www.netskope.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Submission: On March 18 via api (March 18th 2024, 3:22:00 pm UTC) from US — Scanned from DE

Summary HTTP 66 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 10 domains to perform 66 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.netskope.com. The Cisco Umbrella rank of the primary domain is 786122.
TLS certificate: Issued by GlobalSign Extended Validation CA - S... on September 8th 2023. Valid for: a year.

This is the only time www.netskope.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
39	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	151.101.1.91 151.101.1.91	54113 (FASTLY) (FASTLY)
2	2a02:26f0:480... 2a02:26f0:480:d::210:f150	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2606:4700::68... 2606:4700::6812:1005	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::644	54113 (FASTLY) (FASTLY)
2	2a02:26f0:480... 2a02:26f0:480:5a6::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	104.17.70.206 104.17.70.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.5.176.222 52.5.176.222	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
1	35.186.247.156 35.186.247.156	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	104.16.94.80 104.16.94.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.231.227.154 54.231.227.154	() ()
66	14

39 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.netskope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.91 (United States)

ASN54113 (FASTLY, US)

client-registry.mutinycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:d::210:f150 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::644 (United States)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:5a6::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.70.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.netskope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.5.176.222 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-5-176-222.compute-1.amazonaws.com

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.94.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-sj09.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.231.227.154 (None, )

ASN- ()

qualified-production.s3.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	netskope.com www.netskope.com — Cisco Umbrella Rank: 786122 go.netskope.com	1 MB
9	qualified.com js.qualified.com — Cisco Umbrella Rank: 19191 app.qualified.com — Cisco Umbrella Rank: 20159 assets.qualified.com — Cisco Umbrella Rank: 21132	963 KB
4	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4078 consentcdn.cookiebot.com — Cisco Umbrella Rank: 4632 imgsct.cookiebot.com — Cisco Umbrella Rank: 4753	123 KB
1	amazonaws.com qualified-production.s3.us-east-1.amazonaws.com	5 KB
1	marketo.com app-sj09.marketo.com	67 KB
1	gstatic.com www.gstatic.com	198 KB
1	sentry.io sentry.io — Cisco Umbrella Rank: 175	324 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	wistia.net fast.wistia.net — Cisco Umbrella Rank: 8548	132 KB
1	mutinycdn.com client-registry.mutinycdn.com — Cisco Umbrella Rank: 18836	17 KB
66	10

	Domain	Requested by
39	www.netskope.com	www.netskope.com
7	assets.qualified.com	app.qualified.com
6	go.netskope.com	www.netskope.com app-sj09.marketo.com go.netskope.com
2	consent.cookiebot.com	www.netskope.com consent.cookiebot.com
1	qualified-production.s3.us-east-1.amazonaws.com	assets.qualified.com
1	app-sj09.marketo.com	www.netskope.com
1	www.gstatic.com	www.google.com
1	sentry.io	assets.qualified.com
1	www.google.com	www.netskope.com
1	app.qualified.com	js.qualified.com
1	imgsct.cookiebot.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	fast.wistia.net	www.netskope.com
1	js.qualified.com	www.netskope.com
1	client-registry.mutinycdn.com	www.netskope.com
66	15

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
www.beeswax.com
www.crazyegg.com
policies.google.com
www.linkedin.com
www.appnexus.com
twitter.com
www.facebook.com
documents.marketo.com
privacy.microsoft.com
www.stackadapt.com
www.thetradedesk.com
netskopestage.wpengine.com
go.netskope.com
netskope.com
partners.netskope.com
resources.netskope.com
docs.netskope.com
community.netskope.com
support.netskope.com
trust.netskope.com
malpedia.caad.fkie.fraunhofer.de
thehackernews.com
thedfirreport.com
github.com
www.instagram.com

Subject Issuer	Validity	Valid
netskope.com GlobalSign Extended Validation CA - SHA256 - G3	`2023-09-08` - `2024-10-09`	a year	crt.sh
client-registry.mutinycdn.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-06` - `2025-04-07`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-28` - `2025-02-27`	a year	crt.sh
qualified.com E1	`2024-03-11` - `2024-06-09`	3 months	crt.sh
fast.wistia.net GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-02` - `2024-08-02`	a year	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-02-26`	a year	crt.sh
go.netskope.com Cloudflare Inc ECC CA-3	`2024-03-05` - `2024-12-31`	10 months	crt.sh
app.qualified.com R3	`2024-01-20` - `2024-04-19`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2024-09-07`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
app-sj09.marketo.com Cloudflare Inc ECC CA-3	`2024-03-10` - `2024-12-31`	10 months	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2024-02-08` - `2025-01-11`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Frame ID: 6161311CD9E607718F9F30E1A90D020A
Requests: 54 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: DF81716F4793A77F05DB56696A8CBF82
Requests: 1 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=efa092c9-7426-4fc2-a25c-80abc7e1acd8
Frame ID: 87F5C588B4E933543F0AEFD00B8145EE
Requests: 11 HTTP requests in this frame

Frame: https://go.netskope.com/index.php/form/XDFrame
Frame ID: 50C0149E99278D4685CED36E9EE48936
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

From Delivery To Execution: An Evasive Azorult Campaign Smuggled Through Google Sites - Netskope

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

66
Requests

98 %
HTTPS

46 %
IPv6

10
Domains

15
Subdomains

14
IPs

3
Countries

2953 kB
Transfer

8475 kB
Size

7
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/en/what-is-behind-powered-by-cookiebot/
Title: Powered by Cookiebot

Search URL Search Domain Scan URL

URL: https://www.beeswax.com/cookies/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/goto/privacy-policy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.crazyegg.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.appnexus.com/corporate-privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://twitter.com/en/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.facebook.com/policy.php/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://documents.marketo.com/legal/cookies/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.stackadapt.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.thetradedesk.com/general/website-privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://netskopestage.wpengine.com/
Title: netskopestage.wpengine.com

Search URL Search Domain Scan URL

URL: https://go.netskope.com/
Title: go.netskope.com

Search URL Search Domain Scan URL

URL: https://netskope.com/
Title: netskope.com

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://partners.netskope.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://resources.netskope.com/ebooks/designing-a-sase-architecture-for-dummies
Title: Get the eBook

