309750%252F9e77f9d489fc3ad74f32090ae6922ff1fdkai8s866gp%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D1fa885486548b9fa07af83deda938923?fit=max&fm=png&h=200&w=200&s=fdb3a24e9ad43adf145047ce65372ef4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:8e::720 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

imgix /

Resource Hash

5bc96148422c1b30097a63405faf5d45b91b61da6c5cd05f5a8774ba29a144b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:03 GMT
x-content-type-options: nosniff
age: 373950
x-cache: HIT, HIT
x-imgix-id: 93230274b6c60ba22101cc9e0e328042d21bdf02
cross-origin-resource-policy: cross-origin
content-length: 13165
x-served-by: cache-sjc1000104-SJC, cache-fra-etou8220065-FRA
x-imgix-render-farm: 01.140328
last-modified: Thu, 27 Jul 2023 18:18:33 GMT
server: imgix
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 202ms
201ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:04 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame 2B06 25 B
112 B 116ms
116ms XHR
application/json 34.193.113.164
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.193.113.164 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-113-164.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 01 Aug 2023 02:11:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 7f5ecf2aab8d6a5b
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 202ms
202ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:05 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 204ms
203ms Image
image/gif 95.101.111.170
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.170 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-170.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 02:11:06 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 15ms
14ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je37q0&_p=213885732&cid=278507206.1690855859&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=4&sid=1690855858&sct=1&seg=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fuk%2Fblog%2Fthreat-insight%2Fout-sandbox-wikiloader-digs-sophisticated-evasion&dt=Out%20of%20the%20Sandbox%3A%20WikiLoader%20Digs%20Sophisticated%20Evasion%20%C2%A0%20%7C%20Proofpoint%20UK&en=6sense&_et=2515&up.company_name=&up.industry=&up.employee_count=&up.employee_range=
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Aug 2023 02:11:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

