www.proofpoint.com Open in urlscan Pro
45.60.159.207 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Submission: On February 26 via api (February 26th 2024, 9:51:41 am UTC) from AU — Scanned from AU

Summary HTTP 213 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 43 IPs in 4 countries across 40 domains to perform 213 HTTP transactions. The main IP is 45.60.159.207, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com. The Cisco Umbrella rank of the primary domain is 177854.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on April 4th 2023. Valid for: a year.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
37	45.60.159.207 45.60.159.207	19551 (INCAPSULA) (INCAPSULA)
3	142.250.204.8 142.250.204.8	15169 (GOOGLE) (GOOGLE)
1	18.67.111.85 18.67.111.85	16509 (AMAZON-02) (AMAZON-02)
1	142.250.66.194 142.250.66.194	15169 (GOOGLE) (GOOGLE)
2	104.18.33.110 104.18.33.110	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.214.38.209 23.214.38.209	16625 (AKAMAI-AS) (AKAMAI-AS)
7	104.16.95.80 104.16.95.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	142.251.221.74 142.251.221.74	15169 (GOOGLE) (GOOGLE)
1	18.67.111.101 18.67.111.101	16509 (AMAZON-02) (AMAZON-02)
1 2	13.56.36.101 13.56.36.101	16509 (AMAZON-02) (AMAZON-02)
3	142.250.204.2 142.250.204.2	15169 (GOOGLE) (GOOGLE)
3	216.239.32.181 216.239.32.181	15169 (GOOGLE) (GOOGLE)
2	64.233.170.156 64.233.170.156	15169 (GOOGLE) (GOOGLE)
4	172.217.24.35 172.217.24.35	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
11	23.47.73.144 23.47.73.144	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	142.250.204.14 142.250.204.14	15169 (GOOGLE) (GOOGLE)
3	13.107.21.200 13.107.21.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	23.1.240.49 23.1.240.49	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	172.64.144.225 172.64.144.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	142.250.76.102 142.250.76.102	15169 (GOOGLE) (GOOGLE)
69	13.224.181.124 13.224.181.124	16509 (AMAZON-02) (AMAZON-02)
2	157.240.8.23 157.240.8.23	32934 (FACEBOOK) (FACEBOOK)
1	104.18.36.196 104.18.36.196	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	54.204.62.38 54.204.62.38	14618 (AMAZON-AES) (AMAZON-AES)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	103.43.90.117 103.43.90.117	29990 (ASN-APPNEX) (ASN-APPNEX)
1	18.67.111.30 18.67.111.30	16509 (AMAZON-02) (AMAZON-02)
3	142.250.204.4 142.250.204.4	15169 (GOOGLE) (GOOGLE)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
6 9	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	23.47.73.159 23.47.73.159	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.1.91 151.101.1.91	54113 (FASTLY) (FASTLY)
1	142.250.66.198 142.250.66.198	15169 (GOOGLE) (GOOGLE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	52.0.156.250 52.0.156.250	14618 (AMAZON-AES) (AMAZON-AES)
5	52.52.86.48 52.52.86.48	16509 (AMAZON-02) (AMAZON-02)
2 2	54.251.52.200 54.251.52.200	16509 (AMAZON-02) (AMAZON-02)
2 2	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
2 2	13.237.11.119 13.237.11.119	16509 (AMAZON-02) (AMAZON-02)
1 2	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	18.143.106.89 18.143.106.89	16509 (AMAZON-02) (AMAZON-02)
4	18.67.111.16 18.67.111.16	16509 (AMAZON-02) (AMAZON-02)
1	157.240.8.35 157.240.8.35	32934 (FACEBOOK) (FACEBOOK)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
10	54.147.21.139 54.147.21.139	14618 (AMAZON-AES) (AMAZON-AES)
1	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
1	151.101.66.208 151.101.66.208	() ()
213	43

37 45.60.159.207 (United States)

ASN19551 (INCAPSULA, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.204.8 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.111.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-111-85.syd62.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.66.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.33.110 (None, )

ASN13335 (CLOUDFLARENET, US)

geoip-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.214.38.209 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-214-38-209.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.16.95.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-abj.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.221.74 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.111.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-111-101.syd62.r.cloudfront.net

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.56.36.101 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-56-36-101.us-west-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.204.2 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.239.32.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.170.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sg-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.24.35 (United States)

ASN15169 (GOOGLE, US)
PTR: hkg07s23-in-f35.1e100.net

www.google.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

309-rhv-619.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.47.73.144 (Inkster, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-47-73-144.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.204.14 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.21.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.1.240.49 (Sydney, Australia)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-1-240-49.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.64.144.225 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.76.102 (Plainview, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f6.1e100.net

4788165.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

69 13.224.181.124 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-181-124.syd1.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.8.23 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-syd2.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.36.196 (None, )

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.204.62.38 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-204-62-38.compute-1.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (Secaucus, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.43.90.117 (Singapore, Singapore) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 617.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.111.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-111-30.syd62.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.204.4 (Sydney, Australia)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 13.107.42.14 (United States) 6 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.47.73.159 (Inkster, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-47-73-159.deploy.static.akamaitechnologies.com

t.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.91 (United States)

ASN54113 (FASTLY, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.66.198 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd09s23-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.0.156.250 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-156-250.compute-1.amazonaws.com

loadus.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.52.86.48 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-52-86-48.us-west-1.compute.amazonaws.com

sync.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.251.52.200 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-251-52-200.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.197.193.217 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.237.11.119 (Sydney, Australia) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-237-11-119.ap-southeast-2.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.77.79 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.143.106.89 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-143-106-89.ap-southeast-1.compute.amazonaws.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.67.111.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-111-16.syd62.r.cloudfront.net

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.8.35 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-syd2.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.147.21.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-21-139.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
targeting.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.208 (None, )

ASN- ()

