www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Submission: On January 27 via api (January 27th 2021, 1:53:40 pm UTC) from PL

Summary HTTP 118 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 56 IPs in 7 countries across 53 domains to perform 118 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 18th 2021. Valid for: 7 months.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
18	2a02:e980:107... 2a02:e980:107::cf	19551 (INCAPSULA) (INCAPSULA)
4	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1 2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	13.225.80.58 13.225.80.58	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:10c... 2a02:26f0:10c:58e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 6	52.17.151.21 52.17.151.21	16509 (AMAZON-02) (AMAZON-02)
2	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6812:1abe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82b::2013	15169 (GOOGLE) (GOOGLE)
2	143.204.94.49 143.204.94.49	16509 (AMAZON-02) (AMAZON-02)
3	13.224.194.125 13.224.194.125	16509 (AMAZON-02) (AMAZON-02)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	185.33.221.89 185.33.221.89	29990 (ASN-APPNEX) (ASN-APPNEX)
1	13.225.80.32 13.225.80.32	16509 (AMAZON-02) (AMAZON-02)
1 1	216.200.122.11 216.200.122.11	6461 (ZAYO-6461) (ZAYO-6461)
3 4	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
1	13.224.194.79 13.224.194.79	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
6	104.16.94.80 104.16.94.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:bef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.79.147.105 23.79.147.105	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.229.202.186 3.229.202.186	14618 (AMAZON-AES) (AMAZON-AES)
3	13.224.194.47 13.224.194.47	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
3	104.75.88.112 104.75.88.112	16625 (AKAMAI-AS) (AKAMAI-AS)
1 6	23.210.248.216 23.210.248.216	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1	99.86.241.7 99.86.241.7	16509 (AMAZON-02) (AMAZON-02)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2 2	52.49.193.31 52.49.193.31	16509 (AMAZON-02) (AMAZON-02)
1 2	143.204.209.106 143.204.209.106	16509 (AMAZON-02) (AMAZON-02)
1	34.120.207.148 34.120.207.148	15169 (GOOGLE) (GOOGLE)
14 18	3.248.28.111 3.248.28.111	16509 (AMAZON-02) (AMAZON-02)
1	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	18.197.47.23 18.197.47.23	16509 (AMAZON-02) (AMAZON-02)
1 2	23.210.249.164 23.210.249.164	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	64.202.112.95 64.202.112.95	23352 (SERVERCEN...) (SERVERCENTRAL)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	52.57.56.160 52.57.56.160	16509 (AMAZON-02) (AMAZON-02)
1 2	18.194.69.213 18.194.69.213	16509 (AMAZON-02) (AMAZON-02)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	151.101.114.110 151.101.114.110	54113 (FASTLY) (FASTLY)
2	162.247.243.146 162.247.243.146	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
118	56

18 2a02:e980:107::cf (United States)

ASN19551 (INCAPSULA, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.80.58 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-58.fra2.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:58e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.17.151.21 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com

ads.avocet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:1abe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

visitor.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.94.49 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-49.fra50.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.194.125 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-125.fra2.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.221.89 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.80.32 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-32.fra2.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.122.11 (Everett, United States) 1 redirects

ASN6461 (ZAYO-6461, US)
PTR: 216.200.122.11.IPYX-141870-ZYO.zip.zayo.com

gwmtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.134 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10487471.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.194.79 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-79.fra2.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.94.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-abj.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bef (United States)

ASN13335 (CLOUDFLARENET, US)

geoip-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.79.147.105 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-147-105.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.229.202.186 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-202-186.compute-1.amazonaws.com

js.driftqa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.194.47 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-47.fra2.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tag.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.75.88.112 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-112.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.210.248.216 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

4788165.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.241.7 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-241-7.vie50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

309-rhv-619.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.193.31 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-193-31.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.209.106 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-209-106.fra53.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.207.148 (United States)

ASN15169 (GOOGLE, US)
PTR: 148.207.120.34.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 3.248.28.111 (Dublin, Ireland) 14 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.197.47.23 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-47-23.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.210.249.164 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.95 (United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::4000 (United Kingdom) 1 redirects

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.56.160 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-56-160.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.69.213 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-69-213.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.146 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	adroll.com 14 redirects s.adroll.com d.adroll.com	29 KB
18	proofpoint.com www.proofpoint.com	3 MB
11	doubleclick.net 5 redirects ad.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net 10487471.fls.doubleclick.net 4788165.fls.doubleclick.net cm.g.doubleclick.net	6 KB
6	marketo.com app-abj.marketo.com	73 KB
5	google.com adservice.google.com www.google.com	1 KB
5	g2crowd.com tracking.g2crowd.com	4 KB
4	google.de www.google.de	810 B
4	company-target.com 1 redirects api.company-target.com segments.company-target.com	3 KB
4	avct.cloud 2 redirects ads.avct.cloud	1 KB
4	google-analytics.com www.google-analytics.com	19 KB
3	addthis.com s7.addthis.com m.addthis.com	114 KB
3	demandbase.com scripts.demandbase.com tag.demandbase.com	81 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	adnxs.com 2 redirects secure.adnxs.com ib.adnxs.com	3 KB
3	driftt.com js.driftt.com	81 KB
3	reactful.com visitor.reactful.com	105 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	61 KB
2	nr-data.net bam-cell.nr-data.net	1 KB
2	openx.net 1 redirects us-u.openx.net	478 B
2	bidswitch.net 1 redirects x.bidswitch.net	875 B
2	3lift.com 1 redirects eb2.3lift.com	738 B
2	outbrain.com 1 redirects sync.outbrain.com	832 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	facebook.net connect.facebook.net	93 KB
2	bidr.io 2 redirects match.prod.bidr.io	1019 B
2	marketo.net munchkin.marketo.net	7 KB
2	geoip-js.com geoip-js.com	3 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	2 KB
2	avocet.io 2 redirects ads.avocet.io	280 B
2	bing.com bat.bing.com	9 KB
2	googleadservices.com www.googleadservices.com	25 KB
1	newrelic.com js-agent.newrelic.com	11 KB
1	facebook.com www.facebook.com	297 B
1	taboola.com sync.taboola.com	219 B
1	yahoo.com 1 redirects ads.yahoo.com	734 B
1	pubmatic.com simage2.pubmatic.com	1010 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	advertising.com pixel.advertising.com	125 B
1	moatads.com z.moatads.com	1 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	137 B
1	rlcdn.com id.rlcdn.com	66 B
1	mktoresp.com 309-rhv-619.mktoresp.com	311 B
1	twitter.com analytics.twitter.com	651 B
1	driftqa.com js.driftqa.com	21 KB
1	t.co t.co	447 B
1	gwmtracking.com 1 redirects gwmtracking.com	389 B
1	ml-api.io attr.ml-api.io	484 B
1	ml-attr.com 1 redirects s.ml-attr.com	279 B
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	googleapis.com fonts.googleapis.com	903 B
1	googletagmanager.com www.googletagmanager.com	65 KB
1	googleoptimize.com www.googleoptimize.com	39 KB
118	53

	Domain	Requested by
18	www.proofpoint.com	www.proofpoint.com
17	d.adroll.com	13 redirects www.proofpoint.com
6	s.adroll.com	1 redirects www.googletagmanager.com www.proofpoint.com s.adroll.com d.adroll.com
6	app-abj.marketo.com	www.proofpoint.com app-abj.marketo.com
5	tracking.g2crowd.com	www.proofpoint.com
4	www.google.de	www.proofpoint.com
4	www.google.com	www.proofpoint.com
4	ads.avct.cloud	2 redirects www.proofpoint.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.proofpoint.com
3	js.driftt.com	www.proofpoint.com js.driftt.com
3	visitor.reactful.com	www.proofpoint.com visitor.reactful.com
2	bam-cell.nr-data.net	js-agent.newrelic.com
2	us-u.openx.net	1 redirects www.proofpoint.com
2	x.bidswitch.net	1 redirects www.proofpoint.com
2	eb2.3lift.com	1 redirects www.proofpoint.com
2	sync.outbrain.com	1 redirects www.proofpoint.com
2	dsum-sec.casalemedia.com	1 redirects www.proofpoint.com
2	connect.facebook.net	d.adroll.com connect.facebook.net
2	segments.company-target.com	1 redirects www.proofpoint.com
2	match.prod.bidr.io	2 redirects
2	4788165.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	10487471.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	s7.addthis.com	www.proofpoint.com s7.addthis.com
2	scripts.demandbase.com	www.proofpoint.com tag.demandbase.com
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	geoip-js.com	www.proofpoint.com geoip-js.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	px.ads.linkedin.com	1 redirects www.proofpoint.com
2	ad.doubleclick.net	2 redirects
2	secure.adnxs.com	2 redirects
2	api.company-target.com	www.proofpoint.com scripts.demandbase.com
2	dev.visualwebsiteoptimizer.com	www.proofpoint.com
2	ads.avocet.io	2 redirects
2	bat.bing.com	www.googletagmanager.com www.proofpoint.com
2	www.googleadservices.com	www.googletagmanager.com www.proofpoint.com
1	m.addthis.com	s7.addthis.com
1	js-agent.newrelic.com	www.proofpoint.com
1	www.facebook.com	www.proofpoint.com
1	tag.demandbase.com	scripts.demandbase.com
1	cm.g.doubleclick.net	1 redirects
1	ib.adnxs.com	www.proofpoint.com
1	sync.taboola.com	www.proofpoint.com
1	ads.yahoo.com	1 redirects
1	simage2.pubmatic.com	www.proofpoint.com
1	pixel.rubiconproject.com	www.proofpoint.com
1	pixel.advertising.com	www.proofpoint.com
1	z.moatads.com	s7.addthis.com
1	d.adroll.mgr.consensu.org	1 redirects
1	id.rlcdn.com	www.proofpoint.com
1	309-rhv-619.mktoresp.com	munchkin.marketo.net
1	vars.hotjar.com	static.hotjar.com
1	analytics.twitter.com	static.ads-twitter.com
1	js.driftqa.com	www.proofpoint.com
1	t.co	www.proofpoint.com
1	script.hotjar.com	static.hotjar.com
1	www.linkedin.com	1 redirects
1	adservice.google.com	www.proofpoint.com
1	gwmtracking.com	1 redirects
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	snap.licdn.com	www.proofpoint.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	fonts.googleapis.com	www.proofpoint.com
1	www.googletagmanager.com	www.proofpoint.com
1	www.googleoptimize.com	www.proofpoint.com
118	67

This site contains links to these domains. Also see Links.