155 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

44 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.proofpoint.com/uk/blog/threat-insight	1969-12-31 23:59:59	Name: hide_lang_switcher Value: 1
www.proofpoint.com/uk/blog/threat-insight	1969-12-31 23:59:59	Name: pp_user_country Value: de
.proofpoint.com/	1970-01-20 22:25:56	Name: visid_incap_177663 Value: JAQXEld8SGCKtEFLlcOO4bFpyGQAAAAAQUIPAAAAAAAvAGIiO++JvYI1AGg6pHIr
.proofpoint.com/	1969-12-31 23:59:59	Name: incap_ses_771_177663 Value: br3VF0ps0nM+RZ7uOyazCrJpyGQAAAAA3f99pOV8nxER6NOtcY+XQA==
.proofpoint.com/	1970-01-20 15:50:31	Name: _gcl_au Value: 1.1.802731899.1690855859
.proofpoint.com/	1970-01-20 23:16:55	Name: _mkto_trk Value: id:309-RHV-619&token:_mch-proofpoint.com-1690855859939-95870
.proofpoint.com/	1970-01-20 23:16:55	Name: _ga Value: GA1.2.278507206.1690855859
.proofpoint.com/	1970-01-20 13:42:22	Name: _gid Value: GA1.2.45577446.1690855860
.proofpoint.com/	1970-01-20 13:40:55	Name: _gat_UA-2257074-1 Value: 1
www.proofpoint.com/	1970-01-20 13:42:22	Name: ln_or Value: eyIxNjkyNTAsMzk1NTkzNywzOTc2MjEyIjoiZCJ9
tracking.g2crowd.com/	1970-01-20 14:01:05	Name: _session_id Value: 6cde0192f5ea27fbb601e92836783525
.g2crowd.com/	1970-01-20 13:40:57	Name: __cf_bm Value: fP8tV0XBO5eyMfkzY8nWcLYxVuxe.O_f_xxiez4DFFg-1690855860-0-AeC6myCjl4V3tRwZ6wuqsBgY5Jxv6jPYAbUTPMFljSCNjRGB/iFByoyayH9X3nEcUTfEGckcu2/PF8rhgrkXzKY=
.proofpoint.com/	1970-01-20 15:50:31	Name: _fbp Value: fb.1.1690855860130.1010999323
.techtarget.com/	1970-01-20 13:40:57	Name: __cf_bm Value: iaO0RNZH3owG.OFL0quwsLBemObCjnTn77PEvbfcEsg-1690855860-0-Ac+bAPxagphQ3DEqdzYAXooBkFRVUbkSmzb6uuBdZYMoaKXkY8yn3i8ePQV24PqSxCWgYrrd4UV9N0zGlrNZrus=
tags.srv.stackadapt.com/	1970-01-20 22:26:31	Name: sa-user-id Value: s%3A0-035ee0ac-639d-5e2a-70d6-34d172b7eb9c.Iw0t3Fnz6TxitN2KLjkcsCnpaz4z1UkRGgUS0HNw2h8
.srv.stackadapt.com/	1970-01-20 22:26:31	Name: sa-user-id Value: s%3A0-035ee0ac-639d-5e2a-70d6-34d172b7eb9c.Iw0t3Fnz6TxitN2KLjkcsCnpaz4z1UkRGgUS0HNw2h8
tags.srv.stackadapt.com/	1970-01-20 22:26:31	Name: sa-user-id-v2 Value: s%3AA17grGOdXipw1jTRcrfrnCU6OQE.SUl9KsCjl9o8LwIDFNFMkIYAJCTQ9r4tpgn9tQelYq0
.srv.stackadapt.com/	1970-01-20 22:26:31	Name: sa-user-id-v2 Value: s%3AA17grGOdXipw1jTRcrfrnCU6OQE.SUl9KsCjl9o8LwIDFNFMkIYAJCTQ9r4tpgn9tQelYq0
tags.srv.stackadapt.com/	1970-01-20 22:26:31	Name: sa-user-id-v3 Value: s%3AAQAKIGKXlqx22MAcZBc_LdzMN5TK8xTWIFDwnvz1APIN43ppEHwYBCC006GmBjABOgRVNED5QgTSjWbp.Wfgj35PLfTPeNPQT5S2uoveS2OV8B3klATGNqrAs4Bo
.srv.stackadapt.com/	1970-01-20 22:26:31	Name: sa-user-id-v3 Value: s%3AAQAKIGKXlqx22MAcZBc_LdzMN5TK8xTWIFDwnvz1APIN43ppEHwYBCC006GmBjABOgRVNED5QgTSjWbp.Wfgj35PLfTPeNPQT5S2uoveS2OV8B3klATGNqrAs4Bo