Search URL Search Domain Scan URL

URL: https://docs.netskope.com/
Title: Product Documentation

Search URL Search Domain Scan URL

URL: https://community.netskope.com/
Title: Customer Community

Search URL Search Domain Scan URL

URL: https://support.netskope.com/
Title: Support Portal

Search URL Search Domain Scan URL

URL: https://trust.netskope.com/
Title: Trust Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites%27

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=%20From%20Delivery%20To%20Execution:%20An%20Evasive%20Azorult%20Campaign%20Smuggled%20Through%20Google%20Sites%20@Netskope&url=https%3A%2F%2Fwww.netskope.com%2Fblog%2Ffrom-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites%27

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.azorult
Title: Azorult

Search URL Search Domain Scan URL

URL: https://thehackernews.com/2023/07/chinese-hackers-use-html-smuggling-to.html
Title: nation-state group

Search URL Search Domain Scan URL

URL: https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
Title: Nokoyawa ransomware

Search URL Search Domain Scan URL

URL: https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Malware/Azorult/IOCs
Title: GitHub repository

Search URL Search Domain Scan URL

URL: https://partners.netskope.com/English/
Title: Partner portal

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/netskope

Search URL Search Domain Scan URL

URL: https://twitter.com/netskope

Search URL Search Domain Scan URL

URL: https://www.instagram.com/netskope/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

66 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites Show response
www.netskope.com/blog/ 1 MB
138 KB 267ms
183ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

a7344050fb39fbd4006c29583a356e8c3a8b9e4d863ee545a76509355ffaa732

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: https://www.netskope.com
alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8666371a4c044522-TXL
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Mon, 18 Mar 2024 15:21:55 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://www.netskope.com/wp-json/>; rel="https://api.w.org/" <https://www.netskope.com/wp-json/wp/v2/posts/56009>; rel="alternate"; type="application/json" <https://www.netskope.com/?p=56009>; rel=shortlink
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: HIT: 16
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
x-powered-by: WP Engine

GET
H2 200 29745d69a30aec94.js Show response
client-registry.mutinycdn.com/personalize/client/ 51 KB
17 KB 143ms
44ms Script
application/javascript 151.101.1.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://client-registry.mutinycdn.com/personalize/client/29745d69a30aec94.js
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8e187e5545965074bcc5899d0eb7fc76e7c39f9fe553f05b66f9a98665ebfe24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: Ax8fu6DWgLaQr8tLoR.YxCBDJ_q_JOK4
x-continent-code: EU
content-encoding: gzip
date: Mon, 18 Mar 2024 15:21:55 GMT
via: 1.1 varnish
x-edge-region: EU-East
x-amz-request-id: 2D5JE8FEMB18WJZT
age: 181
x-amz-server-side-encryption: AES256
x-cache: HIT
x-edge-datacenter: FRA
content-length: 16517
x-amz-id-2: ejirLxhTWQCdG1neqBa2avAOTGKdBli87aOq7kfYqPUbr6Y44ZtXcjLzSrg1x9CAt/GY8OOvmbY=
x-served-by: cache-fra-etou8220094-FRA
x-connection-speed: broadband
last-modified: Mon, 18 Mar 2024 10:10:10 GMT
server: AmazonS3
etag: "b262fa07dd448f520022f0d68a66db78"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=3600, max-age=0
vary: X-Continent-Code, Accept-Encoding
accept-ranges: bytes
x-country-code: DE
x-cache-hits: 1

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 109 KB
34 KB 137ms
42ms Script
application/javascript 2a02:26f0:480:d::210:f150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:d::210:f150 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 341f707ebe00267db1fd017fe3c780ce991dc4b271e94e2bcd1b0988eb1db06a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date: Mon, 18 Mar 2024 15:21:55 GMT
content-encoding: gzip
last-modified: Mon, 11 Mar 2024 10:50:26 GMT
etag: "92efefeca173da1:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=181
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 34338
expires: Mon, 18 Mar 2024 15:24:56 GMT

GET
H2 200 qualified.js Show response
js.qualified.com/ 652 KB
159 KB 569ms
479ms Script
text/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=n7t9Zf7nr8m6n2fF

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0adcfca7c5206410e542f9c162e97caea5923970df8335f2574cd29a07bbb0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:56 GMT
content-encoding: gzip
via: 1.1 spaces-router (devel)
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: MISS
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 471530ef-6125-2414-8611-619c58fe3c89
pragma: no-cache
x-runtime: 0.033802
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"a0adcfca7c5206410e542f9c162e97ca"
x-download-options: noopen
vary: Accept,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8666371d2ee48eda-FRA
expires: Mon, 18 Mar 2024 19:21:56 GMT

GET
H2 200 close-icon-dark-over-light.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 504 B
383 B 87ms
86ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/close-icon-dark-over-light.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6368b91686e9cdfa1ea54256c125a4e768173ae5c4d5d70ae6a3a92a8653190

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38344
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-1f8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371bbed44522-TXL

GET
H2 200 netskope-logo-reverse.svg
www.netskope.com/wp-content/themes/netskope/images/v3/ 8 KB
3 KB 48ms
48ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/netskope-logo-reverse.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e0686135ec7cb7d0771d4e9374afc05027d7f466a2b37581f44ee2a4a8aaab8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38344
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 12 Dec 2023 06:11:27 GMT
server: cloudflare
etag: W/"6577f98f-204a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371bbed54522-TXL

GET
H2 200 logo.svg
www.netskope.com/wp-content/themes/netskope/images/v3/ 8 KB
3 KB 96ms
96ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/logo.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f14e99a3ff851e017534967b4b9d140802c549c9454179e78a553f0375b116f8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38343
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 12 Dec 2023 06:11:26 GMT
server: cloudflare
etag: W/"6577f98e-2089"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c0f7d4522-TXL

GET
H3 200 magnifying-glass-dark-over-light-default.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 409 B
580 B 60ms
60ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/magnifying-glass-dark-over-light-default.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dec46e3057bb9ae36cd2fa9c9d3b2f7469ba22aa97a025102f052b35de33eeb9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38343
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-199"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c4abe58e4-TXL

GET
H3 200 language-chevron-down-dark-over-light.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 397 B
532 B 57ms
56ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/language-chevron-down-dark-over-light.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e440f379db04ed37fbacb7acb173978202bdfcb4c0ea7bbf9a6f13f4ec8acbf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38343
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-18d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b5d58e4-TXL

GET
H3 200 menu-dark-over-light-default.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 391 B
493 B 59ms
57ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/menu-dark-over-light-default.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a467e05943081c22e179f73b80ddabbf358c23f34220f52c4099c1844395c9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38343
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-187"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b6158e4-TXL