driftt.imgix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
69	driftt.com js.driftt.com — Cisco Umbrella Rank: 6164	777 KB
37	proofpoint.com www.proofpoint.com — Cisco Umbrella Rank: 177854	2 MB
16	sharethis.com 1 redirects platform-api.sharethis.com — Cisco Umbrella Rank: 4457 buttons-config.sharethis.com — Cisco Umbrella Rank: 5023 l.sharethis.com — Cisco Umbrella Rank: 4641 t.sharethis.com — Cisco Umbrella Rank: 6097 sync.sharethis.com — Cisco Umbrella Rank: 3049 platform-cdn.sharethis.com — Cisco Umbrella Rank: 9457	67 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 5326 c.6sc.co — Cisco Umbrella Rank: 8195 ipv6.6sc.co — Cisco Umbrella Rank: 5498 b.6sc.co — Cisco Umbrella Rank: 3594	22 KB
10	drift.com bootstrap.api.drift.com — Cisco Umbrella Rank: 6891 metrics.api.drift.com — Cisco Umbrella Rank: 6789 event.api.drift.com — Cisco Umbrella Rank: 7395 targeting.api.drift.com — Cisco Umbrella Rank: 7116	14 KB
9	linkedin.com 6 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 350 www.linkedin.com — Cisco Umbrella Rank: 615	5 KB
7	google.com analytics.google.com — Cisco Umbrella Rank: 159 www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 99	1 KB
7	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 stats.g.doubleclick.net — Cisco Umbrella Rank: 85 4788165.fls.doubleclick.net — Cisco Umbrella Rank: 327174 ad.doubleclick.net — Cisco Umbrella Rank: 157	8 KB
7	marketo.com app-abj.marketo.com — Cisco Umbrella Rank: 401944	139 KB
5	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 8103	3 KB
4	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 2864	9 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	21 KB
4	google.com.au www.google.com.au — Cisco Umbrella Rank: 29183	777 B
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 23841 ibc-flow.techtarget.com — Cisco Umbrella Rank: 21782	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 368	14 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	283 KB
2	yahoo.com 2 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 1486 ups.analytics.yahoo.com — Cisco Umbrella Rank: 425	573 B
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 479	832 B
2	ml314.com 1 redirects ml314.com — Cisco Umbrella Rank: 1975	557 B
2	eyeota.net 2 redirects ps.eyeota.net — Cisco Umbrella Rank: 1172	1 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 363	672 B
2	crwdcntrl.net 2 redirects bcp.crwdcntrl.net — Cisco Umbrella Rank: 947	897 B
2	exelator.com 2 redirects loadus.exelator.com — Cisco Umbrella Rank: 1589	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 9224	721 B
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 502	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 176	71 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 2806	3 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3542	6 KB
2	geoip-js.com geoip-js.com — Cisco Umbrella Rank: 16944	2 KB
1	imgix.net driftt.imgix.net	3 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 242	406 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 592	16 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 102	185 B
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 2105	302 B
1	ml-api.io attr.ml-api.io — Cisco Umbrella Rank: 18960	234 B
1	ml-attr.com 1 redirects s.ml-attr.com — Cisco Umbrella Rank: 15341	279 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 805	16 KB
1	mktoresp.com 309-rhv-619.mktoresp.com — Cisco Umbrella Rank: 329240	318 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 32	1 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 136	20 KB
213	40

	Domain	Requested by
69	js.driftt.com	www.proofpoint.com js.driftt.com
37	www.proofpoint.com	www.proofpoint.com
8	b.6sc.co	www.proofpoint.com
7	px.ads.linkedin.com	4 redirects www.proofpoint.com snap.licdn.com 4788165.fls.doubleclick.net
7	app-abj.marketo.com	www.proofpoint.com app-abj.marketo.com
5	sync.sharethis.com	www.proofpoint.com
5	tracking.g2crowd.com	www.proofpoint.com
4	targeting.api.drift.com	js.driftt.com
4	platform-cdn.sharethis.com	www.proofpoint.com
4	tags.srv.stackadapt.com	www.proofpoint.com tags.srv.stackadapt.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.proofpoint.com
4	www.google.com.au	www.proofpoint.com
3	t.sharethis.com	platform-api.sharethis.com t.sharethis.com
3	www.google.com	www.proofpoint.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.proofpoint.com
3	analytics.google.com	www.googletagmanager.com
3	www.googletagmanager.com	www.proofpoint.com www.googletagmanager.com
2	event.api.drift.com	js.driftt.com
2	metrics.api.drift.com	js.driftt.com
2	bootstrap.api.drift.com	js.driftt.com
2	idsync.rlcdn.com	2 redirects
2	ml314.com	1 redirects www.proofpoint.com
2	ps.eyeota.net	2 redirects
2	match.adsrvr.org	2 redirects
2	bcp.crwdcntrl.net	2 redirects
2	loadus.exelator.com	2 redirects
2	ibc-flow.techtarget.com	trk.techtarget.com
2	www.linkedin.com	2 redirects
2	epsilon.6sense.com	j.6sc.co
2	secure.adnxs.com	2 redirects
2	connect.facebook.net	www.proofpoint.com connect.facebook.net
2	4788165.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	googleads.g.doubleclick.net	www.googleadservices.com www.googletagmanager.com
2	l.sharethis.com	1 redirects www.proofpoint.com
2	dev.visualwebsiteoptimizer.com	www.proofpoint.com
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	geoip-js.com	www.proofpoint.com geoip-js.com
1	driftt.imgix.net
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.proofpoint.com
1	www.facebook.com	www.proofpoint.com
1	ups.analytics.yahoo.com	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	ad.doubleclick.net	4788165.fls.doubleclick.net
1	adservice.google.com	4788165.fls.doubleclick.net
1	pixel.mathtag.com	4788165.fls.doubleclick.net
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	trk.techtarget.com	www.proofpoint.com
1	snap.licdn.com	www.proofpoint.com
1	j.6sc.co	www.proofpoint.com
1	309-rhv-619.mktoresp.com	munchkin.marketo.net
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	fonts.googleapis.com	www.proofpoint.com
1	www.googleadservices.com	www.proofpoint.com
1	platform-api.sharethis.com	www.proofpoint.com
213	59

This site contains links to these domains. Also see Links.

Domain
proofpoint.my.site.com
digitalrisk.proofpoint.com
emaildefense.proofpoint.com
threatintel.proofpoint.com
us1.proofpointessentials.com
proofpointcommunities.force.com
partners.proofpoint.com
rules.emergingthreats.net
isc.sans.edu
blog.sucuri.net
www.mandiant.com
research.nccgroup.com
ipcheck.proofpoint.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
proofpoint.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-04` - `2024-04-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
sharethis.com Amazon RSA 2048 M02	`2023-05-20` - `2024-06-17`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-17` - `2024-05-16`	a year	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
app-abj.marketo.com Cloudflare Inc ECC CA-3	`2023-04-05` - `2024-04-04`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2023-07-06` - `2024-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.google.com.au GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-07` - `2024-10-07`	a year	crt.sh
6sc.co R3	`2024-01-29` - `2024-04-28`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 02	`2024-01-21` - `2024-06-27`	5 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
drift.com Amazon RSA 2048 M02	`2023-08-15` - `2024-09-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-05` - `2024-03-04`	3 months	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M03	`2023-09-09` - `2024-10-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M02	`2023-05-04` - `2024-06-02`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-01-30` - `2024-07-30`	6 months	crt.sh
cert1-prod.aut.a24365.net R3	`2024-02-12` - `2024-05-12`	3 months	crt.sh
*.mediamath.com R3	`2024-01-18` - `2024-04-17`	3 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2024-01-13` - `2024-04-12`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-01-15` - `2025-02-15`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh
*.imgix.com GlobalSign Atlas R3 DV TLS CA 2023 Q4	`2023-12-07` - `2025-01-07`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Frame ID: 6DF618FCF97146EF788AC6F143D1D6EC
Requests: 117 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184
Frame ID: A3FE7D05E278425DC73DDC92F059671C
Requests: 5 HTTP requests in this frame

Frame: https://app-abj.marketo.com/index.php/form/XDFrame
Frame ID: 9D1CF485FFD8175E800A624F46C7EA76
Requests: 2 HTTP requests in this frame

Frame: https://t.sharethis.com/a/t_.htm?ver=1.1280.23384&cid=c010&cls=B
Frame ID: 2F2AB438D92322F0F981835FBAF3D86D
Requests: 1 HTTP requests in this frame