Domain
proofpointcommunities.force.com
suite.nexgate.com
emaildefense.proofpoint.com
threatintel.proofpoint.com
us1.proofpointessentials.com
partners.proofpoint.com
go.proofpoint.com
investors.proofpoint.com
malpedia.caad.fkie.fraunhofer.de
www.welivesecurity.com
bazaar.abuse.ch
twitter.com
www.virustotal.com
medium.com
zeusmuseum.com
ipcheck.proofpoint.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
proofpoint.com Sectigo RSA Organization Validation Secure Server CA	`2021-01-18` - `2021-08-05`	7 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-01-19` - `2021-07-19`	6 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.avct.cloud R3	`2021-01-20` - `2021-04-20`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2020-06-19` - `2022-07-06`	2 years	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
*.reactful.com Go Daddy Secure Certificate Authority - G2	`2020-03-12` - `2021-05-09`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-09` - `2021-10-28`	a year	crt.sh
drift.com Amazon	`2020-09-21` - `2021-10-23`	a year	crt.sh
*.ml-api.io Amazon	`2021-01-20` - `2022-02-17`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2021-01-06` - `2021-07-05`	6 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
www.google.de GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
app-abj.marketo.com Cloudflare Inc ECC CA-3	`2020-07-03` - `2021-07-03`	a year	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-17` - `2021-08-17`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
driftqa.com Amazon	`2020-06-18` - `2021-07-18`	a year	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-14` - `2021-11-15`	a year	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-01-10` - `2021-04-07`	3 months	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
adroll.mgr.consensu.org Amazon	`2020-10-08` - `2021-11-07`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2020-10-04` - `2021-03-31`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.outbrain.com Thawte RSA CA 2018	`2019-10-29` - `2021-11-23`	2 years	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2020-06-18` - `2021-08-17`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2020-12-28` - `2021-05-07`	4 months	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 9 frames:

Primary Page: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Frame ID: B4CF149E7B586486C897B607AA95390E
Requests: 137 HTTP requests in this frame

Frame: https://10487471.fls.doubleclick.net/activityi;dc_pre=CNG_m8GhvO4CFYfH7QodF2oCKQ;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot
Frame ID: 407A2CA8A7F87D50BB0BF2E826C51A13
Requests: 1 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=COyinMGhvO4CFbWo7Qoduu0Bzw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351
Frame ID: 5D9FEED8DD570293D26641A3A15EB5EE
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: B1BE269A8AE45517CB769E1D838E84A0
Requests: 1 HTTP requests in this frame

Frame: https://app-abj.marketo.com/index.php/form/XDFrame
Frame ID: E71F814519889024DD346D74D1BF4A3D
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=6fd08d77-9d28-4d48-a9d0-534b9c1ce963&sessionStarted=1611755603&campaignRefreshToken=7a2abb3d-03ae-4f36-aa72-da6820ed6e97&pageLoadStartTime=1611755601901
Frame ID: 5AF097F4D29E1268ABBC2363D35D6278
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat
Frame ID: C89DB9A600945D4DBA3ED5030EB9A851
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 7015FDA7C951F19A803B142C19AE72FF
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 2E8AA0671CDF42B2AB9CC4FCB3F36662
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

118
Requests

98 %
HTTPS

33 %
IPv6

53
Domains

67
Subdomains

56
IPs

7
Countries

4264 kB
Transfer

10166 kB
Size

25
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://proofpointcommunities.force.com/community/s/
Title: Support Log-in

Search URL Search Domain Scan URL

URL: https://suite.nexgate.com/users/sign_in
Title: Digital Risk Portal

Search URL Search Domain Scan URL

URL: https://emaildefense.proofpoint.com/login.php
Title: Email Fraud Defense

Search URL Search Domain Scan URL

URL: https://threatintel.proofpoint.com/
Title: ET Intelligence

Search URL Search Domain Scan URL

URL: https://us1.proofpointessentials.com/app/login.php
Title: Proofpoint Essentials

Search URL Search Domain Scan URL

URL: https://proofpointcommunities.force.com/community
Title: Sendmail Support Log-in

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/
Title: Channel PartnersBecome a channel partner. Deliver Proofpoint solutions to your customers and grow your business.

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/prm/English/s/applicant
Title: Become a Channel Partner

Search URL Search Domain Scan URL

URL: https://go.proofpoint.com/cpe-credit-overview.html?utm_source=website
Title: Watch now to earn your CPE credits

Search URL Search Domain Scan URL

URL: https://investors.proofpoint.com/
Title: Investor Center View Proofpoint investor relations information, including press releases, financial results and events.

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.danabot
Title: DanaBot

Search URL Search Domain Scan URL

URL: https://www.welivesecurity.com/2019/02/07/danabot-updated-new-cc-communication/
Title: DanaBot updated with new C&C communication

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/browse/tag/DanaBot/
Title: MalwareBazaar

Search URL Search Domain Scan URL

URL: https://twitter.com/hashtag/DanaBot
Title: #DanaBot

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/home/search
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://bazaar.abuse.ch/sample/c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d/
Title: c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d

Search URL Search Domain Scan URL

URL: https://medium.com/csis-techblog/gcleaner-garbage-provider-since-2019-2708e7c87a8a
Title: Research

Search URL Search Domain Scan URL

URL: https://malpedia.caad.fkie.fraunhofer.de/details/win.gozi
Title: Ursnif

Search URL Search Domain Scan URL

URL: https://zeusmuseum.com/zloader%202/
Title: Zloader

Search URL Search Domain Scan URL

URL: http://investors.proofpoint.com/
Title: Investors Center

Search URL Search Domain Scan URL

URL: https://ipcheck.proofpoint.com/
Title: IP Address Blocked?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/proofpoint
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/proofpoint
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/proofpoint
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j HTTP 301
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j HTTP 302
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

Request Chain 45

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j HTTP 301
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j HTTP 302
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

Request Chain 47

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=4378839852471524508

Request Chain 48

https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=274151689 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CLTtocGhvO4CFRUdGAodk94IcA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CLTtocGhvO4CFRUdGAodk94IcA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Request Chain 51

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1611755601748&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%26time%3D1611755601748%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fblog%252Fthreat-insight%252Fnew-year-new-version-danabot%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1611755601748&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&liSync=true

Request Chain 91

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot HTTP 302
https://10487471.fls.doubleclick.net/activityi;dc_pre=CNG_m8GhvO4CFYfH7QodF2oCKQ;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot

Request Chain 92

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351 HTTP 302
https://4788165.fls.doubleclick.net/activityi;dc_pre=COyinMGhvO4CFbWo7Qoduu0Bzw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351

Request Chain 100

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAE-FU7AIuEAABCJE9yEmA HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAE-FU7AIuEAABCJE9yEmA&verifyHash=6000f8d9bdc587289d926be1ff7277d576fb000a

Request Chain 107

https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 109

https://d.adroll.mgr.consensu.org/consent/iabcheck/7YJ7XZCLMRHSVCXIHB5HIT?_s=149a9148c1aabaa4a169cfeabe301c0e&_b=2 HTTP 302
https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=149a9148c1aabaa4a169cfeabe301c0e&_b=2

Request Chain 112

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&pv=27912458417.968967&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

Request Chain 115

https://d.adroll.com/cm/aol/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 116

https://d.adroll.com/cm/index/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expiration=1643291602 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expiration=1643291602&C=1

Request Chain 117

https://d.adroll.com/cm/n/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expires=365

Request Chain 118

https://d.adroll.com/cm/outbrain/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&rdrctExp=true

Request Chain 119

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 120

https://d.adroll.com/cm/r/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 121

https://d.adroll.com/cm/taboola/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk

Request Chain 122

https://d.adroll.com/cm/triplelift/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 123

https://d.adroll.com/cm/b/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk

Request Chain 124

https://d.adroll.com/cm/x/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk

Request Chain 126

https://d.adroll.com/cm/o/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=aced960399e745fcf20445660442ec19 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=aced960399e745fcf20445660442ec19

Request Chain 127

https://d.adroll.com/cm/g/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=rO2WA5nnRfzyBEVmBELsGQ HTTP 302
https://d.adroll.com/cm/g/in

118 HTTP transactions
28 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set new-year-new-version-danabot Show response
www.proofpoint.com/us/blog/threat-insight/ 2 MB
2 MB 32ms
7ms Document
text/html 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3f065197b164738a926c2fd39eb889641af2fbb5d306e1d412e888a96e6b2137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.proofpoint.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Etag: "1611746465"
Last-Modified: Wed, 27 Jan 2021 11:21:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1689435
Content-Encoding: gzip
Feature-Policy: geolocation 'self'
Referrer-Policy: origin-when-cross-origin
X-Permitted-Cross-Domain-Policies: none
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Cache-Control: max-age=83422, public
Expires: Thu, 28 Jan 2021 13:03:42 GMT
Date: Wed, 27 Jan 2021 13:53:20 GMT
Set-Cookie: visid_incap_177663=ypap5kb6Qdy5CVdq23Oin1BwEWAAAAAAQUIPAAAAAADfJB7y1w3fd15P/ZGKV0Mk; expires=Thu, 27 Jan 2022 13:21:21 GMT; HttpOnly; path=/; Domain=.proofpoint.com incap_ses_730_177663=qUtfNb33SxQjbHe5Z3shClBwEWAAAAAA354LDJY8VnhfboTn932V/w==; path=/; Domain=.proofpoint.com ___utmvmkyuLalI=BHmeGAHGQyv; path=/; Max-Age=900 ___utmvakyuLalI=hzbZSJI; path=/; Max-Age=900 ___utmvbkyuLalI=yZk XPDOgale: Ctj; path=/; Max-Age=900
X-CDN: Incapsula
X-Iinfo: 13-32768421-0 0CNN RT(1611755600643 8) q(0 -1 -1 0) r(0 -1)

GET
H/1.1 200
OK proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 18 KB
19 KB 24ms
9ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Incapsula
Etag: "01c16c31"
X-Iinfo: 13-32768432-0 0CNN RT(1611755600672 9) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1205470, public
Content-Length: 18296
Expires: Wed, 10 Feb 2021 12:44:30 GMT

GET
H/1.1 200
OK RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 24ms
8ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Incapsula
Etag: "39ed386e"
X-Iinfo: 10-9734232-0 0CNN RT(1611755600671 9) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1203010, public
Content-Length: 21036
Expires: Wed, 10 Feb 2021 12:03:30 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 20 KB
20 KB 25ms
8ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Incapsula
Etag: "3a88d25f"
X-Iinfo: 13-32768431-0 0CNN RT(1611755600671 11) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1203010, public
Content-Length: 19976
Expires: Wed, 10 Feb 2021 12:03:30 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 16 KB
17 KB 33ms
7ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

12326e8f0accb3ea4158ecf1cb2ab2e1b95d6a0f5eb1b80c86621f087b4363f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Incapsula
Etag: "80852160"
X-Iinfo: 4-16848937-0 0CNN RT(1611755600671 19) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1205470, public
Content-Length: 16540
Expires: Wed, 10 Feb 2021 12:44:30 GMT

GET
H/1.1 200
OK RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
22 KB 38ms
9ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c2ac3a4867ab41390bb1b48d0937e02967359fb9ff66ac0c2fbddd56d304cec3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Incapsula
Etag: "8df65834"
X-Iinfo: 13-32768432-0 0CNN RT(1611755600672 23) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1203010, public
Content-Length: 21384
Expires: Wed, 10 Feb 2021 12:03:30 GMT

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 118 KB
39 KB 53ms
28ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-KKGL4NZ

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

96726ec495e85d90b330d3dd369458bffa2279b93dab2639b3384136d2300fd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39938
x-xss-protection: 0
expires: Wed, 27 Jan 2021 13:53:21 GMT

GET
H/1.1 200
OK css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
www.proofpoint.com/sites/default/files/css/ 25 KB
5 KB 22ms
9ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 23 Dec 2020 00:07:20 GMT
X-CDN: Incapsula
Etag: "032a9b05"
Content-Type: text/css
X-Iinfo: 4-16848937-0 0CNN RT(1611755600671 7) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1202841, public
Content-Length: 4376
Expires: Wed, 10 Feb 2021 12:00:41 GMT