GET
H3 200 language-chevron-down-light-over-dark.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 394 B
531 B 53ms
51ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/language-chevron-down-light-over-dark.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6404635f1e5245f1ed344d0a9a06bd42ea764c505c7d928ded598c549867c327

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38342
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-18a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b6358e4-TXL

GET
H3 200 close-icon-light-over-dark.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 434 B
543 B 60ms
57ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/close-icon-light-over-dark.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

936eafa953d2486f6bb2022af7c4e7c814132ec5d8974178521ed7d7d9fc7c3f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38342
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-1b2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b6558e4-TXL

GET
H3 200 icon-facebook-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 607 B
667 B 49ms
47ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-facebook-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b0f827622efb7915d4a67230acf13cc60d72414d25293de918257b6a1323ee6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 18:17:43 GMT
server: cloudflare
etag: W/"658dbbc7-25f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b6658e4-TXL

GET
H3 200 icon-facebook-hover-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 512 B
614 B 54ms
52ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-facebook-hover-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d606ddb5bc01e534364c40a559c9c6b60b77bc6763ffc71cf3e3caef95d0a49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31428
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 18:17:47 GMT
server: cloudflare
etag: W/"658dbbcb-200"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b6758e4-TXL

GET
H3 200 icon-x-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 569 B
654 B 50ms
48ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-x-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d75c66c8f0a1c35348b6e2c24074824e3b0468bd338f65ff8f27dc884d2dbd38

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 18:17:39 GMT
server: cloudflare
etag: W/"658dbbc3-239"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b6b58e4-TXL

GET
H3 200 icon-x-hover-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 558 B
631 B 53ms
52ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-x-hover-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

268f77e3e45b55537a86e34225383555cfb5af4e8b7639a6fdc1f071344ddfee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 18:17:36 GMT
server: cloudflare
etag: W/"658dbbc0-22e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b7058e4-TXL

GET
H3 200 icon-linkedin-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 627 B
686 B 57ms
56ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-linkedin-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b11ec7bc748f957b2327cfaf28b0e98a746a483d2d9474ecd9a7747264a3f8cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 18:17:49 GMT
server: cloudflare
etag: W/"658dbbcd-273"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b7358e4-TXL

GET
H3 200 icon-linkedin-hover-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 514 B
620 B 77ms
76ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-linkedin-hover-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ac74ddc84de6833afcfc6ca80844c79c27c44f1b5a8b423c3bfd976410c7b95

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 28 Dec 2023 18:17:52 GMT
server: cloudflare
etag: W/"658dbbd0-202"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b7658e4-TXL

GET
H3 200 resources-list.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 647 B
598 B 55ms
54ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/resources-list.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

479ed9cff91324f56cea70c1737c725c29865d0b6c3acd8ae60f437e9924e48e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31428
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-287"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b7a58e4-TXL

GET
H3 200 resources-grid.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 645 B
617 B 78ms
77ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/resources-grid.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

526ca03d0ffef7dd9b4f1d4769eb6dd902a92f5a44b668aa507f2528935b113a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-285"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b7c58e4-TXL

GET
H3 200 card-shape5.svg
www.netskope.com/wp-content/themes/netskope/dist/assets/images/ 3 KB
1 KB 79ms
77ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/assets/images/card-shape5.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a53f42b1a16d810c64140b8e704850bc798a12ffaf7ed158643517846fb1fa6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 12 Dec 2023 06:11:22 GMT
server: cloudflare
etag: W/"6577f98a-d2e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b7d58e4-TXL

GET
H3 200 round_chevron_blue.png
www.netskope.com/wp-content/themes/netskope/images/v3/ 518 B
830 B 54ms
53ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/round_chevron_blue.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

54979920508ec495f931223fc5d02c4b61a6808e5793f30dc6cb6eb4144fdb68

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 32617
cf-polished: origFmt=png, origSize=1296
content-disposition: inline; filename="round_chevron_blue.webp"
alt-svc: h3=":443"; ma=86400
content-length: 518
cf-bgj: imgq:100,h2pri
last-modified: Tue, 12 Dec 2023 06:11:27 GMT
server: cloudflare
etag: "6577f98f-510"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8666371c9b7f58e4-TXL

GET
H2 200 E-v1.js Show response
fast.wistia.net/assets/external/ 784 KB
132 KB 145ms
47ms Script
text/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.net/assets/external/E-v1.js

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

c3dff13cca4b374f64bc082d134889666f724470ecb823fcf56c123d4cec51b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:56 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 3402
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 135003
x-served-by: cache-iad-kiad7000054-IAD, cache-mxp6972-MXP
x-browser-version: 122
last-modified: Mon, 18 Mar 2024 13:24:07 GMT
server: AmazonS3
x-timer: S1710775316.040394,VS0,VE0
etag: "871575285b4bdb6f512b6d787e88f1e1"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: b6e3e6ef96e3e34dcb352370e95f1e901cb50812
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 58, 6

GET
H3 200 icon-linkedin-56x56-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 564 B
654 B 81ms
80ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-linkedin-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

657493dcde82fd4f369f5b80e272de6cdeec5eb68d44738634816d20c8e41afa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 32617
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Dec 2023 22:27:17 GMT
server: cloudflare
etag: W/"6584bbc5-234"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b8558e4-TXL

GET
H3 200 icon-linkedin-hover-56x56-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 502 B
603 B 82ms
81ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-linkedin-hover-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

03165c2a9725cdb822cfe4412cbf6ca0b547212758a9a3d32fca04deba5b1876

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Dec 2023 22:29:32 GMT
server: cloudflare
etag: W/"6584bc4c-1f6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b8658e4-TXL

GET
H3 200 icon-x-56x56-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 466 B
602 B 82ms
81ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-x-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5d4c3b4a76871754fb3f47fdbe125bc12dca9933139a06c806e9d91b0ba69bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Dec 2023 22:30:22 GMT
server: cloudflare
etag: W/"6584bc7e-1d2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b8d58e4-TXL

GET
H3 200 icon-x-hover-56x56-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 485 B
595 B 83ms
82ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-x-hover-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

126eaa53ccf333133b8bce6072a653df6c67061087a6ff50ae19b1135b477f53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Dec 2023 22:31:10 GMT
server: cloudflare
etag: W/"6584bcae-1e5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b9058e4-TXL