www.proofpoint.com/	1970-01-20 22:26:31	Name: sa-user-id Value: s%253A0-035ee0ac-639d-5e2a-70d6-34d172b7eb9c.Iw0t3Fnz6TxitN2KLjkcsCnpaz4z1UkRGgUS0HNw2h8
www.proofpoint.com/	1970-01-20 22:26:31	Name: sa-user-id-v2 Value: s%253AA17grGOdXipw1jTRcrfrnCU6OQE.SUl9KsCjl9o8LwIDFNFMkIYAJCTQ9r4tpgn9tQelYq0
www.proofpoint.com/	1970-01-20 22:26:31	Name: sa-user-id-v3 Value: s%253AAQAKIGKXlqx22MAcZBc_LdzMN5TK8xTWIFDwnvz1APIN43ppEHwYBCC006GmBjABOgRVNED5QgTSjWbp.Wfgj35PLfTPeNPQT5S2uoveS2OV8B3klATGNqrAs4Bo
ads.avct.cloud/	1970-01-20 22:26:31	Name: uuid Value: 35f7e3da-6383-473b-988c-fc1c4614a6bb
.adnxs.com/	1970-01-20 15:50:31	Name: uuid2 Value: 4714019036497078514
.linkedin.com/	1970-01-20 15:50:31	Name: li_sugr Value: 2ff22778-747d-4085-a59a-7c39093cfc37
.linkedin.com/	1970-01-20 22:26:31	Name: bcookie Value: "v=2&3edb6e63-f6e3-44b8-8c2e-9298e51fd5ca"
.linkedin.com/	1970-01-20 13:42:22	Name: lidc Value: "b=TGST09:s=T:r=T:a=T:p=T:g=2561:u=1:x=1:i=1690855860:t=1690942260:v=2:sig=AQFGEmj3OSux1h1Us-trodYIJyrjaIyi"
.proofpoint.com/	1970-01-20 13:42:22	Name: _uetsid Value: a8c424f0301011eeb36c47181e31c462
.proofpoint.com/	1970-01-20 23:02:31	Name: _uetvid Value: a8c46470301011ee8144d50adcf51939
.bing.com/	1970-01-20 23:02:31	Name: MUID Value: 0422D733F1A462B00A44C453F0CF639B
.linkedin.com/	1970-01-20 14:24:07	Name: UserMatchHistory Value: AQJhG6kFErVrNgAAAYmu3Ojc3euUUjvLUZxy1afNneyKoTB0l6qQetYoF-HdvnhZD2Q63LoPMRhTdQ
.linkedin.com/	1970-01-20 14:24:07	Name: AnalyticsSyncHistory Value: AQJvB9NJz_oQAQAAAYmu3Ojc4joyXoHjtGWep_Ftp-NZPH58ayeaYbv2otGUvJHMZJ1pSodyjy5BrNDPk6YQtQ
.doubleclick.net/	1970-01-20 23:02:31	Name: IDE Value: AHWqTUkKzomFjWJ2hpJOi3LBKP-CjSY6avFFUReIArRAY2_1rJjiiVEDyo11BAHRmFo
.mathtag.com/	1970-01-20 23:06:51	Name: uuid Value: 150064c8-69b4-4d00-afb8-8ce36a0fe679
.www.linkedin.com/	1970-01-20 22:26:31	Name: bscookie Value: "v=1&20230801021100e8aafe71-c195-4bc4-8cd8-4111c35dae82AQH522NvvBLFkdiZJiBuKM7bJLJKdq8m"
.linkedin.com/	1970-01-20 18:00:07	Name: li_gc Value: MTswOzE2OTA4NTU4NjA7MjswMjGfesO30XDg70zA0u8sE7hawecZurEjgsd4h6jCrN03YQ==
www.proofpoint.com/	1970-01-20 23:16:55	Name: _gd_visitor Value: 39149a35-da3a-43d1-81e0-797f4abe1506
www.proofpoint.com/	1970-01-20 13:41:10	Name: _gd_session Value: 169f6195-8d17-432a-83e7-523e3bae8e23
www.proofpoint.com/	1970-01-20 13:40:57	Name: drift_campaign_refresh Value: 33131a44-e0c8-4c0e-a77b-c15019bdd17a
.6sc.co/	1970-01-20 23:16:55	Name: 6suuid Value: aad0170248720000b569c8642a01000065a76e00
.proofpoint.com/	1970-01-20 23:16:55	Name: _ga_B1V8SZE3GL Value: GS1.1.1690855858.1.1.1690855861.57.0.0
www.proofpoint.com/	1970-01-20 23:16:55	Name: drift_aid Value: 9c0a758c-29c6-4647-8b64-f76791a233d2
www.proofpoint.com/	1970-01-20 23:16:55	Name: driftt_aid Value: 9c0a758c-29c6-4647-8b64-f76791a233d2