GET
H/1.1 200
OK css_xr3GOSEJQ1Pyyyp2GeEi3jhGddmLzqhqJd9ZXJo8FYM.css
www.proofpoint.com/sites/default/files/css/ 986 KB
252 KB 21ms
8ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_xr3GOSEJQ1Pyyyp2GeEi3jhGddmLzqhqJd9ZXJo8FYM.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c6bdc63921094353f2cb2a7619e122de384675d98bcea86a25df595c9a3c1583

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 27 Jan 2021 00:24:48 GMT
X-CDN: Incapsula
Etag: "453a8795"
Content-Type: text/css
X-Iinfo: 10-9734231-0 0CNN RT(1611755600671 7) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1202842, public
Content-Length: 256864
Expires: Wed, 10 Feb 2021 12:00:42 GMT

GET
H/1.1 200
OK modernizr.min.js Show response
www.proofpoint.com/core/assets/vendor/modernizr/ 5 KB
3 KB 37ms
8ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/assets/vendor/modernizr/modernizr.min.js?v=3.3.1

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:18 GMT
X-CDN: Incapsula
Content-Type: application/javascript
X-Iinfo: 10-9734232-0 0CNN RT(1611755600671 23) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1202841, public
Content-Length: 2110
Expires: Wed, 10 Feb 2021 12:00:41 GMT

GET
H/1.1 200
OK logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
1 KB 8ms
8ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Incapsula
Etag: "13fdd2ef"
Content-Type: image/svg+xml
X-Iinfo: 10-9734231-0 0CNN RT(1611755600671 41) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1205470, public
Content-Length: 1124
Expires: Wed, 10 Feb 2021 12:44:30 GMT

GET
H/1.1 200
OK iMac.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 435 KB
435 KB 8ms
8ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/iMac.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

47587df31e1e202dea23080ef9925c0d8c0794b8362781cc8ac91628ffe07e09

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Incapsula
Etag: "b96e628c"
Content-Type: image/png
X-Iinfo: 10-9734231-0 0CNN RT(1611755600671 51) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1202830, public
Content-Length: 445126
Expires: Wed, 10 Feb 2021 12:00:30 GMT

GET
H/1.1 200
OK home.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 784 B
873 B 8ms
7ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/home.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 08:56:17 GMT
X-CDN: Incapsula
Etag: "4c25cdee"
Content-Type: image/svg+xml
X-Iinfo: 10-9734232-0 0CNN RT(1611755600671 62) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1205716, public
Content-Length: 477
Expires: Wed, 10 Feb 2021 12:48:36 GMT

GET
H/1.1 200
OK BLOG-code.jpg
www.proofpoint.com/sites/default/files/styles/image_1920_400/public/misc/ 144 KB
144 KB 10ms
10ms Image
image/jpeg 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/image_1920_400/public/misc/BLOG-code.jpg?itok=MZLACE2U

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6031a45e14e5a13073a26b81b10b4ab386d523433c7e5e0f585bee367e267d03

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 Dec 2020 19:22:21 GMT
X-CDN: Incapsula
Content-Type: image/jpeg
X-Iinfo: 10-9734232-9728966 2CNN RT(1611755600671 105) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=1206724, public
Content-Length: 147178
Expires: Wed, 10 Feb 2021 13:05:24 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 281 KB
65 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fa11f682f9c64256b41672cef0a6b86c39d68a39da7ebe7dd4fb15780db60437

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66324
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Jan 2021 13:53:21 GMT

GET
H2 200 css
fonts.googleapis.com/ 11 KB
903 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_xr3GOSEJQ1Pyyyp2GeEi3jhGddmLzqhqJd9ZXJo8FYM.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cfa0a96ac558bea3620b755284b64287fc4b2515a63243f69ab421277bb26c7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 13:53:21 GMT
server: ESF
date: Wed, 27 Jan 2021 13:53:21 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 27 Jan 2021 13:53:21 GMT

GET
DATA 200
OK truncated
/ 72 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0551e996a8b1a5a73b8db08b75169d5b67291fbddb84afa02dd2f4e966b2261a

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 340 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9780c95c3e1ae7c500081ad47bda6847fa78098990e77a677e8ddc8007347055

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 204 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8de55874475c175335f0c6fc79e975cc9325630e3641389c18ae7ae5ab9a981

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fab816e037c0f67ab424c67234af03471c66a13357d6e187ecb238a2eac62a04

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 720 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cef5e7a8bbafdc0187cc3bd50db0417a3ed578deec09d93fe306bddf30a9ba43

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 444 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4f3fc31f17996bdcd89a0b6358ef30b10a4d5b8e436dcd786082965f868f3bd8

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 606 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f156ae940f7e272f1319e3a835871f632bc4275105f4882685a3435d7ed4e3fb

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 685 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1c6032b67262b3855f2ae2702f0497cf50f3caf6ce5211641f1756ee3a4332b

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 460 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0269ba28d9ec51948de3000f364e6890e8a369ab832b4deb572415845a39712

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93fa8b2f6e13b1ac02946cf42cebafaa637e07feb93b926eace76fd5128df564

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK blue-bg2.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 165 KB
166 KB 8ms
8ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/blue-bg2.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

d6dffdf0c11445d390ce54b124aad97a24f21d2e54d0e2f5320c466cda85f9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Incapsula
Etag: "b7f7adf5"
Content-Type: image/png
X-Iinfo: 10-9734232-0 0CNN RT(1611755600671 189) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1202843, public
Content-Length: 169435
Expires: Wed, 10 Feb 2021 12:00:43 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23eb574ca89fce57a39390dd2ce9213545ae9b17a60dc4d750246e4cd9dc4b14

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5222
date: Wed, 27 Jan 2021 12:26:19 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Wed, 27 Jan 2021 14:26:19 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
13 KB 105ms
48ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

34fcae3cf94e02d46c230a5b7dd3827d612587164e048dcfe146518da1cb4ab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 12189
x-xss-protection: 0
server: cafe
etag: 8926089356025331971
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 27 Jan 2021 13:53:21 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 27 KB
9 KB 50ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:20 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: 7639017ED0814F9CB061BB693F26346E Ref B: FRAEDGE1315 Ref C: 2021-01-27T13:53:21Z
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 83ms
24ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 50082
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1611755602.739538,VS0,VE0
x-served-by: cache-fra19133-FRA

GET
H2 200 hotjar-1456002.js Show response
static.hotjar.com/c/ 3 KB
2 KB 76ms
26ms Script
application/javascript 13.225.80.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.80.58 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-80-58.fra2.r.cloudfront.net

Software

Resource Hash

faaa1eae3fd1905bc968447780a1c8d3e57c1c4a3cd47a6d9da14d3b1207faaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA2-C2
etag: W/6926f12c2ee1f6c9afbb2eab056cb2a5
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
x-cache-hit: 1
content-length: 1563
via: 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
x-amz-cf-id: CwyLRH_pZOVuundBQ8pZu87RVh3N86Iv-fR9tuaoUbzlID58wGdl0A==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 31ms
9ms Script
application/x-javascript 2a02:26f0:10c:58e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:58e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=64426
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2

200

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

0
336 B

39ms
39ms

Script
application/javascript

52.17.151.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.151.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 0
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
date: Wed, 27 Jan 2021 13:53:21 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 87
content-type: text/html; charset=utf-8

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 3 KB
1 KB 69ms
24ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=359897&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&r=0.4517950999034941
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash: a4398bd72e30f9efdccda15d5ff0b9fa4462f682c2e046452d351780f9496a6f

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 27 Jan 2021 13:53:21 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 1594.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
435 B 189ms
169ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 9d097354-e9e3-4b6d-82c7-dea6df4ad832
x-runtime: 0.015410
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 07e5b7d72b00002bad66194000000001
cf-ray: 6182f59e9bf22bad-FRA

GET
H2 200 1644.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 215ms
195ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 9b31c203-0df4-47ab-9b02-7e70ff1c52f5
x-runtime: 0.041493
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 07e5b7d72600002badad2be000000001
cf-ray: 6182f59e9c072bad-FRA

GET
H2 200 1645.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
441 B 202ms
183ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 015b7370-46f0-49b8-b26e-930a32e26eb8
x-runtime: 0.012542
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 07e5b7d72b00002bad5c8e3000000001
cf-ray: 6182f59e9c0d2bad-FRA

GET
H2 200 1646.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 147ms
147ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 66ebe8f4-f247-4c73-bb9e-1d2d66abdd51
x-runtime: 0.007059
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 07e5b7d72f00002bad8dac3000000001
cf-ray: 6182f59ebc292bad-FRA

GET
H2 200 1647.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
434 B 148ms
147ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 682e998d-36df-44b8-96d8-2d848d03661e
x-runtime: 0.009811
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 07e5b7d73500002badb6b2d000000001
cf-ray: 6182f59ebc2c2bad-FRA

GET
H2 200 main.rtfl.js Show response
visitor.reactful.com/dist/ 270 KB
104 KB 39ms
13ms Script
application/javascript 2a00:1450:4001:82b::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/dist/main.rtfl.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: fdde3016f0fc51a46ce7cf095d624618f57ec46bfe4100631d2d416ddbe132ad

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 12:53:35 GMT
content-encoding: gzip
server: Google Frontend
age: 3586
etag: "vPz6QA"
content-type: application/javascript; charset=UTF-8
x-cloud-trace-context: fc3f353c8cc6b789fb991b48f853b94b
cache-control: public,public, max-age=432000
content-length: 106683
expires: Mon, 01 Feb 2021 12:53:35 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 435 B
937 B 172ms
91ms XHR
application/json 143.204.94.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?key=8d20076343394d24eb8250e933d1560c
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.49 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-49.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: d4ea3e72d13f7392cf63396cfad6069a9c80d1b43f2de63b763cfec67d77540c

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
request-id: f37877e2-0389-44e1-ae9e-be12c7a099b0
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.proofpoint.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: V21tsYNvcQKk5ix4UvDP7AME9582n2kp8nwCYvwpUBa2QD29Sp9pJw==
expires: Tue, 26 Jan 2021 13:53:21 GMT

GET
H2

200

s Show response
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

0
336 B

38ms
38ms

Script
application/javascript

52.17.151.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.151.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:21 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 0
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
date: Wed, 27 Jan 2021 13:53:21 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 87
content-type: text/html; charset=utf-8

GET
H2 200 5dfsgn7m2kst.js Show response
js.driftt.com/include/1611755700000/ 285 KB
81 KB 194ms
137ms Script
application/javascript 13.224.194.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1611755700000/5dfsgn7m2kst.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.194.125 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-194-125.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

ea55115014c6525fbcd9a649af5fd6f6308ddead86156213d48048748813f033

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: XjfM7WsiuUXmRrQibUpmUEueYIYw9.rD
content-encoding: gzip
etag: W/"189c8bea49a93fcf626000b6cfe8ca40"
x-amz-cf-pop: FRA2-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Tue, 26 Jan 2021 22:46:28 GMT
server: nginx
date: Wed, 27 Jan 2021 13:53:21 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VIPSgWned-TMPunvsi9ibWb57PIhD0qMefg2YJwwdn5LVY_-PpPAFw==

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=4378839852471524508

4 B
484 B

460ms
381ms

Image
image/jpeg

13.225.80.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=4378839852471524508
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.80.32 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-80-32.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:22 GMT
Via: 1.1 1e498d046330e15095a1a2a958463bf5.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
x-amzn-RequestId: 1bc5ba0f-8ff0-4cb4-abe6-e01107b0956a
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-60117052-5749c97d71ffcdda73edbca7;Sampled=0
Connection: keep-alive
x-amz-apigw-id: Zz588FZaoAMF1nA=
Content-Length: 4
X-Amz-Cf-Id: umXGyVdIeLHxSwdVz7wJn7Okcl2zhxWqiUsX-h9LusDMkG5ZY3cjMA==