GET
H3 200 icon-instagram-56x56-1.svg
www.netskope.com/wp-content/uploads/2024/01/ 2 KB
1 KB 84ms
83ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2024/01/icon-instagram-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0d93d104b98be6a8824a435ff8d3065efd6e114be96b8e82368857f28657c34

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 32617
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 29 Jan 2024 03:01:44 GMT
server: cloudflare
etag: W/"65b71518-6ea"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b9258e4-TXL

GET
H3 200 icon-instagram-hover-56x56-1.svg
www.netskope.com/wp-content/uploads/2024/01/ 2 KB
1 KB 84ms
83ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2024/01/icon-instagram-hover-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

33cf789ab1c5ecaf28b73e0c10b2e9eb2c33028fd4753f236c048603375b7e94

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 32617
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 29 Jan 2024 03:01:46 GMT
server: cloudflare
etag: W/"65b7151a-71f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b9558e4-TXL

GET
H3 200 autoptimize_83d8e05e07350c5439d7f1b7514723d3.js Show response
www.netskope.com/wp-content/cache/autoptimize/js/ 1 MB
284 KB 104ms
103ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_83d8e05e07350c5439d7f1b7514723d3.js

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27ab06683237b7f9e670601e58b5e3cf74730b9326db7be776542421c73b873f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:56 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 18 Mar 2024 05:15:47 GMT
server: cloudflare
etag: W/"65f7ce03-115959"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b9658e4-TXL

GET
H3 200 magnifying-glass-dark-over-light-default.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 409 B
545 B 85ms
84ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/magnifying-glass-dark-over-light-default.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dec46e3057bb9ae36cd2fa9c9d3b2f7469ba22aa97a025102f052b35de33eeb9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38343
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-199"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b9858e4-TXL

GET
H3 200 language-chevron-down-light-over-dark.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 394 B
530 B 81ms
81ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/language-chevron-down-light-over-dark.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6404635f1e5245f1ed344d0a9a06bd42ea764c505c7d928ded598c549867c327

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 38342
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-18a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b9c58e4-TXL

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 card-shape5.svg
www.netskope.com/wp-content/themes/netskope/dist/assets/images/ 3 KB
1 KB 79ms
78ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/assets/images/card-shape5.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a53f42b1a16d810c64140b8e704850bc798a12ffaf7ed158643517846fb1fa6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 12 Dec 2023 06:11:22 GMT
server: cloudflare
etag: W/"6577f98a-d2e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9b9e58e4-TXL

GET
H3 200 round_chevron_blue.png
www.netskope.com/wp-content/themes/netskope/images/v3/ 518 B
832 B 79ms
79ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/round_chevron_blue.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

54979920508ec495f931223fc5d02c4b61a6808e5793f30dc6cb6eb4144fdb68

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 32617
cf-polished: origFmt=png, origSize=1296
content-disposition: inline; filename="round_chevron_blue.webp"
alt-svc: h3=":443"; ma=86400
content-length: 518
cf-bgj: imgq:100,h2pri
last-modified: Tue, 12 Dec 2023 06:11:27 GMT
server: cloudflare
etag: "6577f98f-510"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8666371c9b9f58e4-TXL

GET
H3 200 1920-White-Hero-Background.jpg
www.netskope.com/wp-content/uploads/2020/04/ 91 KB
91 KB 52ms
52ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2020/04/1920-White-Hero-Background.jpg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b7142b73692775e2abfa27f125de3e8c61b9c7e73887da7276a15bf367da88

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31428
cf-polished: origSize=134691, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 92900
cf-bgj: imgq:100,h2pri
last-modified: Mon, 11 Dec 2023 14:46:39 GMT
server: cloudflare
etag: "657720cf-20e23"
vary: Accept, Accept-Encoding
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8666371c9ba258e4-TXL
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 dark-breadcrumbs-chevron.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 419 B
528 B 188ms
187ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/dark-breadcrumbs-chevron.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

356a0eb9e781db945428e35f6262936f8ff27dcebdec78414ec43da9b728d5d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-1a3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8666371c9ba658e4-TXL

GET
H3 200 1920-cta-background.jpg
www.netskope.com/wp-content/uploads/2022/05/ 5 KB
6 KB 188ms
187ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2022/05/1920-cta-background.jpg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3570163585bac938916c6534b08bf93c4b1af8bfdacdac060ad7aa3884fb8cf8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31429
alt-svc: h3=":443"; ma=86400
content-length: 5496
last-modified: Mon, 11 Dec 2023 14:55:16 GMT
server: cloudflare
etag: "657722d4-1578"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8666371caba758e4-TXL
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Graphik-Regular.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 121 KB
121 KB 189ms
187ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Regular.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2d97ceaa48cf6574b5c9f91d3b43d7b4c3dcc0ab52379143c1e28144593e2f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 32616
alt-svc: h3=":443"; ma=86400
content-length: 123672
last-modified: Tue, 12 Dec 2023 06:11:23 GMT
server: cloudflare
etag: "6577f98b-1e318"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8666371caba858e4-TXL

GET
H3 200 Graphik-Medium-Web.woff2
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 33 KB
33 KB 192ms
191ms Font
font/woff2 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Medium-Web.woff2

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b40e2981d50f54f5ec3df6fbacf3b328ed9b5f653485e4980dfefae02fb7b80

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 32579
alt-svc: h3=":443"; ma=86400
content-length: 33401
last-modified: Tue, 12 Dec 2023 06:11:23 GMT
server: cloudflare
etag: "6577f98b-8279"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8666371cabac58e4-TXL

GET
H3 200 Graphik-Bold.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 128 KB
129 KB 199ms
198ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Bold.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4a9fd00f61dfc85e1e200efc6c3aa2d0e624be65aa5e7bd26b8e7fa2a28a12c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 31428
alt-svc: h3=":443"; ma=86400
content-length: 131544
last-modified: Tue, 12 Dec 2023 06:11:23 GMT
server: cloudflare
etag: "6577f98b-201d8"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8666371cabb158e4-TXL

GET
H3 200 Graphik-Semibold.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 127 KB
128 KB 213ms
212ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Semibold.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

da4a5e89a01b2570a9a81157bec8661348bfd80f3048f474354bf11f4ea2640e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:55 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 32616
alt-svc: h3=":443"; ma=86400
content-length: 130516
last-modified: Tue, 12 Dec 2023 06:11:23 GMT
server: cloudflare
etag: "6577f98b-1fdd4"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8666371cabb258e4-TXL