Frame: https://t.sharethis.com/1.1280.23384/a/AU/t_.js?cid=c010&cls=B
Frame ID: 32455F016FF0DCADDD8138490BA3A845
Requests: 7 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
Frame ID: C918563123AECB4065FCD4342693B83F
Requests: 39 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
Frame ID: CC4FC6300A026466ECF6B92537A9EAB7
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TA569 Threat Actor Overview: SocGholish & Beyond | Proofpoint US

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

213
Requests

95 %
HTTPS

0 %
IPv6

40
Domains

59
Subdomains

43
IPs

4
Countries

3679 kB
Transfer

8358 kB
Size

64
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://proofpoint.my.site.com/community/s/
Title: Support Log-in

Search URL Search Domain Scan URL

URL: https://digitalrisk.proofpoint.com/
Title: Digital Risk Portal

Search URL Search Domain Scan URL

URL: https://emaildefense.proofpoint.com/login.php
Title: Email Fraud Defense

Search URL Search Domain Scan URL

URL: https://threatintel.proofpoint.com/
Title: ET Intelligence

Search URL Search Domain Scan URL

URL: https://us1.proofpointessentials.com/app/login.php
Title: Proofpoint Essentials

Search URL Search Domain Scan URL

URL: https://proofpointcommunities.force.com/community
Title: Sendmail Support Log-in

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/
Title: Channel PartnersBecome a channel partner. Deliver Proofpoint solutions to your customers and grow your business.

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/prm/English/s/applicant
Title: Become a Channel Partner

Search URL Search Domain Scan URL

URL: https://rules.emergingthreats.net/
Title: publishes

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170
Title: https://isc.sans.edu/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170

Search URL Search Domain Scan URL

URL: https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
Title: https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html

Search URL Search Domain Scan URL

URL: https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions
Title: https://www.mandiant.com/resources/blog/unc2165-shifts-to-evade-sanctions

Search URL Search Domain Scan URL

URL: https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/
Title: https://research.nccgroup.com/2020/06/23/wastedlocker-a-new-ransomware-variant-developed-by-the-evil-corp-group/

Search URL Search Domain Scan URL

URL: https://ipcheck.proofpoint.com/
Title: IP Address Blocked?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/proofpoint
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/proofpoint
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/proofpoint
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://l.sharethis.com/pview?event=pview&hostname=www.proofpoint.com&location=%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&product=inline-share-buttons&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&source=platform&fcmp=false&fcmpv2=false&has_segmentio=false&title=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&cms=unknown&publisher=6543fd1a2398960013d900a7&sop=true&version=st_sop.js&lang=en&description=Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.&ua=&ua_mobile=false&ua_full_version_list=&uuid=0cfe816b-e0f7-428a-8ffe-781c9aff5238 HTTP 301
https://l.sharethis.com/sc?event=pview&hostname=www.proofpoint.com&location=%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&product=inline-share-buttons&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&source=platform&fcmp=false&fcmpv2=false&has_segmentio=false&title=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&cms=unknown&publisher=6543fd1a2398960013d900a7&sop=true&version=st_sop.js&lang=en&description=Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.&ua=&ua_mobile=false&ua_full_version_list=&uuid=0cfe816b-e0f7-428a-8ffe-781c9aff5238&samesite=None

Request Chain 63

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184 HTTP 302
https://4788165.fls.doubleclick.net/activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184

Request Chain 68

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=916563861363931583

Request Chain 84

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1708941094740&li_adsId=d98bdae1-bd61-4e07-9fac-411c71b87caa&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1708941094740&li_adsId=d98bdae1-bd61-4e07-9fac-411c71b87caa&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1708941094740%26li_adsId%3Dd98bdae1-bd61-4e07-9fac-411c71b87caa%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fblog%252Fthreat-insight%252Fta569-socgholish-and-beyond%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1708941094740&li_adsId=d98bdae1-bd61-4e07-9fac-411c71b87caa&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&cookiesTest=true&liSync=true

Request Chain 90

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif HTTP 302
https://px.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D169250%26conversionId%3D9734538%26fmt%3Dgif%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&cookiesTest=true&liSync=true

Request Chain 105

https://loadus.exelator.com/load/?p=847&g=001&j=0&gdpr=0&gdpr_consent= HTTP 302
https://loadus.exelator.com/load/?p=847&g=001&j=0&gdpr=0&gdpr_consent=&xl8blockcheck=1 HTTP 302
https://sync.sharethis.com/nlsn?uid=cc81a4a87c3d5418019e2784ef560242

Request Chain 106

https://bcp.crwdcntrl.net/5/c=9084/tp=SARE/tpid=ZHwAA2XcXyYAAAAIflmwAw%3D%3D&gdpr=0&gdpr_consent=?https%3A%2F%2Fsync.sharethis.com%2Fint%2Flotame%3Fuid%3D%24%7Bprofile_id%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://bcp.crwdcntrl.net/5/ct=y/c=9084/tp=SARE/tpid=ZHwAA2XcXyYAAAAIflmwAw%3D%3D&gdpr=0&gdpr_consent=?https%3A%2F%2Fsync.sharethis.com%2Fint%2Flotame%3Fuid%3D%24%7Bprofile_id%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync.sharethis.com/int/lotame?uid=e4b16b025a2e6374be23d1b3c2ba16bb&gdpr=0&gdpr_consent=

Request Chain 107

https://match.adsrvr.org/track/cmf/generic?ttd_pid=1h1y1a7&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=1h1y1a7&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://sync.sharethis.com/ttd?uid=e09e3320-5d5d-492c-b27e-8a4cfb311424&gdpr=0&gdpr_consent=

Request Chain 108

https://ps.eyeota.net/pixel?pid=1mpb5m0&t=gif&gdpr=0&gdpr_consent= HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=1mpb5m0&t=gif&gdpr=0&gdpr_consent= HTTP 302
https://sync.sharethis.com/eyeota?uid=2hU3RnSM7FRpYarWzBg3tSqpZtRX_GULAqzPhhUGKhQ8&gdpr=0&gdpr_consent=

Request Chain 109

https://ml314.com/utsync.ashx?eid=50131&et=13&cid=lr&fp=ZHwAA2XcXyYAAAAIflmwAw%3D%3D&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fidsync.rlcdn.com%2F395886.gif%3Fpartner_uid%3D%5BPersonID%5D HTTP 302
https://idsync.rlcdn.com/395886.gif?partner_uid=3642340222842699791 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0MjM0MDIyMjg0MjY5OTc5MRAAGg0Ip77xrgYSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=9a377d6657df69015f83ac9d05c2fafeea0d0c8ce6d1b603f460ffba6a48ed2bf4cb09cee1a4f8eb&person_id=3642340222842699791&eid=50082

Request Chain 110

https://cms.analytics.yahoo.com/cms?partner_id=SHARE&gdpr=0&euconsent= HTTP 302
https://ups.analytics.yahoo.com/ups/58724/cms?partner_id=SHARE&gdpr=0&euconsent= HTTP 302
https://sync.sharethis.com/yahoo?uid=y-xVbLVxhE2oP2uFBrhnU9qil.zKuDk4k9QVg-~A&gdpr=0