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
javascript	warning	URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion(Line 1314) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.proofpoint.com/uk/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion(Line 1314) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' ; img-src 'self' 'unsafe-inline' data: blob: ; media-src 'self'; frame-src 'self' 'unsafe-inline' ; child-src 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' ; report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com; object-src 'self'; style-src 'self' 'unsafe-inline' ; img-src 'self' 'unsafe-inline' data: blob: ; media-src 'self'; frame-src 'self' 'unsafe-inline' ; child-src 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' ; report-uri /report-csp-violation
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

309-rhv-619.mktoresp.com
4788165.fls.doubleclick.net
ads.avct.cloud
ads.avocet.io
adservice.google.com
attr.ml-api.io
b.6sc.co
bam.nr-data.net
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
cdn.linkedin.oribi.io
connect.facebook.net
driftt.imgix.net
epsilon.6sense.com
event.api.drift.com
flow.api.drift.com
fonts.googleapis.com
geoip-js.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
js.driftt.com
metrics.api.drift.com
munchkin.marketo.net
pixel.mathtag.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.ml-attr.com
s7.addthis.com
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
tags.srv.stackadapt.com
targeting.api.drift.com
tracking.g2crowd.com
trk.techtarget.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
www.proofpoint.com
x.bidswitch.net
104.102.38.132
13.107.42.14
142.250.184.194
142.250.184.230
151.101.2.137
162.247.241.14
18.66.112.41
185.89.210.101
192.28.144.124
2.19.224.115
2001:4860:4802:34::36
2600:9000:20eb:6c00:2:53b2:240:93a1
2600:9000:21f3:e600:12:3734:2a40:93a1
2606:4700::6812:1344
2606:4700::6812:1e49
2606:4700::6812:d9f
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:802::200e
2a00:1450:4001:808::2003
2a00:1450:4001:809::2008
2a00:1450:4001:812::200e
2a00:1450:4001:827::200a
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82b::2002
2a00:1450:400c:c0a::9a
2a02:26f0:480:23::1726:62a7
2a02:26f0:480:f::213:7ec6
2a02:e980:107::cf
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:8e::720
3.124.251.238
3.127.67.224
3.252.158.15
34.111.208.231
34.193.113.164
35.158.29.183
52.48.249.243
68.67.153.60
95.101.111.170
95.101.148.198
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
0305f002cec9f1f9f900c6bb1ce8836e4d9d54b1157ef1057db2601267c3d22d
0745768a43f86c3179479137fcdf5b9fa61dec4935b4772463b99c3ada324df1
084390577243b6986d5564d152916a37a3124305e11b2817d0c2eabc863e081b
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c922621ddc4910472a15b28bf30bfb206784213a6bfbf9d71e0ba68bb9b459c
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
11b4a5f186edf838f6e951559bef8aa85c686a83e0a226c5a82622da95e54307
14c31b1fc92b43518a568d37d84d9f67783605ba8a894a17e2eef5d7de283f9c
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
178c7e0dd0c602d457b8d91dd18b916c3f4220794fccb6067cac187f0c753795
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1bae987f079e93255da7aeabc8fa713d4ecc0739c50862a0c46241b9f6a2370e
1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70
24d6de95dce9cefc6dfeff25325436aebd247f25e777dfed92b547f3ed03450d
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2b74bc303570faa3cd261b240078960cd0c28f811ae71cb72352809a42d20f6e
2d44a47ef3690dc4fa9cc87b331021aa953bc022facc2ca5074039f4cab9ec10
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f472251b6b4a4a8d7ceed7539cb6ebea71caf28bccc0beda7a6866a6847b53e
32dffddd1bfd33d7568ee8501d3a7dc111f7b8177bd78b41fa668328f0ed8dbf
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
38068c6216d8cd0ebd227e767dea7b85b17c68ee40a2b32c20cb879ea225d274
3a164e1ce79fa9e812c364134ef02b30586ee26acd6ef26d74358beddff018ff
3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3e89824dcd4a1d958c6972134bfc50e0c8e4a76d6b47569d14fd7cba455c1f7f
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
4c54702033aef67e176e3b62a43c6cb81699162bec3a2853adb7855fca726936
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4dc5cb00ec5e1018da106f85bcef7dc362edada3b9023ffd5bdb16321dad78d1
4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09
51ae21e1c67c19a822d22dbdb60ef73da5dca20a16b413821f76582d3860dcb9
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
521b858a4fcc33d56f0248f7aa72997c4acf17e0843bbb00e144f8ae41a40f82
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