Redirect headers

Pragma: no-cache
Date: Wed, 27 Jan 2021 13:53:22 GMT
X-Proxy-Origin: 82.102.19.136; 82.102.19.136; 719.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.45:80
AN-X-Request-Uuid: a8b81edd-98af-4674-9737-1da5dbbc6010
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=proofpoint.com&pId=4378839852471524508
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-Q050

200

src=8909468;dc_pre=CLTtocGhvO4CFRUdGAodk94IcA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=274151689
https://ad.doubleclick.net/ddm/activity/src=8909468;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=8909468;dc_pre=CLTtocGhvO4CFRUdGAodk94IcA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CLTtocGhvO4CFRUdGAodk94IcA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

42 B
722 B

71ms
57ms

Image
image/gif

2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CLTtocGhvO4CFRUdGAodk94IcA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://adservice.google.com/ddm/fls/z/src=8909468;dc_pre=CLTtocGhvO4CFRUdGAodk94IcA;type=invmedia;cat=1l6xh4ap;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 316 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90bd8161729fc3b48992956a38ea059a54ec585c1536420d2ef33142eeeb74e2

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
68 B 13ms
13ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1976558865&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&ul=en-us&de=UTF-8&dt=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=711611940&gjid=612641014&cid=992390572.1611755602&tid=UA-2257074-1&_gid=1206467607.1611755602&_r=1&gtm=2wg1d0MGR7P8X&z=627139884

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1611755601748&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%26time%3D1611755601748%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1611755601748&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&liSync=true

0
80 B

113ms
113ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1611755601748&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&liSync=true
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: igPGPy4bXhYgmswRxCoAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
content-length: 0
x-li-uuid: pIE2Ny4bXhaAoBheYisAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: A82DC3F019AD4A679D9B038E1C865494 Ref B: FRAEDGE1219 Ref C: 2021-01-27T13:53:21Z
x-frame-options: sameorigin
date: Wed, 27 Jan 2021 13:53:21 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=31536000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1611755601748&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
DATA 200
OK truncated
/ 137 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 07dd8509af0ac66d693864fabd5815420cc7e0b9ef3a9eaf8cddb056ab8fe9e8

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
90 B 16ms
16ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-2257074-1&cid=992390572.1611755602&jid=711611940&gjid=612641014&_gid=1206467607.1611755602&_u=YEBAAEAAAAAAAC~&z=437316650

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Jan 2021 13:53:21 GMT
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
301 B 123ms
103ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=359897&d=proofpoint.com&u=D2031090FB3CC7F354EAEFB8B71611364&h=cd90aaa7f34c17459cef9ef89f20a35b&t=false&r=0.9214588389080269

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:21 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 modules.59fae23e8e8310b9fca6.js Show response
script.hotjar.com/ 223 KB
59 KB 103ms
31ms Script
application/javascript 13.224.194.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.59fae23e8e8310b9fca6.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.194.79 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-194-79.fra2.r.cloudfront.net

Software

Resource Hash

05cd215b7b218de7ab7c87c2b051c3be0d336780bbd627df696563580d5de2c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 22 Jan 2021 16:25:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 422853
x-cache: Hit from cloudfront
content-length: 59724
access-control-allow-origin: *
last-modified: Fri, 22 Jan 2021 16:22:44 GMT
etag: "474bf4f62df1bb58f039e2f05cbd9062"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 5076c8187f430eebe5e26fc594d6125a.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: kTrGRlgq0fJx9wSbQLVSoTTsKD3qhZ33lcwz3tEkL0peHjm_gS0ZsA==

GET
H2 200 adsct
t.co/i/ 43 B
447 B 198ms
147ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nyk4d&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 122
pragma: no-cache
last-modified: Wed, 27 Jan 2021 13:53:21 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 7ca2d1241ac8259be30df281bd2dbe27
x-transaction: 001e2af000a6b7e4
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 30ms
29ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-2257074-1&cid=992390572.1611755602&jid=711611940&_u=YEBAAEAAAAAAAC~&z=294429534

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 35ms
31ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-2257074-1&cid=992390572.1611755602&jid=711611940&_u=YEBAAEAAAAAAAC~&z=294429534

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
visitor.reactful.com/config/879986/ 0
128 B 152ms
152ms XHR
text/javascript 2a00:1450:4001:82b::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&hash=&referer=&user_id=&hshkgid=541c916e-4988-421c-a39d-23f18c4e2918&cb_rtfl=_rtfl_jsonp_0
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Url-Params-Data: e30=
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
server: Google Frontend
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.proofpoint.com
x-cloud-trace-context: a9d28c85ba112255f0a883b56cb97f4c
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length: 0

OPTIONS
H2 200 /
visitor.reactful.com/config/879986/ Frame 0
0 336ms
296ms Other
text/javascript 2a00:1450:4001:82b::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&hash=&referer=&user_id=&hshkgid=541c916e-4988-421c-a39d-23f18c4e2918&cb_rtfl=_rtfl_jsonp_0
Protocol: H2
Server: 2a00:1450:4001:82b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: url-params-data
Origin: https://www.proofpoint.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-methods: GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
content-type: text/javascript
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-cloud-trace-context: 017f0bf35f0fc09bf2e5ec2dc789f998
date: Wed, 27 Jan 2021 13:53:22 GMT
server: Google Frontend
content-length: 0
expires: Wed, 27 Jan 2021 13:53:22 GMT

GET
DATA 200
OK truncated
/ 259 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7d94a5945317f5fe3429b5360dd3e2f98cfd62bcc6ea1544781993fc7af60e14

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
1 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1611755601877&cv=9&fst=1611755601877&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&tiba=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7252ffc803c03a90b5b0fbdbc33eb2df1d257bccb184ffd4555f402bc6118483

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1057
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 76 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 323c1a4e3c80dfd4006758ba818674cac051d4449a4d1bb8f0049b283de8eacd

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 36 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb38c905802d2108d17f53831a3b42a182ba94d61e126f3c604c058383b3d2d2

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 251 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 412d19203b952ff91ca19beda628e31d0ebcdcc08d617559f841780ffc7e03bf

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ 204 KB
69 KB 101ms
46ms Script
application/x-javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5323
strict-transport-security: max-age=63113904
cf-request-id: 07e5b7d88000009c15c3140000000001
last-modified: Sat, 16 Jan 2021 05:28:52 GMT
server: cloudflare
etag: "261a32-33187-5b8fdc3afe942"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 6182f5a0ce4a9c15-AMS
expires: Wed, 27 Jan 2021 17:53:22 GMT

GET
H3-Q050 200 conversion.js Show response
www.googleadservices.com/pagead/ 30 KB
12 KB 59ms
45ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c87fd16c94cddc65c762a4066a20e8728685247cab105f976da3cd2b9a27814

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11886
x-xss-protection: 0
server: cafe
etag: 14129172418432032814
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 27 Jan 2021 13:53:22 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
486 B 22ms
21ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1611755601877&cv=9&fst=1611752400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&tiba=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&async=1&fmt=3&is_vtc=1&random=2323301412&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
530 B 67ms
51ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1611755601877&cv=9&fst=1611752400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg1d0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&tiba=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&async=1&fmt=3&is_vtc=1&random=2323301412&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 104 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 040edd0f9790722ec0064bc29530f032a5024e07fbef02fc0c7f46b7ae2ecb63

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 25 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 945ecdd92317c56b9b6eaa7795b6a9c493c209feda4fccd4e172a0989e7a9158

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK js_tqA09FUADGT7SqsxZkjUKah1IRIPm0hhxonXCREzdAY.js Show response
www.proofpoint.com/sites/default/files/js/ 157 KB
54 KB 12ms
9ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_tqA09FUADGT7SqsxZkjUKah1IRIPm0hhxonXCREzdAY.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b6a034f455000c64fb4aab316648d429a87521120f9b4861c689d70911337406

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 13 Jan 2021 00:11:40 GMT
X-CDN: Incapsula
Etag: "951b04d9"
Content-Type: text/javascript
X-Iinfo: 13-32768421-0 0CNN RT(1611755600643 669) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1202840, public
Content-Length: 54508
Expires: Wed, 10 Feb 2021 12:00:41 GMT

GET
H2 200 geoip2.js Show response
geoip-js.com/js/apis/geoip2/v2.1/ 3 KB
2 KB 36ms
15ms Script
application/javascript 2606:4700::6812:bef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:bef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3b1cf19770719801574ad3b639f639406c72458057748ae064a229fbcee7c9a

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 26 Jan 2021 16:31:14 GMT
server: cloudflare
age: 227
etag: W/"601043d2-cd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=43200
cf-ray: 6182f5a0b86c16ee-FRA
cf-request-id: 07e5b7d86f000016eeee3e9000000001
expires: Thu, 28 Jan 2021 01:53:22 GMT

GET
H/1.1 200
OK js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js Show response
www.proofpoint.com/sites/default/files/js/ 9 KB
3 KB 12ms
9ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 23 Dec 2020 23:06:13 GMT
X-CDN: Incapsula
Etag: "6e3ea0aa"
Content-Type: text/javascript
X-Iinfo: 10-9734232-0 0CNN RT(1611755600671 641) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1202840, public
Content-Length: 2188
Expires: Wed, 10 Feb 2021 12:00:41 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 86ms
25ms Script
application/x-javascript 23.79.147.105
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.147.105 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-147-105.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:22 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Aug 2020 03:11:00 GMT
Server: AkamaiNetStorage
ETag: "a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H/1.1 200
OK js_ayV_cglU9atkoYgU3mR9hP0fzNdlfeVDnoMKokTOj7M.js Show response
www.proofpoint.com/sites/default/files/js/ 2 MB
592 KB 13ms
11ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_ayV_cglU9atkoYgU3mR9hP0fzNdlfeVDnoMKokTOj7M.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6b257f720954f5ab64a18814de647d84fd1fccd7657de5439e830aa244ce8fb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 27 Jan 2021 00:24:49 GMT
X-CDN: Incapsula
Etag: "8700eeb6"
Content-Type: text/javascript
X-Iinfo: 10-9734231-0 0CNN RT(1611755600671 644) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1203450, public
Content-Length: 605550
Expires: Wed, 10 Feb 2021 12:10:51 GMT

GET
H2 206 notification.d46d7db1.mp3
js.driftqa.com/conductor/assets/media/ 20 KB
21 KB 325ms
118ms Media
audio/mpeg 3.229.202.186
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftqa.com/conductor/assets/media/notification.d46d7db1.mp3

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.229.202.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-229-202-186.compute-1.amazonaws.com

Software

nginx /

Resource Hash

ad80ac33ed04b4e6d78167b4162ecd3d2e8c29d17b43eb3df1f35b216b2ac5c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 27 Jan 2021 13:53:22 GMT
last-modified: Tue, 26 Jan 2021 23:21:41 GMT
server: nginx
access-control-allow-origin: *
etag: "d46d7db110874da77e094dcbc4bec8e6"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
Content-Range: bytes 0-20896/20897
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 20897

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cea918e6af14ac3645e0e33b30cb802820aed3e549defbd618be220c31546625

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 45 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/159/ 11 KB
5 KB 28ms
27ms Script
application/x-javascript 23.79.147.105
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/159/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.147.105 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-147-105.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:22 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 May 2020 02:24:14 GMT
Server: AkamaiNetStorage
ETag: "79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4810
Expires: Fri, 07 May 2021 13:53:22 GMT