213 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request ta569-socgholish-and-beyond Show response
www.proofpoint.com/us/blog/threat-insight/ 114 KB
42 KB 890ms
871ms Document
text/html 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

7bbb51c6357175f19a69c141db5eceecd3fa371e3affcfb238e433545a4ca93e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com .visualwebsiteoptimizer.com app.vwo.com .sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com ; img-src 'self' 'unsafe-inline' data: blob: .visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com ; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com .visualwebsiteoptimizer.com ; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com .visualwebsiteoptimizer.com app.vwo.com .sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com ; img-src 'self' 'unsafe-inline' data: blob: .visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com ; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com .visualwebsiteoptimizer.com ; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Accept-Ranges: bytes
Age: 15011
Cache-Control: max-age=86400, public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 35807
Content-Security-Policy: default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Content-Type: text/html; charset=UTF-8
Content-language: en
Date: Mon, 26 Feb 2024 09:51:33 GMT
ETag: "1708926079-gzip"
Expires: Tue, 27 Feb 2024 05:41:21 GMT
Feature-Policy: geolocation 'self'
Last-Modified: Mon, 26 Feb 2024 05:41:19 GMT
Permissions-Policy: interest-cohort=()
Referrer-Policy: origin-when-cross-origin
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Cookie,Accept-Encoding
Via: varnish
X-AH-Environment: prod
X-CDN: Imperva
X-Cache: HIT
X-Cache-Hits: 5
X-Content-Security-Policy: default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
X-Content-Type-Options: nosniff
X-Drupal-Cache: MISS
X-Drupal-Dynamic-Cache: MISS
X-Frame-Options: SAMEORIGIN
X-Iinfo: 4-12206238-12187122 2NNN RT(1708941091655 5) q(0 0 0 0) r(9 9)
X-Imperva-Purge-Tags: fk0h,2171,rsmc,0plh,r6o8,li2r,ebfb,unor,vunp,gp9i,jamf,p7tt,khv0,8qo7,eken,6bqn,bvs8,jlnq,ngtl,h17a,08ph,stfp,q2b0,r05l,jr13,996e,sf8e,ru78,voob,s9r0,ojvs,pbs4,acf1,hfl7,89jn,7idr,aurq,j2lt,pfi4,j25h,7h7k,c9q4,iv5v,e3qq,j5ib,b5s7,7nqj,rgrc,h5ei,9lcq,jgg2,shcs,8g9j,r1oq,kuit,tp2i,87nt,kj5r,fllv,l2u0,5cr3,80b8,us5v,vkkb,prna,j81r,g39k
X-Permitted-Cross-Domain-Policies: none
X-Request-ID: v-aac40760-d469-11ee-bafe-430a9fdd5f99
X-UA-Compatible: IE=edge
X-WebKit-CSP: default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 292 KB
95 KB 465ms
113ms Script
application/javascript 142.250.204.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

44533fc213c9a0044f2a50eae9852b6bca91a5e14ee8f74c0bd314266bea8ae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:33 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 96433
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Feb 2024 09:51:33 GMT

GET
H/1.1 200
OK proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 18 KB
18 KB 8ms
5ms Font
text/plain 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Origin: https://www.proofpoint.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Feb 2024 23:58:45 GMT
X-CDN: Imperva
Etag: "01c16c31"
X-Iinfo: 4-12206238-0 0CNN RT(1708941091655 886) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163689, public
x-incap-sess-cookie-hdr: bcngKSMXiGOzDUCx54CbBCRf3GUAAAAAGy0JXXQqE0qm/xlXCDRDDw==
Content-Length: 18296
Expires: Sun, 10 Mar 2024 21:06:21 GMT

GET
H/1.1 200
OK RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 12ms
6ms Font
application/font-woff 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Origin: https://www.proofpoint.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 16 Jan 2024 23:57:49 GMT
X-CDN: Imperva
Etag: "39ed386e"
Content-Type: application/font-woff
X-Iinfo: 10-43602677-0 0CNN RT(1708941092542 3) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1153061, public
x-incap-sess-cookie-hdr: VZdQTYJd3W2zDUCx54CbBCRf3GUAAAAAE0fY0RixN3mjYMk+dNHgzA==
Content-Length: 20951
Expires: Sun, 10 Mar 2024 18:09:13 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 20 KB
20 KB 10ms
4ms Font
application/font-woff 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Origin: https://www.proofpoint.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 16 Jan 2024 23:57:49 GMT
X-CDN: Imperva
Etag: "3a88d25f"
Content-Type: application/font-woff
X-Iinfo: 13-95980888-0 0CNN RT(1708941092542 3) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=908054, public
x-incap-sess-cookie-hdr: iO9xTwU20gKzDUCx54CbBCRf3GUAAAAAj8X8mYXZU0+aRh1IQ/GVHg==
Content-Length: 19954
Expires: Thu, 07 Mar 2024 22:05:46 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 16 KB
17 KB 10ms
4ms Font
text/plain 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Origin: https://www.proofpoint.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Feb 2024 23:58:45 GMT
X-CDN: Imperva
Etag: "80852160"
X-Iinfo: 11-61257022-0 0CNN RT(1708941092542 3) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163689, public
x-incap-sess-cookie-hdr: FGhjMX2UWGSzDUCx54CbBCRf3GUAAAAAz2PacthTfzcIYBYA4kl/Lg==
Content-Length: 16540
Expires: Sun, 10 Mar 2024 21:06:21 GMT

GET
H/1.1 200
OK RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 12ms
5ms Font
application/font-woff 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Origin: https://www.proofpoint.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 16 Jan 2024 23:57:49 GMT
X-CDN: Imperva
Etag: "8df65834"
Content-Type: application/font-woff
X-Iinfo: 4-12206238-0 0CNN RT(1708941091655 892) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=908054, public
x-incap-sess-cookie-hdr: gCoZZOgj9GuzDUCx54CbBCRf3GUAAAAApqpX+nm+IhvmFtGK1uHrNA==
Content-Length: 21304
Expires: Thu, 07 Mar 2024 22:05:46 GMT

GET
H/1.1 200
OK css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css
www.proofpoint.com/sites/default/files/css/ 25 KB
5 KB 8ms
4ms Stylesheet
text/css 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_9u0o5eJuu6TGwZMprqQy-6DGTA-fv7Mh1BBQctJUE2M.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 19 Jan 2024 00:50:59 GMT
X-CDN: Imperva
Etag: "032a9b05"
Content-Type: text/css
X-Iinfo: 12-77244006-0 0CNN RT(1708941092542 2) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163939, public
Content-Length: 4376
Expires: Sun, 10 Mar 2024 21:10:31 GMT

GET
H/1.1 200
OK css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
www.proofpoint.com/sites/default/files/css/ 148 KB
21 KB 12ms
8ms Stylesheet
text/css 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

37843bfca90789f7ef8311a8377c91a0199e47c4fa057a420df13880fa2b6914

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 19 Jan 2024 00:50:59 GMT
X-CDN: Imperva
Etag: "bb827876"
Content-Type: text/css
X-Iinfo: 12-77244007-0 0CNN RT(1708941092542 5) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=26335, public
Content-Length: 21084
Expires: Mon, 26 Feb 2024 17:10:27 GMT