GET
H2 200 bc-v4.min.html Show response
consentcdn.cookiebot.com/sdk/ Frame DF81 627 B
811 B 135ms
41ms Document
text/html 2a02:26f0:480:5a6::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:5a6::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer: https://www.netskope.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 18 Mar 2024 15:21:56 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Tue, 18 Mar 2025 15:21:56 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1710775316049_35115176_258525672_30_997_38_41_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 cc.js Show response
consent.cookiebot.com/4b140262-ec1c-4bad-9de3-68c17c1566cb/ 337 KB
88 KB 88ms
86ms Script
application/x-javascript 2a02:26f0:480:d::210:f150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/4b140262-ec1c-4bad-9de3-68c17c1566cb/cc.js?renew=false&referer=www.netskope.com&dnt=false&init=false
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:d::210:f150 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 99d3f10649918904e68b04369a69989f6c9adf585b5c5249ffdd913d3a5b524d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:56 GMT
content-encoding: gzip
last-modified: Mon, 18 Mar 2024 15:21:56 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: private, max-age=1200
cross-origin-resource-policy: cross-origin
content-length: 89428
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef

GET
DATA 200
OK truncated
/ 293 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 teknkl-formsplus-1.0.5.js Show response
go.netskope.com/rs/665-KFP-612/images/ 41 KB
11 KB 1002ms
894ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/rs/665-KFP-612/images/teknkl-formsplus-1.0.5.js?_=1710775316278

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_83d8e05e07350c5439d7f1b7514723d3.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sat, 09 Mar 2024 03:04:07 GMT
server: cloudflare
etag: "4411ff-a291-613318fd147df"
vary: Accept-Encoding
content-type: application/x-javascript
accept-ranges: bytes
cf-ray: 866637226e4170b5-WAW
content-length: 11024

GET
H2 200 1.gif
imgsct.cookiebot.com/ 35 B
473 B 42ms
41ms Image
image/gif 2a02:26f0:480:5a6::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=4b140262-ec1c-4bad-9de3-68c17c1566cb
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:5a6::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:56 GMT
x-guploader-uploadid: ABPtcPpZY_zcNWt2_eqobVirx3Xxuw1u6m1FJAKQwmrVextmUyrpWTDzG6o0EXAPHCRO7Wpb0EI
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 35
last-modified: Mon, 23 Oct 2023 11:39:32 GMT
server: UploadServer
etag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-generation: 1698061172769999
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public,max-age=1800
x-goog-stored-content-length: 35
accept-ranges: bytes
content-type: image/gif

POST
H3 200 admin-ajax.php Show response
www.netskope.com/wp-admin/ 30 B
517 B 406ms
405ms XHR
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-admin/admin-ajax.php?_r=2145266240

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_83d8e05e07350c5439d7f1b7514723d3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

101fbf5a0bb7a528da8e4efaa9d8a8f5ab76793f24dfb35ebca153bb3b76f38d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept: */*
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: WP Engine
alt-svc: h3=":443"; ma=86400
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.netskope.com, https://www.netskope.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
cf-ray: 86663721bf0658e4-TXL
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H3 200 Azorult-1-1024x765.png
www.netskope.com/wp-content/uploads/2024/03/ 406 KB
406 KB 47ms
46ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2024/03/Azorult-1-1024x765.png

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

60ccd77e79558858a4172990bba97626aa0c13b8ed6c34576804eb7a32205ccf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:56 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 181
alt-svc: h3=":443"; ma=86400
content-length: 415486
last-modified: Thu, 14 Mar 2024 22:27:27 GMT
server: cloudflare
etag: "65f379cf-656fe"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 86663721cf1a58e4-TXL
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/ Frame 87F5 6 KB
3 KB 418ms
154ms Document
text/html 52.5.176.222
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=efa092c9-7426-4fc2-a25c-80abc7e1acd8

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=n7t9Zf7nr8m6n2fF

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.5.176.222 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-5-176-222.compute-1.amazonaws.com

Software

Resource Hash

24aa67ac4fb18eb6e90eb689a8c058cb741828b7184989f6a6cf57afead4e932

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.netskope.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Length: 1788
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Mon, 18 Mar 2024 15:21:57 GMT
Etag: W/"24aa67ac4fb18eb6e90eb689a8c058cb"
Link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (devel)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: 4cd6cb36-457c-d4af-3c33-760efabc95c8
X-Runtime: 0.035373
X-Xss-Protection: 1; mode=block

GET
H2 200 messenger-94e6eccc.chunk.css
assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame 87F5 35 KB
7 KB 54ms
53ms Stylesheet
text/css 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
x-amz-version-id: CuAQIeHy3KF6PjCadVq5P1eA82pmkR6n
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 4JJ8RD51NXSQ4D24
age: 2161
x-amz-server-side-encryption: AES256
x-amz-id-2: A9OIvzaEnyz/lN+viVM+Ce9RrFD0fSTxE7wr9oerbhgbJA++GDEuI3xT+QcMV6k31X9A9c3pUog=
last-modified: Wed, 13 Mar 2024 02:46:26 GMT
server: cloudflare
etag: W/"a788ecf510f83ee517cbaf79306145dd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 866637282af08eda-FRA
expires: Mon, 18 Mar 2024 19:21:57 GMT

GET
H2 200 messenger-ea37ea0f.chunk.css
assets.qualified.com/packs/css/widget/sandboxed/ Frame 87F5 5 KB
1 KB 52ms
51ms Stylesheet
text/css 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
x-amz-version-id: EbqhpkSLY0Jz042MNKdUpkosJ.oafA0j
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 4JJ3RHCEH23XV7M3
age: 2161
x-amz-server-side-encryption: AES256
x-amz-id-2: d0uJ9soWoLyZARSdGcBSG4tTORfb7zrsEGBCOYhZbHguLmc4X6NHhoQDON51pjSIn6+g/wnR5Wc=
last-modified: Wed, 13 Mar 2024 02:46:27 GMT
server: cloudflare
etag: W/"22d5f23e695250d3c5a5b1e76a015c5e"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 866637282aee8eda-FRA
expires: Mon, 18 Mar 2024 19:21:57 GMT