GET
H2 200 MP9Jyqtx.min.js Show response
scripts.demandbase.com/ 81 KB
19 KB 74ms
27ms Script
application/javascript 13.224.194.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-47.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7a7e8d84d263b5f05aa764301b122fd8dd05502fca1780d3221b6c25c5366540

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Hj9OW_l.CW1YmrkWRMwtATSaAaX3Zh0U
content-encoding: gzip
last-modified: Tue, 08 Dec 2020 23:28:48 GMT
server: AmazonS3
age: 574
etag: W/"91032bd331a1eff120683d61faf4ee18"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Wed, 27 Jan 2021 13:45:31 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: gGxl3wQ8tRCDCRBDlLwuw1tdoSnwVMLElryPKCPpheLzlbemHDrQGg==

GET
H3-Q050 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
2 KB 63ms
48ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1611755602197&cv=9&fst=1611755602197&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&tiba=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d06b82f8bac70d51f358f0e53b46b7c50bc99a8a9c99f1513b98c8e5c60033aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1048
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 196ms
142ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nyk4d&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 116
pragma: no-cache
last-modified: Wed, 27 Jan 2021 13:53:22 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: f6d40a474875344d760df2a49e72aba5
x-transaction: 00ca4dfb00cab402
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 me Show response
geoip-js.com/geoip/v2.1/country/ 771 B
1 KB 75ms
58ms XHR
application/vnd.maxmind.com-country+json 2606:4700::6812:bef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com
Requested by: Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:bef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a0522d8c507073e3d7c3008298dbab964b5a299685d858b82ccd51b5d18cdda

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 6182f5a2badf2bb9-FRA
content-length: 771
cf-request-id: 07e5b7d9af00002bb99e39f000000001

GET
DATA 200
OK truncated
/ 207 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e0b6d26489191155d30162f050cf2a964afb8cf054e3f59e7f710942a9a12293

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 getForm Show response
app-abj.marketo.com/index.php/form/ 5 KB
2 KB 82ms
79ms Script
application/javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app-abj.marketo.com/index.php/form/getForm?munchkinId=309-RHV-619&form=8308&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&callback=jQuery112409363483005229567_1611755602161&_=1611755602162
Requested by: Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6b49a882a0211fd10b0a9feaa53eb0be21dbe73cd474ecb4540b68a3d38ea2b

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cf-request-id: 07e5b7d9cb00009c15bd23c000000001
content-encoding: gzip
server: cloudflare
date: Wed, 27 Jan 2021 13:53:22 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6182f5a2df649c15-AMS
cached: true

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 76ms
26ms Script
application/javascript 104.75.88.112
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js?_=1611755602208

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_tqA09FUADGT7SqsxZkjUKah1IRIPm0hhxonXCREzdAY.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.112 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-112.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Wed, 27 Jan 2021 13:53:22 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H2 204 0
bat.bing.com/action/ 0
172 B 29ms
27ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=17087961&Ver=2&mid=9b4394c8-5ae3-4cf7-b5c8-0ca80481536e&sid=04f4ef6060a711eb932ebfed9d14a2dc&vid=04f5179060a711ebaac09bad5b6c36f2&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=New%20Year,%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&kw=DanaBot&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&r=&lt=1051&evt=pageLoad&msclkid=N&sv=1&rn=981785
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 27 Jan 2021 13:53:21 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: F99ACCA64D074FCB93CB2AA88B4483B3 Ref B: FRAEDGE1315 Ref C: 2021-01-27T13:53:22Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 40 KB
13 KB 85ms
28ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c2cb2cc5345c71f30b0ce56069cfe0bdf65eb061228333d27ba0e7388748636a

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: eHeCFa11ZmebQv0hmrjMAs.eB.BPo.q4
Content-Encoding: gzip
ETag: "0aed5b94bc26ce0fe9e58d25dd314418"
x-amz-request-id: A153E367E4F64E44
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 12695
x-amz-id-2: 1CcC1EKrieRTlAyvmM8I9czxbYiNWqUAlIg4XQoBWjKMxkmKs0MXuebcXJ5+1jv9UbHz74EL7Lo=
Last-Modified: Thu, 10 Dec 2020 18:09:34 GMT
Server: AmazonS3
Date: Wed, 27 Jan 2021 13:53:22 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H3-Q050

200

activityi;dc_pre=CNG_m8GhvO4CFYfH7QodF2oCKQ;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-...
10487471.fls.doubleclick.net/ Frame 407A
Redirect Chain

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthre...
https://10487471.fls.doubleclick.net/activityi;dc_pre=CNG_m8GhvO4CFYfH7QodF2oCKQ;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww...

0
0

100ms
64ms

Document
text/html

172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10487471.fls.doubleclick.net/activityi;dc_pre=CNG_m8GhvO4CFYfH7QodF2oCKQ;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10487471.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CNG_m8GhvO4CFYfH7QodF2oCKQ;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnprLRY_xpoI52XEOdX3nkePX7ADaaUzSaW3sfetfONPJesAyCaFd_ZMpgo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jan 2021 13:53:22 GMT
expires: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 785
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jan 2021 13:53:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10487471.fls.doubleclick.net/activityi;dc_pre=CNG_m8GhvO4CFYfH7QodF2oCKQ;src=10487471;type=retar0;cat=retar0;ord=4063034641805;gtm=2wg1d0;auiddc=474842054.1611755602;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050

200

activityi;dc_pre=COyinMGhvO4CFbWo7Qoduu0Bzw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351
4788165.fls.doubleclick.net/ Frame 5D9F
Redirect Chain

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351?
https://4788165.fls.doubleclick.net/activityi;dc_pre=COyinMGhvO4CFbWo7Qoduu0Bzw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351?

0
0

99ms
63ms

Document
text/html

142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4788165.fls.doubleclick.net/activityi;dc_pre=COyinMGhvO4CFbWo7Qoduu0Bzw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4788165.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=COyinMGhvO4CFbWo7Qoduu0Bzw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnprLRY_xpoI52XEOdX3nkePX7ADaaUzSaW3sfetfONPJesAyCaFd_ZMpgo
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jan 2021 13:53:22 GMT
expires: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 420
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 27 Jan 2021 13:53:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://4788165.fls.doubleclick.net/activityi;dc_pre=COyinMGhvO4CFbWo7Qoduu0Bzw;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=5606378042900.351?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame B1BE 0
0 108ms
34ms Document
text/html 99.86.241.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.241.7 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-241-7.vie50.r.cloudfront.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

content-type: text/html
content-length: 851
date: Mon, 23 Nov 2020 17:01:03 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified: Mon, 23 Nov 2020 15:41:01 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7c17b3af9cda4d5f0ff45961b7be9fdc.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C1
x-amz-cf-id: lAoT2iQ12kFRMnT62PaVW7LclX6mdMFnRCGUC_hqWQr1EYg7BBfc_Q==
age: 5604739

GET
BLOB 200
OK fd1eddbc-a12e-4986-88d3-7c5cd2e268f3 Show response
https://www.proofpoint.com/ 0
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.proofpoint.com/fd1eddbc-a12e-4986-88d3-7c5cd2e268f3
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
H/1.1 200
OK DE.png
www.proofpoint.com/modules/custom/pp_i18n/images/ 3 KB
4 KB 10ms
9ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/modules/custom/pp_i18n/images/DE.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:20 GMT
X-CDN: Incapsula
Etag: "cc0c264c"
Content-Type: image/png
X-Iinfo: 10-9734231-0 0CNN RT(1611755600671 1080) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1203213, public
Content-Length: 3329
Expires: Wed, 10 Feb 2021 12:06:54 GMT

GET
H/1.1 200
OK visitWebPage Show response
309-rhv-619.mktoresp.com/webevents/ 2 B
311 B 388ms
97ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1611755602458&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1611755602457-49626&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:22 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 9f937bea-5cbc-41b2-a72d-21dd9555e382

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
66 B 21ms
20ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1611755602197&cv=9&fst=1611752400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&tiba=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=3845981572&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
66 B 22ms
22ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1611755602197&cv=9&fst=1611752400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&tiba=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=3845981572&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 435 B
939 B 113ms
68ms XHR
application/json 143.204.94.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&page_title=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&src=tag&key=2e81efc731d57cb3e458d08fae112991
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.49 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-49.fra50.r.cloudfront.net
Software: nginx /
Resource Hash: d4ea3e72d13f7392cf63396cfad6069a9c80d1b43f2de63b763cfec67d77540c

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
request-id: c271973e-0b1c-4024-8157-800240adcd80
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.proofpoint.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kzG8Yc2wZ_JGRmBzZkE6Ntph8aBJRw9x1ZGODBhWwRB4PRcLWSvnww==
expires: Tue, 26 Jan 2021 13:53:22 GMT

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAE-FU7AIuEAABCJE9yEmA
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAE-FU7AIuEAABCJE9yEmA&verifyHash=6000f8d9bdc587289d926be1ff7277d576fb000a

26 B
409 B

203ms
202ms

Image
image/gif

143.204.209.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAE-FU7AIuEAABCJE9yEmA&verifyHash=6000f8d9bdc587289d926be1ff7277d576fb000a
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.209.106 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-209-106.fra53.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:23 GMT
Via: 1.1 16dc09493f48bbc1fd2cdd6e175a94f7.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
trace-id: 98eb7ab25d46d8c2
X-Amz-Cf-Id: SKCl-8KGX4PZ8KgQrc_SqrRJ4ggF0tASuE64cyc5Xn9VgeeGENz3sg==

Redirect headers

Date: Wed, 27 Jan 2021 13:53:22 GMT
Via: 1.1 16dc09493f48bbc1fd2cdd6e175a94f7.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA53-C1
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AAE-FU7AIuEAABCJE9yEmA&verifyHash=6000f8d9bdc587289d926be1ff7277d576fb000a
Connection: keep-alive
trace-id: 7d65ff60f6cc8187
Content-Length: 0
X-Amz-Cf-Id: uEe3WZHLWIEwa0g-C7c_Ly8O3RJzyIpfaWRmB94PBQfcX5UB2a0VHQ==

GET
H2 451 464526.gif
id.rlcdn.com/ 0
66 B 65ms
24ms Image
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.207.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 148.207.120.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
DATA 200
OK truncated
/ 129 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 forms2.css
app-abj.marketo.com/js/forms2/css/ 13 KB
3 KB 34ms
33ms Stylesheet
text/css 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 707
vary: Accept-Encoding
content-length: 2623
cf-request-id: 07e5b7da3800009c15b8be4000000001
last-modified: Wed, 06 Jan 2021 21:16:41 GMT
server: cloudflare
etag: "26156d-3437-5b841d6e0e040"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6182f5a38fe19c15-AMS
expires: Wed, 27 Jan 2021 17:53:22 GMT

GET
H2 200 forms2-theme-plain.css
app-abj.marketo.com/js/forms2/css/ 828 B
363 B 45ms
44ms Stylesheet
text/css 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6548
vary: Accept-Encoding
content-length: 246
cf-request-id: 07e5b7da3900009c15a5a34000000001
last-modified: Wed, 06 Jan 2021 21:16:41 GMT
server: cloudflare
etag: "2616d1-33c-5b841d6e0e040"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 6182f5a38fe29c15-AMS
expires: Wed, 27 Jan 2021 17:53:22 GMT