GET
H/1.1 200
OK js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js Show response
www.proofpoint.com/sites/default/files/js/ 310 B
703 B 13ms
5ms Script
text/javascript 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_pJBs_U5CFeW43rfMO4MmmpBhEM0fX5cxZigDLLHuc5Q.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Mon, 18 Dec 2023 22:27:44 GMT
X-CDN: Imperva
Etag: "2c787c81"
Content-Type: text/javascript
X-Iinfo: 12-77244006-0 0CNN RT(1708941092542 8) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=908055, public
Content-Length: 235
Expires: Thu, 07 Mar 2024 22:05:47 GMT

GET
H/1.1 200
OK modernizr.min.js Show response
www.proofpoint.com/core/assets/vendor/modernizr/ 7 KB
3 KB 15ms
3ms Script
application/javascript 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/assets/vendor/modernizr/modernizr.min.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 15 Feb 2024 23:58:41 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 13-95980888-0 0CNN RT(1708941092542 11) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=908054, public
Content-Length: 3090
Expires: Thu, 07 Mar 2024 22:05:46 GMT

GET
H/1.1 200
OK modernizr-additional-tests.js Show response
www.proofpoint.com/core/misc/ 2 KB
1 KB 15ms
3ms Script
application/javascript 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/misc/modernizr-additional-tests.js?v=3.11.7

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 15 Feb 2024 23:58:42 GMT
X-CDN: Imperva
Content-Type: application/javascript
X-Iinfo: 11-61257022-0 0CNN RT(1708941092542 12) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=908055, public
Content-Length: 972
Expires: Thu, 07 Mar 2024 22:05:47 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 206 KB
46 KB 18ms
2ms Script
text/javascript 18.67.111.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.111.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-111-85.syd62.r.cloudfront.net

Software

Resource Hash

cf9e92205faeb2fc9929f8aaf67ee6fb15084be8994babd310cfa01d62e29e5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:42:52 GMT
content-encoding: gzip
via: 1.1 59304f445e251c540e46633ed3dd4f64.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD62-P2
age: 521
etag: W/"3360d-7zvdaxLS2Lhi3Pty7QrCYymkuqI"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-id: AMb7qVUejpXznYWNztPNmnf2y5hD_hnFwfBc9am36YpStSv9mRux4w==

GET
H/1.1 200
OK logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 4ms
3ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 15 Feb 2024 23:58:51 GMT
X-CDN: Imperva
Etag: "13fdd2ef"
Content-Type: image/svg+xml
X-Iinfo: 4-12206238-0 0CNN RT(1708941091655 900) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163689, public
Content-Length: 1124
Expires: Sun, 10 Mar 2024 21:06:21 GMT

GET
H/1.1 200
OK pfpt-sb-nav-promo-696x708.png.webp
www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/ 17 KB
18 KB 5ms
5ms Image
image/png 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/pfpt-sb-nav-promo-696x708.png.webp?itok=yaBL11K0

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

1cf21f57d161f8de548c33c5232d48fa022d3a594ce5ea0df88b48ffeab17525

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 27 Sep 2023 00:47:25 GMT
X-CDN: Imperva
Content-Type: image/png
X-Iinfo: 10-43602677-0 0CNN RT(1708941092542 15) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163884, public
Content-Length: 17908
Expires: Sun, 10 Mar 2024 21:09:36 GMT

GET
H/1.1 200
OK home.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 784 B
945 B 3ms
3ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/home.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 15 Feb 2024 23:58:45 GMT
X-CDN: Imperva
Etag: "4c25cdee"
Content-Type: image/svg+xml
X-Iinfo: 10-43602677-0 0CNN RT(1708941092542 24) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163689, public
Content-Length: 477
Expires: Sun, 10 Mar 2024 21:06:21 GMT

GET
H/1.1 200
OK 50-50-red-blue-cyber-computer.png.webp
www.proofpoint.com/sites/default/files/styles/image_1920_750/public/blog-images/ 38 KB
38 KB 4ms
4ms Image
image/png 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/image_1920_750/public/blog-images/50-50-red-blue-cyber-computer.png.webp?itok=tI54ujWU

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

7d4c8d64de2bdfd840f846b0ed993d89a3f61cae7c9477a4a6cafbfae8f47163

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 06 Oct 2023 00:29:16 GMT
X-CDN: Imperva
Content-Type: image/png
X-Iinfo: 4-12206238-0 0CNN RT(1708941091655 913) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1091337, public
Content-Length: 38508
Expires: Sun, 10 Mar 2024 01:00:29 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 52 KB
20 KB 256ms
153ms Script
text/javascript 142.250.66.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f2.1e100.net

Software

cafe /

Resource Hash

2c4d39b25c345fb5db9db115749d05b048a1146cc9ccaedc31a73d6affaf476b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:33 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19706
x-xss-protection: 0
server: cafe
etag: 13639777314987190761
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 26 Feb 2024 09:51:33 GMT

GET
H/1.1 200
OK js_v_LrRW2ivD9vLndB5zPIeKiIMEiKE5MqNiM7iQgwkMA.js Show response
www.proofpoint.com/sites/default/files/js/ 172 KB
59 KB 5ms
5ms Script
text/javascript 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_v_LrRW2ivD9vLndB5zPIeKiIMEiKE5MqNiM7iQgwkMA.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

bff2eb456da2bc3f6f2e7741e733c878a88830488a13932a36233b89083090c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 09 Feb 2024 00:08:22 GMT
X-CDN: Imperva
Etag: "7cf2b831"
Content-Type: text/javascript
X-Iinfo: 4-12206238-0 0CNN RT(1708941091655 927) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=915706, public
Content-Length: 60048
Expires: Fri, 08 Mar 2024 00:13:18 GMT

GET
H2 200 geoip2.js Show response
geoip-js.com/js/apis/geoip2/v2.1/ 3 KB
2 KB 333ms
20ms Script
application/javascript 104.18.33.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.33.110 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 26 Feb 2024 09:25:21 GMT
server: cloudflare
age: 1572
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 85b74a4c6fe86a54-SYD
expires: Mon, 26 Feb 2024 13:51:33 GMT

GET
H/1.1 200
OK js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js Show response
www.proofpoint.com/sites/default/files/js/ 9 KB
3 KB 4ms
4ms Script
text/javascript 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 22 Dec 2023 00:34:28 GMT
X-CDN: Imperva
Etag: "6e3ea0aa"
Content-Type: text/javascript
X-Iinfo: 4-12206238-0 0CNN RT(1708941091655 1178) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=908054, public
Content-Length: 2188
Expires: Thu, 07 Mar 2024 22:05:46 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 20ms
3ms Script
application/x-javascript 23.214.38.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.214.38.209 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-214-38-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H/1.1 200
OK js_6lGM44WqRU5Y0QiStwUyRbxfAgC5_hbEfP3RqzVdBh8.js Show response
www.proofpoint.com/sites/default/files/js/ 1 MB
452 KB 4ms
3ms Script
text/javascript 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_6lGM44WqRU5Y0QiStwUyRbxfAgC5_hbEfP3RqzVdBh8.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ea518ce385aa454e58d10892b7053245bc5f0200b9fe16c47cfdd1ab355d061f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Fri, 16 Feb 2024 00:02:08 GMT
X-CDN: Imperva
Etag: "35b6482e"
Content-Type: text/javascript
X-Iinfo: 4-12206238-0 0CNN RT(1708941091655 1204) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=310783, public
Content-Length: 462706
Expires: Fri, 01 Mar 2024 00:11:15 GMT