GET
H2 200 messenger~runtime-b1c6f65090aaa7f3dfc5.js Show response
assets.qualified.com/packs/js/widget/sandboxed/ Frame 87F5 2 KB
1 KB 52ms
51ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-b1c6f65090aaa7f3dfc5.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=efa092c9-7426-4fc2-a25c-80abc7e1acd8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3198849e1dabbf074e4d8604b709fca997513f05ed646b9640b8c30cbaf257aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
x-amz-version-id: 09PczY3Evwi.QbKWmWE8rUxRkbJ2yWfQ
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: CYHERAA0ASXZZRK3
age: 3178
x-amz-server-side-encryption: AES256
x-amz-id-2: YX/aomVAlYe2xsrGR30sKdJclbpHcAJaygIG4jbA4k0ywOsaejkqlLUEZwGuysFBX3nH5sn5sbs=
last-modified: Fri, 15 Mar 2024 22:25:22 GMT
server: cloudflare
etag: W/"070fef015cbb2da06b5a983b5cdce117"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 866637283af68eda-FRA
expires: Mon, 18 Mar 2024 19:21:57 GMT

GET
H2 200 messenger-d0f8281b2f6174adcb51.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame 87F5 1 MB
374 KB 53ms
53ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-d0f8281b2f6174adcb51.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=efa092c9-7426-4fc2-a25c-80abc7e1acd8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4931457553efa7bb7857567f3a2dde2c3f138cbb203bf9ea4bd550996f819304

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
x-amz-version-id: WZHh6jgLoE.tIN9KscXCQRUn9H7CM1VP
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: CYHDRA3AYCW5GWP7
age: 3178
x-amz-server-side-encryption: AES256
x-amz-id-2: zTdaKjvrDTo3XsBMge1MaLUV48eEZIxur35ZvfjputwODp6eKd9apZHqnx3ILCkOKU8u5wfn0no=
last-modified: Fri, 15 Mar 2024 22:25:22 GMT
server: cloudflare
etag: W/"6fc28e32dceab43dd9a9a387f583c230"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 866637283af98eda-FRA
expires: Mon, 18 Mar 2024 19:21:57 GMT

GET
H2 200 messenger-35252498d3ec4e48722e.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame 87F5 945 KB
218 KB 57ms
57ms Script
application/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-35252498d3ec4e48722e.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=efa092c9-7426-4fc2-a25c-80abc7e1acd8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 848d4918d3b06b276a8c449a88a8225682ebdbb82cf6a338591657536a09f6f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
x-amz-version-id: OIZs0ygQP42fEHl2FfPsSRC5AAw1BQXw
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: CYH2ZZ0WMADYGZG1
age: 3178
x-amz-server-side-encryption: AES256
x-amz-id-2: sl6P7uy0hZ8NSd9Cpl6yRP4KAdy5KAZQO6z9vxNej2iGT98y9ZNPFQzfFbzdYTo7B2yMXgp4z6w8R8+jg4SdSwQcq3WncDQb
last-modified: Fri, 15 Mar 2024 22:25:22 GMT
server: cloudflare
etag: W/"c151e16782fb58fd0288f304e2258918"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 866637288b738eda-FRA
expires: Mon, 18 Mar 2024 19:21:57 GMT

GET
H2 200 Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 87F5 97 KB
97 KB 135ms
51ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=efa092c9-7426-4fc2-a25c-80abc7e1acd8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
x-amz-version-id: XiEvIBR8KPfTdWjJiiUiH5Qj2WjKkU_e
cf-cache-status: HIT
x-amz-request-id: 4MF359JBEXSEJRJ4
age: 422507
x-amz-server-side-encryption: AES256
content-length: 98868
x-amz-id-2: XPLEHPQPuRux3MAByTB/swCQzmEzktCA5U0WlGbbdbJpMPm0Ja5Dy8B0F6HxTlsjOlwvwjQg1Ek=
last-modified: Wed, 13 Mar 2024 02:46:32 GMT
server: cloudflare
etag: "dc131113894217b5031000575d9de002"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 86663728bce31ca1-FRA
expires: Tue, 18 Mar 2025 21:21:57 GMT

GET
H2 200 Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame 87F5 103 KB
104 KB 175ms
90ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=efa092c9-7426-4fc2-a25c-80abc7e1acd8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:57 GMT
x-amz-version-id: 8cY6YjlooeHnGSplJkt4eqgEBf42LGvt
cf-cache-status: HIT
x-amz-request-id: 4JJ7ZP6HMYJNTFJ1
age: 427150
x-amz-server-side-encryption: AES256
content-length: 105804
x-amz-id-2: AZnqYPLm3/62orYQtpmrL8lUtosg/usIGOK5S01UAaa1HeC7OYM4II1XOjuhwlmlrJ/zUlPca8Y=
last-modified: Wed, 13 Mar 2024 02:46:32 GMT
server: cloudflare
etag: "007ad31a53f4ab3f58ee74f2308482ce"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 86663728bce61ca1-FRA
expires: Tue, 18 Mar 2025 21:21:57 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 135ms
49ms Script
text/javascript 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?_=1710775316279

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_83d8e05e07350c5439d7f1b7514723d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c930d52b9c8c1ed102d158ea962fde07b7e1a8c2858058c2c971e51a6058abbb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 18 Mar 2024 15:21:58 GMT

POST
H2 200 / Show response
sentry.io/api/1332833/envelope/ Frame 87F5 2 B
324 B 244ms
153ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1332833/envelope/?sentry_key=b5158ee3382d49b28a864fb2b91bcaaf&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.11.1

Requested by

Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-d0f8281b2f6174adcb51.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.qualified.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 18 Mar 2024 15:21:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/YurWEBlMIwR4EqFPncmQTkxQ/ 496 KB
198 KB 124ms
39ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/YurWEBlMIwR4EqFPncmQTkxQ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?_=1710775316279

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fb255a09760e965ef08595da3507477280a6617ff12a2f65b27fe756b5c719b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 16 Mar 2024 23:42:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 142774
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 202568
x-xss-protection: 0
last-modified: Fri, 15 Mar 2024 21:41:54 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 16 Mar 2025 23:42:24 GMT

GET
H2 200 forms2.min.js Show response
app-sj09.marketo.com/js/forms2/js/ 199 KB
67 KB 372ms
263ms Script
application/x-javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1710775316280

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_83d8e05e07350c5439d7f1b7514723d3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9649e0e9e5790f8d6b5e69aa4ff9969e8f7d72a84f8501ff9379078005124d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Tue, 05 Mar 2024 19:24:48 GMT
server: cloudflare
cf-cache-status: MISS
etag: "142790-31af8-612eecb9f6000"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8666372ab8c634fc-WAW
expires: Mon, 18 Mar 2024 19:21:58 GMT