GET
H2 200 getKnownLead Show response
app-abj.marketo.com/index.php/form/ 48 B
280 B 393ms
393ms Script
application/javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/getKnownLead?form=8308&lpId=&munchkinId=309-RHV-619&filledFields=true&_mkt_trk=id%3A309-RHV-619%26token%3A_mch-proofpoint.com-1611755602457-49626&callback=jQuery112409363483005229567_1611755602161&_=1611755602163

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad8463cb930ec9f5e910166374b500d9d2bf7c33ebd061b27a511a207baa70e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: application/javascript; charset=utf-8
cf-ray: 6182f5a39fe49c15-AMS
cf-request-id: 07e5b7da3b00009c157f155000000001

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

26ms
25ms

Script
application/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 8C_4p5S6NLuKOM2fXKpm7asomxwPn3IL
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: A6E4D842C4F3666B
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 1Pslf+Y9QwUHIZmwUo95w2CKA8MTrgZpbGBRFLUwAevxRDJ3euWTGuAJ2AJ78njOjdUd48ZsKSg=
Last-Modified: Tue, 19 Jan 2021 16:25:36 GMT
Server: AmazonS3
Date: Wed, 27 Jan 2021 13:53:22 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Wed, 27 Jan 2021 13:53:22 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/ 0
773 B 79ms
29ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: RNLxtLSkf6Q0Uxg_A_sRwQv8W.8EVOa6
Content-Encoding: gzip
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: 3R7G6XFM9YAK4M6M
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
x-amz-id-2: BnL6cFigbJS4ME54jWRwSByel+AK64WH+6LPVmuzi18c1O7yGRxQdklVZ6i5OYlgEeVVPmdcwks=
Last-Modified: Wed, 27 Jan 2021 08:06:51 GMT
Server: AmazonS3
Date: Wed, 27 Jan 2021 13:53:22 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/7YJ7XZCLMRHSVCXIHB5HIT?_s=149a9148c1aabaa4a169cfeabe301c0e&_b=2
https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=149a9148c1aabaa4a169cfeabe301c0e&_b=2

394 B
861 B

41ms
35ms

Script
application/javascript

3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=149a9148c1aabaa4a169cfeabe301c0e&_b=2
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 52b8d58d524467043eb55632968982f15ad8a28d65ff6f91d74d0accacf34351

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-type: application/javascript
content-length: 394
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=149a9148c1aabaa4a169cfeabe301c0e&_b=2
date: Wed, 27 Jan 2021 13:53:22 GMT
server: nginx/1.18.0
content-length: 105

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 83ms
29ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1611755602208
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=12975
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
121 B 8ms
6ms Image
image/gif 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1976558865&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&ul=en-us&de=UTF-8&dt=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAEABAAAAAC~&jid=&gjid=&cid=992390572.1611755602&tid=UA-2257074-1&_gid=1206467607.1611755602&gtm=2wg1d0MGR7P8X&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Brussels&cd11=BRU&cd12=Belgium&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&z=1035906404

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 12:33:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 4821
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

T47Y2VPPABDUBJXFROMZZM.js Show response
s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/
Redirect Chain

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insig...
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

4 KB
2 KB

25ms
25ms

Script
text/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 59c23ac6c266273e5b45d6f10da69ca3972d7a4279b64546d4ada35b4842a15c

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: jLathBvvWU99jubGg02eZL7.3aSwuXHA
Content-Encoding: gzip
ETag: "3ad15e3e664de53f1e10634968eb55b2"
x-amz-request-id: DD865006F09DA12B
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1592
x-amz-id-2: 1SkDqB4R7B7Wr/8PcV7SONoTZEwCrTChFiKMdETp+TWXq4WeSGVmM17uOJYDWmfvHKaktCAUyyA=
Last-Modified: Wed, 09 Dec 2020 00:07:47 GMT
Server: AmazonS3
Date: Wed, 27 Jan 2021 13:53:22 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.18.0
x-rule: *
date: Wed, 27 Jan 2021 13:53:22 GMT
x-segment-eid: T47Y2VPPABDUBJXFROMZZM
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
cache-control: no-store, no-cache, must-revalidate
x-segment-display-name: Visitors to Unsegmented Pages
x-pixel-eid: YV5KYXXEJZATZCT37YRTMK
x-segment-name: *
x-advertisable-eid: 7YJ7XZCLMRHSVCXIHB5HIT
content-length: 0
x-conversion-currency

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 91 KB
23 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: d.adroll.com
URL: https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&pv=27912458417.968967&cookie=&adroll_s_ref=&keyw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23762
x-fb-rlafr: 0
pragma: public
x-fb-debug: ZHJ4YcP1/m/az5I7oMu7ZjZIVFuASdOnyMJbjamXqlhCrGywJe2wPgfSu8zK0+CxekTyezB8XQoNmMTY70Z5kQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 27 Jan 2021 13:53:22 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 29ms
29ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&pv=27912458417.968967&cookie=&adroll_s_ref=&keyw=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding: gzip
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id: E2F067B4E9F95C64
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2039
x-amz-id-2: zahNXUrZcHvPMHZ5OZzeA/pmU+ThIaY+/c27IjCJ/f8DH693VdK16PYXiwNkUgRleJPaNozozcA=
Last-Modified: Mon, 03 Feb 2020 20:32:06 GMT
Server: AmazonS3
Date: Wed, 27 Jan 2021 13:53:22 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

204

sync
pixel.advertising.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=...
https://pixel.advertising.com/ups/55980/sync?uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
125 B

77ms
25ms

Image
text/plain

18.197.47.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55980/sync?uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.197.47.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-197-47-23.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://pixel.advertising.com/ups/55980/sync?uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 167
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_c...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expiration=1643291602
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expiration=1643291602&C=1

43 B
1 KB

36ms
35ms

Image
image/gif

23.210.249.164
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expiration=1643291602&C=1
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.249.164 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Jan 2021 13:53:22 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 27 Jan 2021 13:53:22 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 27 Jan 2021 13:53:22 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expiration=1643291602&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Wed, 27 Jan 2021 13:53:22 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expires=365

0
239 B

104ms
26ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expires=365
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&expires=365
pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xi...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&rdrctExp=true

0
477 B

92ms
92ms

Image
text/plain

64.202.112.95
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&rdrctExp=true
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 64.202.112.95 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:23 GMT
Cache-Control: no-cache
X-TraceId: a263400bbffe4390278f39e31f865139
Content-Length: 0

Redirect headers

Location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&rdrctExp=true
Date: Wed, 27 Jan 2021 13:53:23 GMT
X-TraceId: f3ea2838ca9dffb47feb77026e2dbb99
Content-Length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xi...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
1010 B

104ms
26ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Wed, 27 Jan 2021 13:53:22 GMT
X-lat: Pug23003:0:363
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 220
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
499 B

33ms
33ms

Image
image/gif

3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-type: image/gif
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

date: Wed, 27 Jan 2021 13:53:22 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk

0
219 B

78ms
22ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

tbl-x-upstream: 10.41.34.222:10213
date: Wed, 27 Jan 2021 13:53:23 GMT
server: nginx
x-fastly-to-nlb-rtt: 3972

Redirect headers

location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk
pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&...
https://eb2.3lift.com/xuid?mid=4714&xuid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

27ms
26ms

Image
image/gif

52.57.56.160
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.56.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-56-160.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=4714&xuid=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
date: Wed, 27 Jan 2021 13:53:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&...
https://x.bidswitch.net/sync?dsp_id=44&user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk

43 B
345 B

25ms
25ms

Image
image/gif

18.194.69.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.69.213 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-69-213.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk
date: Wed, 27 Jan 2021 13:53:23 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&...
https://ib.adnxs.com/setuid?entity=172&code=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk

43 B
1 KB

65ms
24ms

Image
image/gif

185.33.221.89
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.89 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

719.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 27 Jan 2021 13:53:23 GMT
X-Proxy-Origin: 82.102.19.136; 82.102.19.136; 719.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.79:80
AN-X-Request-Uuid: 03a50b6b-d283-4054-93d0-82f28c79b7bb
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/setuid?entity=172&code=YWNlZDk2MDM5OWU3NDVmY2YyMDQ0NTY2MDQ0MmVjMTk
pragma: no-cache
date: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 33ms
32ms Image
image/gif 3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:22 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.18.0
content-length: 42
vary: Cookie
content-type: image/gif

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=aced960399e745fcf20445660442ec19
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=aced960399e745fcf20445660442ec19

43 B
180 B

26ms
26ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=aced960399e745fcf20445660442ec19
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.200.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:23 GMT
via: 1.1 google
server: OXGW/16.200.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=aced960399e745fcf20445660442ec19
date: Wed, 27 Jan 2021 13:53:23 GMT
via: 1.1 google
server: OXGW/16.200.0
alt-svc: clear
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=056282badbd28d7f0de81f93f13c0e25-1611755602692&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&xid_ch=f&...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=rO2WA5nnRfzyBEVmBELsGQ
https://d.adroll.com/cm/g/in

42 B
535 B

32ms
32ms

Image
image/gif

3.248.28.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:23 GMT
server: nginx/1.18.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:23 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 389545881899618 Show response
connect.facebook.net/signals/config/ 241 KB
70 KB 173ms
170ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/389545881899618?v=2.9.33&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a344007e6c38e34001dbbb4a7c898c4fb6f5a19a306e6800cb0b94cc5ab7eea4

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-fb-rlafr: 0
pragma: public
x-fb-debug: gKoW1ZGw38drQz2eZ9S5s+t5RbFsJfm+jF82D0Eu+IvuAR3kLFn7DcjpwQO9pxAlcck8k8GpKTFi2JDVTsOdVA==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Wed, 27 Jan 2021 13:53:22 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-content-id: 515349159
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 XDFrame
app-abj.marketo.com/index.php/form/ Frame E71F 0
0 121ms
121ms Document
text/html 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/XDFrame

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: app-abj.marketo.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cf_bm=a99701fc1e1ddc77bd8052c2ab11841255ce7321-1611755602-1800-AUaFRVCR/bVclKuQCn9Qn36gaYt8dU9xRVT+PvviabwNL3FGqTB3mYFwFPvDurcdD+QQcdwDkqNC2mNHe7ftF3A=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

date: Wed, 27 Jan 2021 13:53:23 GMT
content-type: text/html; charset=utf-8
content-length: 650
set-cookie: __cfduid=db6952b831ace88af1721b7f8c3897ff21611755602; expires=Fri, 26-Feb-21 13:53:22 GMT; path=/; domain=.app-abj.marketo.com; HttpOnly; SameSite=Lax BIGipServerabjweb-nginx-app_https=!a3J6ZzM1oGHFTVC5yiPNdgcigIaMSQ9z/2PbpZ+hvdKScgtgzIWIhNVE72qk9vFAay07YO5T4JitYg==;Path=/;Version=1;Secure;Httponly
cache-control: max-age=3600
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
cf-request-id: 07e5b7dc1200009c157f16c000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6182f5a679589c15-AMS

GET
H2 200 forms_f79029b2cb.min.js Show response
tag.demandbase.com/shared/ 177 KB
57 KB 28ms
27ms Script
application/javascript 13.224.194.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.demandbase.com/shared/forms_f79029b2cb.min.js
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-47.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 69a12e6a2c6dff14902de0fec7a22b138a389be30d22265fa1f3c629373c295e

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: ZdfV2hyb4.f3iYT1bTpwGYnAcDBeMBIJ
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 19:53:05 GMT
server: AmazonS3
age: 75831
etag: W/"297f27393505134e72a57f78a067e26d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront)
date: Tue, 26 Jan 2021 16:49:32 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: hOR8WliQOPDEMx28CHAA1WzT7arwm_wWvaLVMLZrmizfHRoLd3-CEg==