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ 199 KB
67 KB 253ms
26ms Script
application/x-javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
age: 4090
etag: "2011e9-31ad2-60e27d4627680"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 85b74a4dbf02a898-SYD
expires: Mon, 26 Feb 2024 13:51:34 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 409 KB
113 KB 123ms
121ms Script
application/javascript 142.250.204.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

61940a024b4eb9586443a3d82b256fc46976567a27380f969e42f8f2faeb80bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 116036
x-xss-protection: 0
last-modified: Mon, 26 Feb 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Feb 2024 09:51:34 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 6 KB
3 KB 16ms
7ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=767242&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&f=1&vn=1.3
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gsyd1 /
Resource Hash: 747310f4043c850ae6b76c074e86b80057cea2d56cd595d0179b4aa9cb5077e5

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:33 GMT
content-encoding: gzip
via: 1.1 google
server: gsyd1
etag: W/"1701884099_EA"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 css
fonts.googleapis.com/ 12 KB
1 KB 498ms
98ms Stylesheet
text/css 142.251.221.74
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.74 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f10.1e100.net

Software

ESF /

Resource Hash

e2a193fa1b1801dcdddf024a250b04b496f5e36e4324a8de73948e6421ff5865

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 26 Feb 2024 09:51:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 26 Feb 2024 09:51:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 26 Feb 2024 09:51:33 GMT

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
143 B 196ms
196ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=767242&d=proofpoint.com&u=DD491C9F68101D29153A3054065A8D6D5&h=66bb55f7b924f7862a3a09f35a8508aa&t=false

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv2c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv2c
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 200 6543fd1a2398960013d900a7.js Show response
buttons-config.sharethis.com/js/ 745 B
1 KB 1298ms
977ms Script
text/javascript 18.67.111.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/6543fd1a2398960013d900a7.js

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.111.101 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-111-101.syd62.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9c1b1066c42f920ce30aee11e0645fc48f66f13f828e31865b34abe54d6dd4e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:36 GMT
via: 1.1 df166554184adf2da43f53000107ac74.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 17 Nov 2023 07:10:02 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P2
x-amz-server-side-encryption: AES256
etag: "923a352055e8a91048dec7ed5b809c72"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 745
x-amz-cf-id: CEIGL2NRyqvbz1v-NuXogmguWc089J05Duxm8M2UQXuE7Q6MPxur8A==

GET
H/1.1

200
OK

sc Show response
l.sharethis.com/
Redirect Chain

https://l.sharethis.com/pview?event=pview&hostname=www.proofpoint.com&location=%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&product=inline-share-buttons&url=https%3A%2F%2Fwww.proofpo...
https://l.sharethis.com/sc?event=pview&hostname=www.proofpoint.com&location=%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&product=inline-share-buttons&url=https%3A%2F%2Fwww.proofpoint...

160 B
684 B

149ms
149ms

XHR
text/plain

13.56.36.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/sc?event=pview&hostname=www.proofpoint.com&location=%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&product=inline-share-buttons&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&source=platform&fcmp=false&fcmpv2=false&has_segmentio=false&title=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&cms=unknown&publisher=6543fd1a2398960013d900a7&sop=true&version=st_sop.js&lang=en&description=Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.&ua=&ua_mobile=false&ua_full_version_list=&uuid=0cfe816b-e0f7-428a-8ffe-781c9aff5238&samesite=None

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Server

13.56.36.101 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-56-36-101.us-west-1.compute.amazonaws.com

Software

Resource Hash

57c74eb0d5e0ec7098c99e921db575346808a900903d39ba3cdab32c4d206fc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:34 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.proofpoint.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Stid: ZHwAA2XcXyYAAAAIflmwAw==
Access-Control-Allow-Headers: *
Content-Length: 160
X-Robots-Tag: noindex, nofollow

Redirect headers

Date: Mon, 26 Feb 2024 09:51:34 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://www.proofpoint.com
Location: /sc?event=pview&hostname=www.proofpoint.com&location=%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&product=inline-share-buttons&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&source=platform&fcmp=false&fcmpv2=false&has_segmentio=false&title=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&cms=unknown&publisher=6543fd1a2398960013d900a7&sop=true&version=st_sop.js&lang=en&description=Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.&ua=&ua_mobile=false&ua_full_version_list=&uuid=0cfe816b-e0f7-428a-8ffe-781c9aff5238&samesite=None
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Stid: ZHwAA2XcXyYAAAAIflmwAw==
Access-Control-Allow-Headers: *
Content-Length: 877
X-Robots-Tag: noindex, nofollow

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 4ms
4ms Script
application/x-javascript 23.214.38.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.214.38.209 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-214-38-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Wed, 05 Jun 2024 09:51:34 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 3 KB
2 KB 505ms
104ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1708941094004&cv=9&fst=1708941094004&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&tiba=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

b4db5c4844f2d9760dbfe6c13daa07bafa8fcd740f2172a7ca8ac237e27286d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1389
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK nav-search-icon.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 251 B
669 B 4ms
3ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/nav-search-icon.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

46454a26b3142dec4540c21c9c156f2b3e570488667f1bbcf81854e27925f2a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 15 Feb 2024 23:58:51 GMT
X-CDN: Imperva
Etag: "f9d15cf7"
Content-Type: image/svg+xml
X-Iinfo: 4-12206238-0 0CNN RT(1708941091655 1455) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163688, public
Content-Length: 200
Expires: Sun, 10 Mar 2024 21:06:21 GMT

GET
H/1.1 200
OK header-search-submit.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 263 B
681 B 4ms
4ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-search-submit.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

479f333c6cdf10724e19b33079cab821bb37b0a463170ea9943dcbc0c6d9dc67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 15 Feb 2024 23:58:45 GMT
X-CDN: Imperva
Etag: "74f89ce5"
Content-Type: image/svg+xml
X-Iinfo: 10-43602677-0 0CNN RT(1708941092542 569) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163885, public
Content-Length: 212
Expires: Sun, 10 Mar 2024 21:09:38 GMT

GET
H/1.1 200
OK header-language-selector.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 5ms
5ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-language-selector.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

d53ad65904b3e7c8a7dbf9479478e5c3f84ac198f1d81f3a97edd0e4af552e3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "42805225"
Content-Type: image/svg+xml
X-Iinfo: 11-61257022-0 0CNN RT(1708941092542 570) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1167780, public
Content-Length: 1344
Expires: Sun, 10 Mar 2024 22:14:33 GMT

GET
H/1.1 200
OK ransomware-bg-img.png.webp
www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/ 2 KB
2 KB 3ms
3ms Image
image/png 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/webp_conversion/public/nav-promo-images/ransomware-bg-img.png.webp?itok=FI5DSrca