GET
H2 200 getForm Show response
go.netskope.com/index.php/form/ 17 KB
4 KB 133ms
133ms Script
application/javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.netskope.com/index.php/form/getForm?munchkinId=665-KFP-612&form=1953&url=https%3A%2F%2Fwww.netskope.com%2Fblog%2Ffrom-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites&callback=jQuery37103728137295706939_1710775318489&_=1710775318490
Requested by: Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1710775316280
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc250e3b108f4d9edc83e79c481b44b592547c5b7830c2a65a253c1bdc893742

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:58 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 8666372cbe6d70b5-WAW
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 forms2.css
go.netskope.com/js/forms2/css/ 13 KB
3 KB 61ms
61ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/css/forms2.css

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1710775316280

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 181
content-length: 2623
last-modified: Tue, 05 Mar 2024 19:24:48 GMT
server: cloudflare
etag: "c1914-3437-612eecb9f6000"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8666372d9fb670b5-WAW
expires: Mon, 18 Mar 2024 19:21:58 GMT

GET
H2 200 forms2-theme-simple.css
go.netskope.com/js/forms2/css/ 826 B
325 B 62ms
61ms Stylesheet
text/css 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1710775316280

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 05 Mar 2024 19:24:48 GMT
server: cloudflare
age: 181
etag: "c1910-33a-612eecb9f6000"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8666372d9fb770b5-WAW
content-length: 242
expires: Mon, 18 Mar 2024 19:21:58 GMT

GET
H2 200 XDFrame Show response
go.netskope.com/index.php/form/ Frame 50C0 2 KB
766 B 319ms
319ms Document
text/html 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/index.php/form/XDFrame

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1710775316280

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bddfc987ea51699d719251711334a03045ef0691faf81c225e6c208cbd5f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 8666372e48ca70b5-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 18 Mar 2024 15:21:59 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 forms2.min.js Show response
go.netskope.com/js/forms2/js/ Frame 50C0 199 KB
66 KB 65ms
65ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/js/forms2.min.js

Requested by

Host: go.netskope.com
URL: https://go.netskope.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9649e0e9e5790f8d6b5e69aa4ff9969e8f7d72a84f8501ff9379078005124d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.netskope.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 18 Mar 2024 15:21:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Tue, 05 Mar 2024 19:24:48 GMT
server: cloudflare
age: 181
etag: "c190a-31af8-612eecb9f6000"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 866637304bfd70b5-WAW
expires: Mon, 18 Mar 2024 19:21:59 GMT

GET
H/1.1 200
OK 32ee0e68d7d667f40a5c443aea2f3ba5e1bc379b6c25b7f1151d8a6f9cf93c75.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 87F5 5 KB
5 KB 410ms
136ms Image
image/png 54.231.227.154

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/32ee0e68d7d667f40a5c443aea2f3ba5e1bc379b6c25b7f1151d8a6f9cf93c75.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.231.227.154 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date: Mon, 18 Mar 2024 15:22:01 GMT
Last-Modified: Mon, 21 Mar 2022 18:36:03 GMT
Server: AmazonS3
x-amz-request-id: 3Z3HK91FHZWMKREG
ETag: "9ee6af4f53bf22ab51e289af6c374022"
Content-Type: image/png
Cache-Control: Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Content-Length: 4608
x-amz-id-2: qUpI4EBkYlY7FTthuHObvkP52W6/5Ft96Zz0c31p2hZDd6OPZddakS1sUVLwgmJ8TWa6wNFQFDM=

GET 32ee0e68d7d667f40a5c443aea2f3ba5e1bc379b6c25b7f1151d8a6f9cf93c75.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame 87F5 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: qualified-production.s3.us-east-1.amazonaws.com
URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/32ee0e68d7d667f40a5c443aea2f3ba5e1bc379b6c25b7f1151d8a6f9cf93c75.png