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 21ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=389545881899618&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&rl=&if=false&ts=1611755603011&cd[segment_eid]=T47Y2VPPABDUBJXFROMZZM&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=29&fbp=fb.1.1611755603009.242324660&it=1611755602799&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:23 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 27 Jan 2021 13:53:23 GMT

GET
H2 200 stylesheet_f79029b2cb.v2.css
scripts.demandbase.com/shared/ 27 KB
4 KB 26ms
25ms Stylesheet
text/css 13.224.194.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/shared/stylesheet_f79029b2cb.v2.css
Requested by: Host: tag.demandbase.com
URL: https://tag.demandbase.com/shared/forms_f79029b2cb.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.47 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-47.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fa176af3695a7e918096d7d71a501167980482180f48dc0e4515855901b42969

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: csDn.NNS9VGplSm_6jcpT8H1jYl4C4Qr
content-encoding: gzip
last-modified: Mon, 07 Dec 2020 19:53:05 GMT
server: AmazonS3
age: 6714
etag: W/"178916ae2031afd4e0b75797aa965718"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront)
date: Wed, 27 Jan 2021 12:01:30 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: pWudv7cTDBpJfox80gwMXxy66SGjr4IQbMELrUeN0nLwCCt9iLQC_A==

GET
H2 200 core
js.driftt.com/ Frame 5AF0 0
0 317ms
316ms Document
text/html 13.224.194.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=6fd08d77-9d28-4d48-a9d0-534b9c1ce963&sessionStarted=1611755603&campaignRefreshToken=7a2abb3d-03ae-4f36-aa72-da6820ed6e97&pageLoadStartTime=1611755601901

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1611755700000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.194.125 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-194-125.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /core?embedId=5dfsgn7m2kst&forceShow=false&skipCampaigns=false&sessionId=6fd08d77-9d28-4d48-a9d0-534b9c1ce963&sessionStarted=1611755603&campaignRefreshToken=7a2abb3d-03ae-4f36-aa72-da6820ed6e97&pageLoadStartTime=1611755601901
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Tue, 26 Jan 2021 22:46:22 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 8P2oyjatpvwYN2ZbvdABLOqfp9r.RPRo
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Wed, 27 Jan 2021 13:53:23 GMT
cache-control: no-cache
etag: W/"3733cdb087027fe5ed9e9531f2b7ec30"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: oIRE9qx1a6VBPz-13CHCAaEL2-9hCEPepR275QMr_jvIS4NLzksmUA==

GET
H2 200 chat
js.driftt.com/core/ Frame C89D 0
0 127ms
126ms Document
text/html 13.224.194.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1611755700000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.194.125 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-194-125.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: js.driftt.com
:scheme: https
:path: /core/chat
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

content-type: text/html; charset=utf-8
server: nginx
last-modified: Tue, 26 Jan 2021 22:46:22 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 8P2oyjatpvwYN2ZbvdABLOqfp9r.RPRo
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
date: Wed, 27 Jan 2021 13:53:23 GMT
cache-control: no-cache
etag: W/"3733cdb087027fe5ed9e9531f2b7ec30"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 0e7eb16f335fe24acf3f13c5dee19c88.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: eoTIBpMGeg3VBwy5BKlS-VMwnl-uAtNJQgAvJoGEdJKtZWQWQ8ii6Q==

GET
H2 200 nr-1194.min.js Show response
js-agent.newrelic.com/ 27 KB
11 KB 66ms
20ms Script
application/javascript 151.101.114.110
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1194.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 04446c6509e4513c239c7803cf8a8c3727e8cef843c8537e48d5e05e1fa723cd

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:53:23 GMT
content-encoding: gzip
x-amz-request-id: 68D2702B1B1EE73B
x-cache: HIT
content-length: 10625
x-amz-id-2: 9oyQbEkprcwib4d82Y4NKXXqMpIfI9WwmhGg4zKHf7A66Ie1EiBa+52W3blMTdZkaSL1gYyz7m4=
x-served-by: cache-hhn4078-HHN
last-modified: Wed, 06 Jan 2021 22:25:50 GMT
server: AmazonS3
x-timer: S1611755603.333677,VS0,VE0
etag: "4f5c23cba20072ede6a543efb2f986c3"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 49854

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 126ms
124ms Script
application/javascript 104.75.88.112
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=60117052a8b34cdd&bkl=0&bl=1&pdt=1048&sid=60117052a8b34cdd&pub=&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=www.proofpoint.com&fp=us%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=0&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=DanaBot&colc=1611755603301&jsl=8193&uvs=60117052bec8efd8000&skipb=1&callback=addthis.cbs.jsonp__97380397852939930
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1611755602208
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.112 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-112.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d7d0ca72b612d904f8722ba29860450866d196e5bac4109115dd206d272f8131

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:23 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 7015 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 2E8A 0
0 29ms
29ms Document
text/html 104.75.88.112
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1611755602208

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.112 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-112.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s7.addthis.com
:scheme: https
:path: /static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

server: nginx/1.15.8
content-type: text/html
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
etag: W/"5ed917ff-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Wed, 27 Jan 2021 13:53:23 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H/1.1 200
OK 0ae22ad83e Show response
bam-cell.nr-data.net/1/ 57 B
643 B 299ms
256ms Script
text/javascript 162.247.243.146
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/0ae22ad83e?a=573869349&v=1194.94d5a62&to=bgQBYERQXBBWVBFbDldOIldCWF0NGHMXRxFYDT9aWVVXP3RYC0YTVg0PUURtfAxTUjNbBE4iDFpCQ10PW1IXH19PCAZD&rst=2026&ck=1&ref=https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot&ap=959&be=119&fe=1953&dc=1000&perf=%7B%22timing%22:%7B%22of%22:1611755601329,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:12,%22c%22:12,%22s%22:17,%22ce%22:25,%22rq%22:25,%22rp%22:33,%22rpe%22:572,%22dl%22:36,%22di%22:1000,%22ds%22:1001,%22de%22:1051,%22dc%22:1945,%22l%22:1953,%22le%22:1977%7D,%22navigation%22:%7B%7D%7D&fp=498&fcp=498&at=QkMWFgxKT08VVkcIGkQc&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1194.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 27 Jan 2021 13:53:23 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: text/javascript;charset=ISO-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
CF-Ray: 6182f5a94f06bdd7-AMS
cf-request-id: 07e5b7ddcd0000bdd7dc240000000001
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
48 B 72ms
71ms XHR
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1976558865&t=event&ni=1&_s=3&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fnew-year-new-version-danabot&ul=en-us&de=UTF-8&dt=New%20Year%2C%20New%20Version%20of%20DanaBot%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%201673709&_u=aHBAAEABAAAAAC~&jid=790726225&gjid=1197957915&cid=992390572.1611755602&tid=UA-2257074-1&_gid=1206467607.1611755602&_r=1&gtm=2wg1d0MGR7P8X&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Brussels&cd11=BRU&cd12=Belgium&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&z=278951812

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 19ms
18ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-2257074-1&cid=992390572.1611755602&jid=790726225&gjid=1197957915&_gid=1206467607.1611755602&_u=aHBAAEABAAAAAC~&z=1218676289

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Jan 2021 13:53:25 GMT
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
88 B 73ms
69ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-2257074-1&cid=992390572.1611755602&jid=790726225&_u=aHBAAEABAAAAAC~&z=368832052

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 70ms
66ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-2257074-1&cid=992390572.1611755602&jid=790726225&_u=aHBAAEABAAAAAC~&z=368832052

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:53:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK 0ae22ad83e Show response
bam-cell.nr-data.net/events/1/ 24 B
494 B 306ms
306ms XHR
image/gif 162.247.243.146
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/0ae22ad83e?a=573869349&v=1194.94d5a62&to=bgQBYERQXBBWVBFbDldOIldCWF0NGHMXRxFYDT9aWVVXP3RYC0YTVg0PUURtfAxTUjNbBE4iDFpCQ10PW1IXH19PCAZD&rst=12075&ck=1&ref=https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1194.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 San Francisco, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 27 Jan 2021 13:53:33 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Content-Type: image/gif
Access-Control-Allow-Origin: https://www.proofpoint.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
CF-Ray: 6182f5e7da96bdd7-AMS
Content-Length: 24
cf-request-id: 07e5b804e60000bdd7f007a000000001

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

201 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

25 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 01:04:11	Name: IDE Value: AHWqTUnprLRY_xpoI52XEOdX3nkePX7ADaaUzSaW3sfetfONPJesAyCaFd_ZMpgo
www.proofpoint.com/	1970-01-19 15:42:37	Name: __atuvs Value: 60117052bec8efd8000
.app-abj.marketo.com/	1970-01-19 15:42:37	Name: __cf_bm Value: a99701fc1e1ddc77bd8052c2ab11841255ce7321-1611755602-1800-AUaFRVCR/bVclKuQCn9Qn36gaYt8dU9xRVT+PvviabwNL3FGqTB3mYFwFPvDurcdD+QQcdwDkqNC2mNHe7ftF3A=
www.proofpoint.com/	1970-01-19 15:42:37	Name: drift_campaign_refresh Value: 7a2abb3d-03ae-4f36-aa72-da6820ed6e97
.www.proofpoint.com/	1970-01-20 00:28:11	Name: __ar_v4 Value: %7C7YJ7XZCLMRHSVCXIHB5HIT%3A20210126%3A1%7CYV5KYXXEJZATZCT37YRTMK%3A20210126%3A1%7CT47Y2VPPABDUBJXFROMZZM%3A20210126%3A1
www.proofpoint.com/	1970-01-20 01:12:50	Name: __atuvc Value: 1%7C4
.proofpoint.com/	1970-01-19 17:52:11	Name: _gcl_au Value: 1.1.474842054.1611755602
.proofpoint.com/	1970-01-19 15:42:37	Name: _hjAbsoluteSessionInProgress Value: 0
.proofpoint.com/	1970-01-19 17:52:11	Name: _fbp Value: fb.1.1611755603009.242324660
.proofpoint.com/	1970-01-20 09:13:47	Name: _mkto_trk Value: id:309-RHV-619&token:_mch-proofpoint.com-1611755602457-49626
www.proofpoint.com/us/blog/threat-insight	1969-12-31 23:59:59	Name: pp_user_country Value: de
.proofpoint.com/	1970-01-19 15:44:02	Name: _uetsid Value: 04f4ef6060a711eb932ebfed9d14a2dc
www.proofpoint.com/us/blog/threat-insight	1969-12-31 23:59:59	Name: hide_lang_switcher Value: 1
.proofpoint.com/	1970-01-19 15:42:37	Name: _hjFirstSeen Value: 1
.proofpoint.com/	1969-12-31 23:59:59	Name: _hjTLDTest Value: 1
.proofpoint.com/	1970-01-20 00:28:11	Name: _hjid Value: 198b381b-aba6-4a6a-9d49-498b81065f98
.www.proofpoint.com/	1970-01-23 07:21:28	Name: _rtfl_s_handshake_guid Value: 541c916e-4988-421c-a39d-23f18c4e2918
.proofpoint.com/	1970-01-19 15:42:35	Name: _gat_UA-2257074-1 Value: 1
.proofpoint.com/	1970-01-20 00:29:38	Name: _vwo_uuid_v2 Value: D2031090FB3CC7F354EAEFB8B71611364\|cd90aaa7f34c17459cef9ef89f20a35b
.www.proofpoint.com/	1970-01-20 00:28:33	Name: __adroll_fpc Value: 056282badbd28d7f0de81f93f13c0e25-1611755602692
.proofpoint.com/	1970-01-20 09:13:47	Name: _ga Value: GA1.2.992390572.1611755602
.proofpoint.com/	1970-01-20 00:28:09	Name: visid_incap_177663 Value: ypap5kb6Qdy5CVdq23Oin1BwEWAAAAAAQUIPAAAAAADfJB7y1w3fd15P/ZGKV0Mk
.proofpoint.com/	1970-01-19 16:05:59	Name: _uetvid Value: 04f5179060a711ebaac09bad5b6c36f2
.proofpoint.com/	1970-01-19 15:44:02	Name: _gid Value: GA1.2.1206467607.1611755602
.proofpoint.com/	1969-12-31 23:59:59	Name: incap_ses_730_177663 Value: qUtfNb33SxQjbHe5Z3shClBwEWAAAAAA354LDJY8VnhfboTn932V/w==