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

029d219cdef5f07caa9c512aa1e804f9251cc8623c2461dd9c01cb680700da97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 27 Sep 2023 00:47:25 GMT
X-CDN: Imperva
Content-Type: image/png
X-Iinfo: 13-95980888-0 0CNN RT(1708941092542 568) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1167780, public
Content-Length: 1624
Expires: Sun, 10 Mar 2024 22:14:33 GMT

GET
H/1.1 200
OK block-subscribe-button-addthis.webp
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 2 KB
2 KB 4ms
4ms Image
text/plain 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/block-subscribe-button-addthis.webp

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

5f3083b731588016304b0ac105b66985b8ffc9d2c7a2e627f0435da5e86a4648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 30 Jan 2024 23:54:01 GMT
X-CDN: Imperva
Etag: "81ec458f"
X-Iinfo: 12-77244007-0 0CNN RT(1708941092542 569) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=41291, public
Content-Length: 1656
Expires: Mon, 26 Feb 2024 21:19:44 GMT

GET
H/1.1 200
OK marketo-form-spinner.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
877 B 4ms
4ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/marketo-form-spinner.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

5680e67bec883a7cc47635705afdaa0d28ad681a1bec515983784fe6c002356b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:09 GMT
X-CDN: Imperva
Etag: "d85f1d02"
Content-Type: image/svg+xml
X-Iinfo: 12-77244006-0 0CNN RT(1708941092542 571) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1169155, public
Content-Length: 408
Expires: Sun, 10 Mar 2024 22:37:28 GMT

GET
H/1.1 200
OK footer-logo.webp
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 22 KB
22 KB 4ms
3ms Image
text/plain 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/footer-logo.webp

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

2fdb22da214a2f7bcfb7d56f8abbdca611c002e04b290aff79caa93d4aaa76f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 15 Feb 2024 23:58:45 GMT
X-CDN: Imperva
Etag: "309d9079"
X-Iinfo: 10-43602677-0 0CNN RT(1708941092542 574) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163885, public
Content-Length: 22268
Expires: Sun, 10 Mar 2024 21:09:38 GMT

GET
H/1.1 200
OK twitter-x.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 674 B
934 B 3ms
3ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/twitter-x.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

637bd059ef7a81089f0b6111be2ed656ca25fdf9200af682a3154a4ab5eab498

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 15 Feb 2024 23:58:51 GMT
X-CDN: Imperva
Etag: "2420fbc3"
Content-Type: image/svg+xml
X-Iinfo: 12-77244007-0 0CNN RT(1708941092542 575) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163885, public
Content-Length: 465
Expires: Sun, 10 Mar 2024 21:09:38 GMT

GET
H/1.1 200
OK regions.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
2 KB 4ms
3ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/regions.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Thu, 15 Feb 2024 23:58:51 GMT
X-CDN: Imperva
Etag: "6222cb97"
Content-Type: image/svg+xml
X-Iinfo: 13-95980888-0 0CNN RT(1708941092542 575) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1163885, public
Content-Length: 1355
Expires: Sun, 10 Mar 2024 21:09:38 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-02-23%20at%204.03.46%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 356 KB
356 KB 5ms
4ms Image
image/png 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-02-23%20at%204.03.46%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

98027b235fe596c3d4954af1307fda6b83df3d32c705ea0a1234518d05db2632

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Feb 2023 23:08:47 GMT
X-CDN: Imperva
Etag: "5d5f26cd"
Content-Type: image/png
X-Iinfo: 10-43602677-0 0CNN RT(1708941092542 606) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=150485, public
Content-Length: 364386
Expires: Wed, 28 Feb 2024 03:39:38 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-02-23%20at%204.03.56%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 389 KB
389 KB 5ms
5ms Image
image/png 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-02-23%20at%204.03.56%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

17b023deed8da26f85aec8ec905699b3e1d94703319059ef69597f18412a022a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Feb 2023 23:09:07 GMT
X-CDN: Imperva
Etag: "5a81134a"
Content-Type: image/png
X-Iinfo: 13-95980888-0 0CNN RT(1708941092542 606) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=150515, public
Content-Length: 397912
Expires: Wed, 28 Feb 2024 03:40:08 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-02-23%20at%204.04.03%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 393 KB
394 KB 16ms
15ms Image
image/png 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-02-23%20at%204.04.03%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ee6ffdd8c9cbb3735466a4da958a10e8280426b4479e8b5788212b1b82fe25f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Feb 2023 23:09:28 GMT
X-CDN: Imperva
Etag: "3b6e154d"
Content-Type: image/png
X-Iinfo: 12-77244007-77242076 2CNN RT(1708941092542 613) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=150516, public
Content-Length: 402518
Expires: Wed, 28 Feb 2024 03:40:09 GMT

GET
H/1.1 200
OK Screen%20Shot%202023-02-23%20at%204.04.14%20PM.png
www.proofpoint.com/sites/default/files/inline-images/ 254 KB
255 KB 5ms
5ms Image
image/png 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/inline-images/Screen%20Shot%202023-02-23%20at%204.04.14%20PM.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

54f7c5abf7cebc48854d137c8cf94a49de5ee1f85479004016a62f02d56b9222

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Feb 2023 23:10:01 GMT
X-CDN: Imperva
Etag: "d259dc11"
Content-Type: image/png
X-Iinfo: 11-61257022-61252916 2CNN RT(1708941092542 607) q(0 0 0 -1) r(0 0) U18
Cache-Control: max-age=150521, public
Content-Length: 260492
Expires: Wed, 28 Feb 2024 03:40:14 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
256 B 498ms
98ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je42l0v890103917za220&_p=1708941093465&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=1465068310.1708941094&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708941094&sct=1&seg=0&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&dt=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1683
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 586ms
95ms Ping
text/plain 64.233.170.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B1V8SZE3GL&cid=1465068310.1708941094&gtm=45je42l0v890103917za220&aip=1&dma=0&gcd=13l3l3l3l1&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.233.170.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: sg-in-f156.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
408 B 502ms
102ms Image
image/gif 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B1V8SZE3GL&cid=1465068310.1708941094&gtm=45je42l0v890103917za220&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&z=27485980

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f35.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK visitWebPage
309-rhv-619.mktoresp.com/webevents/ 2 B
318 B 1351ms
199ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1708941094236&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1708941094235-28380&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:35 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 8cd11382-33c1-4f57-ba4e-4a6784258de0

GET
H2 200 me Show response
geoip-js.com/geoip/v2.1/country/ 708 B
908 B 417ms
109ms XHR
application/vnd.maxmind.com-country+json 104.18.33.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com

Requested by

Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.33.110 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa4e61ea34efffdda8f0dc0b401826f1cbdef256941574aae6f13fa54e02d07a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 85b74a50fc775509-SYD
content-length: 708

GET
H/1.1 200
OK header-email.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 951 B
983 B 5ms
4ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-email.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "81ce57ee"
Content-Type: image/svg+xml
X-Iinfo: 12-77244007-0 0CNN RT(1708941092542 807) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1167780, public
Content-Length: 514
Expires: Sun, 10 Mar 2024 22:14:33 GMT

GET
H/1.1 200
OK header-shield.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 298 B
673 B 8ms
7ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-shield.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "1eb00a79"
Content-Type: image/svg+xml
X-Iinfo: 13-95980888-0 0CNN RT(1708941092542 810) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1167781, public
Content-Length: 204
Expires: Sun, 10 Mar 2024 22:14:34 GMT