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.netskope.com/	1970-01-20 19:12:57	Name: __cf_bm Value: TmbKtKpxw2wTKxDoL52EOCcIDn9ISZkGUjz0wF4bSpA-1710775315-1.0.1.1-9En8G42.2CTnkADKvLslbEhIFNxcg4pZEnH6YDswZ.CLUQRBMnb3T3.9HvLWN4QZU3oA7P5Z2O5BKLxOHjrhyA
www.netskope.com/	1970-01-21 03:58:31	Name: cookie_banner_closed Value: 1
.netskope.com/	1970-01-21 04:48:55	Name: __q_state_n7t9Zf7nr8m6n2fF Value: eyJ1dWlkIjoiZWZhMDkyYzktNzQyNi00ZmMyLWEyNWMtODBhYmM3ZTFhY2Q4IiwiY29va2llRG9tYWluIjoibmV0c2tvcGUuY29tIn0=
www.netskope.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ea2bb808bd2e4edf2df70a43e89339f3
go.netskope.com/	1969-12-31 23:59:59	Name: BIGipServersj09web-nginx-app_https Value: !MnJNUlIyru9E3hZzLZqvSn7MxZbkrQ+aYMeJQFRIIwBhDC2UP8WRVHDevr+utYin/ELgvrgRxLERYg==
.go.netskope.com/	1970-01-20 19:12:57	Name: __cf_bm Value: 5c32lOgWotizL_pPMo2G7le.NUmzCj5I9_MWX31b2Y0-1710775317-1.0.1.1-UxbuJLbEdB82JWZquhx_jroeK2zftfs1aJt7gLsAFeEkaBPaX0E95M50lOY5y81KQEDa8_k_n2nYY6ybpnuVaw
.app-sj09.marketo.com/	1970-01-20 19:12:57	Name: __cf_bm Value: 8g4jlUKwNlLWPDo2_dyvKf_DFo_DilNdtNBPxb1w7_M-1710775318-1.0.1.1-t4STDMH57ji1AxKpCRDA.cnWTmJ2iKKL5xlJrLWr2A196hfc7UYrBCX.Dnft5EtLrKZWtq425vjT71caxaKUdA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-sj09.marketo.com
app.qualified.com
assets.qualified.com
client-registry.mutinycdn.com
consent.cookiebot.com
consentcdn.cookiebot.com
fast.wistia.net
go.netskope.com
imgsct.cookiebot.com
js.qualified.com
qualified-production.s3.us-east-1.amazonaws.com
sentry.io
www.google.com
www.gstatic.com
www.netskope.com
qualified-production.s3.us-east-1.amazonaws.com
104.16.94.80
104.17.70.206
141.193.213.21
151.101.1.91
2606:4700::6812:1005
2a00:1450:4001:802::2003
2a00:1450:4001:809::2004
2a02:26f0:480:5a6::f09
2a02:26f0:480:d::210:f150
2a04:4e42:400::644
35.186.247.156
52.5.176.222
54.231.227.154
03165c2a9725cdb822cfe4412cbf6ca0b547212758a9a3d32fca04deba5b1876
101fbf5a0bb7a528da8e4efaa9d8a8f5ab76793f24dfb35ebca153bb3b76f38d
126eaa53ccf333133b8bce6072a653df6c67061087a6ff50ae19b1135b477f53
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
24aa67ac4fb18eb6e90eb689a8c058cb741828b7184989f6a6cf57afead4e932
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
268f77e3e45b55537a86e34225383555cfb5af4e8b7639a6fdc1f071344ddfee
27ab06683237b7f9e670601e58b5e3cf74730b9326db7be776542421c73b873f
3198849e1dabbf074e4d8604b709fca997513f05ed646b9640b8c30cbaf257aa
33cf789ab1c5ecaf28b73e0c10b2e9eb2c33028fd4753f236c048603375b7e94
341f707ebe00267db1fd017fe3c780ce991dc4b271e94e2bcd1b0988eb1db06a
356a0eb9e781db945428e35f6262936f8ff27dcebdec78414ec43da9b728d5d7
3570163585bac938916c6534b08bf93c4b1af8bfdacdac060ad7aa3884fb8cf8
37bddfc987ea51699d719251711334a03045ef0691faf81c225e6c208cbd5f21
3fb255a09760e965ef08595da3507477280a6617ff12a2f65b27fe756b5c719b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
479ed9cff91324f56cea70c1737c725c29865d0b6c3acd8ae60f437e9924e48e
4931457553efa7bb7857567f3a2dde2c3f138cbb203bf9ea4bd550996f819304
4ac74ddc84de6833afcfc6ca80844c79c27c44f1b5a8b423c3bfd976410c7b95
4b40e2981d50f54f5ec3df6fbacf3b328ed9b5f653485e4980dfefae02fb7b80
4e440f379db04ed37fbacb7acb173978202bdfcb4c0ea7bbf9a6f13f4ec8acbf
526ca03d0ffef7dd9b4f1d4769eb6dd902a92f5a44b668aa507f2528935b113a
54979920508ec495f931223fc5d02c4b61a6808e5793f30dc6cb6eb4144fdb68
5d606ddb5bc01e534364c40a559c9c6b60b77bc6763ffc71cf3e3caef95d0a49
60ccd77e79558858a4172990bba97626aa0c13b8ed6c34576804eb7a32205ccf
6404635f1e5245f1ed344d0a9a06bd42ea764c505c7d928ded598c549867c327
657493dcde82fd4f369f5b80e272de6cdeec5eb68d44738634816d20c8e41afa
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb
71a467e05943081c22e179f73b80ddabbf358c23f34220f52c4099c1844395c9
731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
7a53f42b1a16d810c64140b8e704850bc798a12ffaf7ed158643517846fb1fa6
7b0f827622efb7915d4a67230acf13cc60d72414d25293de918257b6a1323ee6
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
848d4918d3b06b276a8c449a88a8225682ebdbb82cf6a338591657536a09f6f1
8e0686135ec7cb7d0771d4e9374afc05027d7f466a2b37581f44ee2a4a8aaab8
8e187e5545965074bcc5899d0eb7fc76e7c39f9fe553f05b66f9a98665ebfe24
91b7142b73692775e2abfa27f125de3e8c61b9c7e73887da7276a15bf367da88
936eafa953d2486f6bb2022af7c4e7c814132ec5d8974178521ed7d7d9fc7c3f
99d3f10649918904e68b04369a69989f6c9adf585b5c5249ffdd913d3a5b524d
a0adcfca7c5206410e542f9c162e97caea5923970df8335f2574cd29a07bbb0d
a0d93d104b98be6a8824a435ff8d3065efd6e114be96b8e82368857f28657c34
a7344050fb39fbd4006c29583a356e8c3a8b9e4d863ee545a76509355ffaa732
b11ec7bc748f957b2327cfaf28b0e98a746a483d2d9474ecd9a7747264a3f8cc
b9649e0e9e5790f8d6b5e69aa4ff9969e8f7d72a84f8501ff9379078005124d8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c3dff13cca4b374f64bc082d134889666f724470ecb823fcf56c123d4cec51b2
c5d4c3b4a76871754fb3f47fdbe125bc12dca9933139a06c806e9d91b0ba69bd
c930d52b9c8c1ed102d158ea962fde07b7e1a8c2858058c2c971e51a6058abbb
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
d75c66c8f0a1c35348b6e2c24074824e3b0468bd338f65ff8f27dc884d2dbd38
da4a5e89a01b2570a9a81157bec8661348bfd80f3048f474354bf11f4ea2640e
dec46e3057bb9ae36cd2fa9c9d3b2f7469ba22aa97a025102f052b35de33eeb9
e4a9fd00f61dfc85e1e200efc6c3aa2d0e624be65aa5e7bd26b8e7fa2a28a12c
e6368b91686e9cdfa1ea54256c125a4e768173ae5c4d5d70ae6a3a92a8653190
eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611
f14e99a3ff851e017534967b4b9d140802c549c9454179e78a553f0375b116f8
f2d97ceaa48cf6574b5c9f91d3b43d7b4c3dcc0ab52379143c1e28144593e2f1
fc250e3b108f4d9edc83e79c481b44b592547c5b7830c2a65a253c1bdc893742

www.netskope.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

66 Requests

98 %HTTPS

46 %IPv6

10 Domains

15 Subdomains

14 IPs

3 Countries

2953 kBTransfer

8475 kBSize

7 Cookies

34 Outgoing links

Redirected requests

66 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.netskope.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

66
Requests

98 %
HTTPS

46 %
IPv6

10
Domains

15
Subdomains

14
IPs

3
Countries

2953 kB
Transfer

8475 kB
Size

7
Cookies

66 HTTP transactions
2 data transactions