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10487471.fls.doubleclick.net
309-rhv-619.mktoresp.com
4788165.fls.doubleclick.net
ad.doubleclick.net
ads.avct.cloud
ads.avocet.io
ads.yahoo.com
adservice.google.com
analytics.twitter.com
api.company-target.com
app-abj.marketo.com
attr.ml-api.io
bam-cell.nr-data.net
bat.bing.com
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dev.visualwebsiteoptimizer.com
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
geoip-js.com
googleads.g.doubleclick.net
gwmtracking.com
ib.adnxs.com
id.rlcdn.com
js-agent.newrelic.com
js.driftqa.com
js.driftt.com
m.addthis.com
match.prod.bidr.io
munchkin.marketo.net
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
s.adroll.com
s.ml-attr.com
s7.addthis.com
script.hotjar.com
scripts.demandbase.com
secure.adnxs.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.co
tag.demandbase.com
tracking.g2crowd.com
us-u.openx.net
vars.hotjar.com
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
www.proofpoint.com
x.bidswitch.net
z.moatads.com
s7.addthis.com
104.16.94.80
104.244.42.131
104.244.42.133
104.75.88.112
13.224.194.125
13.224.194.47
13.224.194.79
13.225.80.32
13.225.80.58
141.226.228.48
142.250.186.134
142.250.186.162
143.204.209.106
143.204.94.49
151.101.114.110
151.101.12.157
162.247.243.146
172.217.16.134
18.194.69.213
18.197.47.23
185.33.221.89
185.64.190.80
192.28.144.124
216.200.122.11
23.210.248.216
23.210.249.164
23.210.250.213
23.79.147.105
2606:4700::6812:1abe
2606:4700::6812:bef
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:f03d:1fa::4000
2a00:1450:4001:802::2002
2a00:1450:4001:802::2008
2a00:1450:4001:802::200e
2a00:1450:4001:812::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::200e
2a00:1450:4001:828::2004
2a00:1450:4001:82a::200a
2a00:1450:4001:82b::2013
2a00:1450:400c:c00::9b
2a02:26f0:10c:58e::25ea
2a02:e980:107::cf
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
3.229.202.186
3.248.28.111
34.120.207.148
34.96.102.137
34.98.64.218
52.17.151.21
52.49.193.31
52.57.56.160
64.202.112.95
68.67.153.60
69.173.144.139
99.86.241.7
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
014de295141a456ceda8e3c4762085e53dca50f91ddf65906d227f70cf0b1a55
040edd0f9790722ec0064bc29530f032a5024e07fbef02fc0c7f46b7ae2ecb63
04446c6509e4513c239c7803cf8a8c3727e8cef843c8537e48d5e05e1fa723cd
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0551e996a8b1a5a73b8db08b75169d5b67291fbddb84afa02dd2f4e966b2261a
05cd215b7b218de7ab7c87c2b051c3be0d336780bbd627df696563580d5de2c7
07dd8509af0ac66d693864fabd5815420cc7e0b9ef3a9eaf8cddb056ab8fe9e8
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12326e8f0accb3ea4158ecf1cb2ab2e1b95d6a0f5eb1b80c86621f087b4363f1
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
1bdbcee5cd776cb671f72362db4be8dde833057b8e8f816c86fd301896652c8d
1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a
1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70
23eb574ca89fce57a39390dd2ce9213545ae9b17a60dc4d750246e4cd9dc4b14
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
323c1a4e3c80dfd4006758ba818674cac051d4449a4d1bb8f0049b283de8eacd
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
34fcae3cf94e02d46c230a5b7dd3827d612587164e048dcfe146518da1cb4ab0
3a0522d8c507073e3d7c3008298dbab964b5a299685d858b82ccd51b5d18cdda
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3f065197b164738a926c2fd39eb889641af2fbb5d306e1d412e888a96e6b2137
412d19203b952ff91ca19beda628e31d0ebcdcc08d617559f841780ffc7e03bf
459e23d23ffe65a86f3a1f67c07edc92e0c69461ff83fbd63764d7b36cac92fc
47587df31e1e202dea23080ef9925c0d8c0794b8362781cc8ac91628ffe07e09
4845e9f0ab8138835df66e6fb4d2f369f72c93c65b45cd8e545055e0382d08b4
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4c87fd16c94cddc65c762a4066a20e8728685247cab105f976da3cd2b9a27814
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
4dd6c09ddcb0e53a6290cc1df35224856073ba5f89d4134bd7c69e4fd9c6f515
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f3fc31f17996bdcd89a0b6358ef30b10a4d5b8e436dcd786082965f868f3bd8
52b8d58d524467043eb55632968982f15ad8a28d65ff6f91d74d0accacf34351
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
59c23ac6c266273e5b45d6f10da69ca3972d7a4279b64546d4ada35b4842a15c
5cc2628039ee08964a5f46fb8abb1d5e1ec87e1200d12862ef1232bbfed7da55
5f3b103a1268f862a5e432d607f8e5220dea9d301d13565b0ecded3ad9c25ab2
6031a45e14e5a13073a26b81b10b4ab386d523433c7e5e0f585bee367e267d03
69a12e6a2c6dff14902de0fec7a22b138a389be30d22265fa1f3c629373c295e
6b257f720954f5ab64a18814de647d84fd1fccd7657de5439e830aa244ce8fb3
7252ffc803c03a90b5b0fbdbc33eb2df1d257bccb184ffd4555f402bc6118483
73abcdba8b61ea9513c74192393cecce485ae1243f56c1cde5d61cd95650279b
785386e38e422ac73429f53fc111599e675d9a02d75b3320c6c85d7df42fd232
7a7e8d84d263b5f05aa764301b122fd8dd05502fca1780d3221b6c25c5366540
7d94a5945317f5fe3429b5360dd3e2f98cfd62bcc6ea1544781993fc7af60e14
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87ca6b47a6b9474223f530e7b8ea424392eb664d0dd417d61c31da449a5f5c4f
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
90bd8161729fc3b48992956a38ea059a54ec585c1536420d2ef33142eeeb74e2
93fa8b2f6e13b1ac02946cf42cebafaa637e07feb93b926eace76fd5128df564
945ecdd92317c56b9b6eaa7795b6a9c493c209feda4fccd4e172a0989e7a9158
96726ec495e85d90b330d3dd369458bffa2279b93dab2639b3384136d2300fd6
9780c95c3e1ae7c500081ad47bda6847fa78098990e77a677e8ddc8007347055
9e7ea2b4ba8e2bcc4a964d6192e4671dc5f6863a1c7e35b52b229a3c1e67a68d
a344007e6c38e34001dbbb4a7c898c4fb6f5a19a306e6800cb0b94cc5ab7eea4
a4398bd72e30f9efdccda15d5ff0b9fa4462f682c2e046452d351780f9496a6f
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad80ac33ed04b4e6d78167b4162ecd3d2e8c29d17b43eb3df1f35b216b2ac5c5
ad8463cb930ec9f5e910166374b500d9d2bf7c33ebd061b27a511a207baa70e7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b6a034f455000c64fb4aab316648d429a87521120f9b4861c689d70911337406
b6b49a882a0211fd10b0a9feaa53eb0be21dbe73cd474ecb4540b68a3d38ea2b
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb38c905802d2108d17f53831a3b42a182ba94d61e126f3c604c058383b3d2d2
c0269ba28d9ec51948de3000f364e6890e8a369ab832b4deb572415845a39712
c2ac3a4867ab41390bb1b48d0937e02967359fb9ff66ac0c2fbddd56d304cec3
c2cb2cc5345c71f30b0ce56069cfe0bdf65eb061228333d27ba0e7388748636a
c3b1cf19770719801574ad3b639f639406c72458057748ae064a229fbcee7c9a
c6bdc63921094353f2cb2a7619e122de384675d98bcea86a25df595c9a3c1583
c8de55874475c175335f0c6fc79e975cc9325630e3641389c18ae7ae5ab9a981
ca76057cd670f588df991cb00fb1f230de6cde0d7f19f21743981f12c69ab50a
cea918e6af14ac3645e0e33b30cb802820aed3e549defbd618be220c31546625
cef5e7a8bbafdc0187cc3bd50db0417a3ed578deec09d93fe306bddf30a9ba43
cfa0a96ac558bea3620b755284b64287fc4b2515a63243f69ab421277bb26c7f
d06b82f8bac70d51f358f0e53b46b7c50bc99a8a9c99f1513b98c8e5c60033aa
d1c6032b67262b3855f2ae2702f0497cf50f3caf6ce5211641f1756ee3a4332b
d4ea3e72d13f7392cf63396cfad6069a9c80d1b43f2de63b763cfec67d77540c
d6dffdf0c11445d390ce54b124aad97a24f21d2e54d0e2f5320c466cda85f9d9
d7d0ca72b612d904f8722ba29860450866d196e5bac4109115dd206d272f8131
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0b6d26489191155d30162f050cf2a964afb8cf054e3f59e7f710942a9a12293
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ea55115014c6525fbcd9a649af5fd6f6308ddead86156213d48048748813f033
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f156ae940f7e272f1319e3a835871f632bc4275105f4882685a3435d7ed4e3fb
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
fa11f682f9c64256b41672cef0a6b86c39d68a39da7ebe7dd4fb15780db60437
fa176af3695a7e918096d7d71a501167980482180f48dc0e4515855901b42969
fa8d00de4d9acf49fccb202f273ba09102e673a8d46bdb520d6bc9b5e740cbcd
faaa1eae3fd1905bc968447780a1c8d3e57c1c4a3cd47a6d9da14d3b1207faaf
fab816e037c0f67ab424c67234af03471c66a13357d6e187ecb238a2eac62a04
fdde3016f0fc51a46ce7cf095d624618f57ec46bfe4100631d2d416ddbe132ad

www.proofpoint.com Open in urlscan Pro 2a02:e980:107::cf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

118 Requests

98 %HTTPS

33 %IPv6

53 Domains

67 Subdomains

56 IPs

7 Countries

4264 kBTransfer

10166 kBSize

25 Cookies

25 Outgoing links

Redirected requests

118 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 28 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Screenshot
Live screenshot

Full Image

118
Requests

98 %
HTTPS

33 %
IPv6

53
Domains

67
Subdomains

56
IPs

7
Countries

4264 kB
Transfer

10166 kB
Size

25
Cookies

118 HTTP transactions
28 data transactions