53566933025df8291732c4f741fbfcf8fc74bd9dba836e5011041e2caa40ff12
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5bc96148422c1b30097a63405faf5d45b91b61da6c5cd05f5a8774ba29a144b3
5ccf0efcbf4e94ddfde7d5723bf36026e21e0cbd93f51e6b72bf29c6dd8b9f75
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e6ecec8d78c9d3f391fac9bde08b4f66048ab4ce9d97d3774b3d223f18b43a1
622373f59cdda9ea36f307c5f7bef0cfd8e140018c995b6394468a26ef499dec
65b5a8ddace09d6d9d930f2ffdb484ee2ebd30fba7c1352b6446d79aae6d23e2
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6907f421de451fd5e7f962c48d39191bd7d86390df35df8b416d3ca0eb558436
69a1845e58a65294abedd4863bd9438f9d5b1d127ef4b785570f07309d449011
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
6cd32b3da7d3bb005bf1adc95908ed83688aea529774415e02e8ef8d987977d2
6dc5a41a72f6c1b4148d0629284183a4db42a28fef188ff4d55d5872d0ea3561
6e60af994c94f52d951f4ba72ce1ad110d02331dc2ab55b61110cd3be60c83f3
6eabf982ec86c7a2d08d260cdd257c9d1f1d9b589cb52a812be0dc5c7cf1af9a
6fa317686874e2babbb154c505e6d34dea75adf4cc6621773e1b40970a89419b
700d72e8901f85293294fe3a64c902f927b6c9a28d7ab821e3ec62657b00703a
70560ba9138d04a53b3d50ad24c6ba38a16a2cacb591ddaf7aabb312f0330a9f
73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787
785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84f34f69435cc44f2bcbc18d973988733687f8149c2453f73325fd078f471e14
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
87329409b509468cb7c312b3ad9294f75c75d22022600402656f525bf7750495
87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f
8870b0afafd4a03ac62b17b05aa5bbbff45914a24ea26569f1d59733fdc0b57c
8879c5372c9cdd8a63f0482260b11c03651fb6bf5a216ab4478fdb30394ee24a
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b0fa5b403c11d275fbdc00832420565d7db9fad4b58af1532bef3851c34ca2f
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
8f6a20bba0a1139f660d9a27ff45d2082b3467fe5909fabd6b4cf6c7a833e017
8ff0571e454b75517b28b02b1749dbcafa80d1cf6c4786c8fc45ee6f3fd13bcc
94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae
9d35d21373d18f0ca04092ccd9dc4e69e1bcaf9c66bda696dcdc7d5766609dae
a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394
aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910
ae3536ecd79c98f87387cee9060be3053e0eb8fe0871e7336554812ef8138772
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
ba774d740ac5fa1e77c1471aee0b3ae0d866fd545746d9736837f416334450bc
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c640d911a58cc3ef31b1a3c2090fa753c948902033b9917ab5daef4fbb33b5d2
c7076a6235cd12720cc675334102d16bd5e46a33910f1b3ada0425b74ed020d3
c902ff18c7858648be03999d4022c40d66ad694ae218ea4b1558e74703b854a5
c99ff58c3dc4deb821c87dc9c45aed4af66541ceb1b0f62ec208114ffc37dbf4
ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d21b490fa72e9cd90e09db07c73ef43c0d65bf38de6a41dfd1c53338f71549a3
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
d74324ac5719aa202221018cd0181776040570d0d6b94112fef8e841ef3d6c13
d8515c16c41f9a400eb42d49c052d5e8b87fbd51f2e4f291b196cf5af341041f
d9bafbaa07911d0596a806a1177da26c107f735052d28603bc5eb8fa0dc63b55
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de89e0378a3d91d39b989b9d8476c7c30802714ce50e94b26a3e037f0b498a50
df0b1df1d346e246f1dc6b3c87fd183a7a39b099406d716f5783b7c5128d5cbc
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e16402f0b17b2b4e03632fb29d1396ec0d9816c5578313cc500c43200c4942cd
e2508410e61728ce5097597099aae34d7e1f0450b17492e4a77cabf8b6f7eeaa
e25d36c6586ad2fde35328af102cdbf05f63934e37eb8c63c0adf76d667401e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e97558016f5d001dd30657edd04f5ae579bcee8f10bf823eb28c8b8da95084dd
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d
edec8c1a97054beb458336a15b4d8f2f0104b5e679f1eb86e3cbc5c47ee88079
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1249e3503b8a12598e09882e9ded38155ac212298143dec459ce6820c6d3f37
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fa44ba5620fc182eb36d66b9dea560edeb23af9c3104647e39e2a4d3fabcf8cd
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a

www.proofpoint.com Open in urlscan Pro 2a02:e980:107::cf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

197 Requests

97 %HTTPS

53 %IPv6

36 Domains

50 Subdomains

40 IPs

4 Countries

4605 kBTransfer

10307 kBSize

44 Cookies

15 Outgoing links

Redirected requests

197 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Screenshot
Live screenshot

Full Image

197
Requests

97 %
HTTPS

53 %
IPv6

36
Domains

50
Subdomains

40
IPs

4
Countries

4605 kB
Transfer

10307 kB
Size

44
Cookies

197 HTTP transactions
9 data transactions