GET
H/1.1 200
OK header-security.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 934 B
905 B 4ms
4ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/header-security.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:02 GMT
X-CDN: Imperva
Etag: "3296a54b"
Content-Type: image/svg+xml
X-Iinfo: 11-61257022-0 0CNN RT(1708941092542 806) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1167780, public
Content-Length: 436
Expires: Sun, 10 Mar 2024 22:14:33 GMT

GET
H2 200 getForm Show response
app-abj.marketo.com/index.php/form/ 6 KB
2 KB 277ms
276ms Script
application/javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://app-abj.marketo.com/index.php/form/getForm?munchkinId=309-RHV-619&form=19277&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&callback=jQuery371003883152916803212_1708941094187&_=1708941094188
Requested by: Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c5a7210fc1388e35300d7b257180c2ed4d0cdcf1a37e3372536c9a8c4f000db9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 85b74a4f2842a898-SYD
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 6si.min.js Show response
j.6sc.co/ 64 KB
18 KB 85ms
30ms Script
application/javascript 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Feb 2024 19:00:41 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "65d799d9-101dd"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 17693
expires: Mon, 26 Feb 2024 09:51:34 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 352ms
2ms Script
text/javascript 142.250.204.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.14 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Feb 2024 09:16:39 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2095
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 26 Feb 2024 11:16:39 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 207 KB
75 KB 114ms
113ms Script
application/javascript 142.250.204.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-950296937&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.8 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

33a8fb1c404f784e5c0b9807adc3b2ffb47b5c4f9ba7050aaf04734f5aff2dc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76669
x-xss-protection: 0
last-modified: Mon, 26 Feb 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 26 Feb 2024 09:51:34 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 437ms
120ms Script
application/javascript 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

45396b8359112c614d4aab3fcb716deaabc47e477078f675d7bf69f5791c8f53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 26 Feb 2024 09:51:34 GMT
last-modified: Thu, 22 Feb 2024 21:00:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 71E45E708CDE4B42ABC1635F41C923D7 Ref B: SYD03EDGE1919 Ref C: 2024-02-26T09:51:34Z
etag: "0adee36d265da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13197

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 45 KB
16 KB 339ms
11ms Script
application/javascript 23.1.240.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.1.240.49 Sydney, Australia, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-1-240-49.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Feb 2024 09:12:49 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=32757
accept-ranges: bytes
content-length: 16480

GET
H2 200 1594.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
412 B 555ms
238ms Script
text/javascript 172.64.144.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.144.225 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: ea879bc0-de80-4ca4-af4d-d44a5837208e
x-runtime: 0.003783
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 85b74a527da0aac1-SYD

GET
H2 200 1644.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 506ms
230ms Script
text/javascript 172.64.144.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.144.225 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 419c913e-e93c-4770-8651-d30ae6efeb1d
x-runtime: 0.003000
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 85b74a527da3aac1-SYD

GET
H2 200 1645.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
413 B 293ms
230ms Script
text/javascript 172.64.144.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.144.225 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: e52a8f03-28bf-46a0-bff0-196bd325e47d
x-runtime: 0.003771
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 85b74a527da4aac1-SYD

GET
H2 200 1646.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
412 B 290ms
231ms Script
text/javascript 172.64.144.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.144.225 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 003d219c-57a8-4230-bb91-230b5907953d
x-runtime: 0.003563
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 85b74a527da2aac1-SYD

GET
H2 200 1647.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
421 B 291ms
235ms Script
text/javascript 172.64.144.225
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.144.225 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: aa4d96c1-59ae-4b1a-9e97-7edc13e65a39
x-runtime: 0.003759
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 85b74a527da1aac1-SYD

GET
H2

200

activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184 Show response
4788165.fls.doubleclick.net/ Frame A3FE
Redirect Chain

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184?
https://4788165.fls.doubleclick.net/activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184?

2 KB
1 KB

157ms
156ms

Document
text/html

142.250.76.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4788165.fls.doubleclick.net/activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.76.102 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s24-in-f6.1e100.net

Software

cafe /

Resource Hash

1ed7c57fe7db291b2aa6b49cbcadb4f6bec5523037b3504a4838072dece248ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 1062
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 09:51:34 GMT
expires: Mon, 26 Feb 2024 09:51:34 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 26 Feb 2024 09:51:34 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://4788165.fls.doubleclick.net/activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5dfsgn7m2kst.js Show response
js.driftt.com/include/1708941300000/ 220 KB
62 KB 503ms
430ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1708941300000/5dfsgn7m2kst.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2632767b652b8d6e0a9bba35dd89cb580138cc604b6a862f21eec1cfa7ea6096

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
x-amz-version-id: pLg1eKenIzGxoUKhVHmjNSXllFaPh7Wp
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Thu, 22 Feb 2024 22:13:37 GMT
server: istio-envoy
etag: W/"c2a259489fb8e8e1bb4959cc8713bd5b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: UiJRxsD_XV4BgH9QUKQepy8d3AcaWeLtUEZ7X_wu2wu5rOYrFHV1HA==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 214 KB
58 KB 314ms
3ms Script
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 26 Feb 2024 09:51:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57257
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: btbqHwrGbWntzzlW1aHJAj2R+8/wo1HLEaanqk4mlhWvwrYsc8nmyH5Z6HApucLoeI2e8e6+drzzUTvZr85IOw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 360ms
36ms Script
text/javascript 104.18.36.196
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.36.196 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 47453
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 85b74a54b9abaae3-SYD
expires: Mon, 26 Feb 2024 10:11:35 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 637ms
194ms Script
text/javascript 54.204.62.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.62.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-204-62-38.compute-1.amazonaws.com
Software: /
Resource Hash: 117457a154f3f942675177c493160561dc6391a60c4afbf93a91e65da5bdc6d3

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 26 Feb 2024 09:51:35 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2

200

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=916563861363931583

0
234 B

1004ms
679ms

Image
application/json

18.67.111.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=916563861363931583
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Protocol: H2
Server: 18.67.111.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-111-30.syd62.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:37 GMT
via: 1.1 f3405208f368b682f8c8a96590ab1596.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD62-P2
x-cache: Miss from cloudfront
content-type: application/json
x-amz-cf-id: LJadWBB4Wdv6hEeCt7kPvcJCi10Ojn1I4Qrwt7Ct5OpUWIPp4MQjnA==
content-length: 0
apigw-requestid: TvPOehd8IAMEV-w=

Redirect headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:36 GMT
an-x-request-uuid: 4b068206-d8c0-473e-9119-c47996538e12
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://attr.ml-api.io/?domain=proofpoint.com&pId=916563861363931583
x-proxy-origin: 66.203.112.160; 66.203.112.160; 617.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
195 B 23ms
14ms XHR
text/html 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-73-144.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
284 B 371ms
15ms XHR
text/html 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-47-73-144.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.proofpoint.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1708941094817_388974988_1131740823_16_930_13_30_219";dur=1
content-length: 4
expires: Mon, 26 Feb 2024 09:51:34 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 501ms
441ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=3df9dd2c-4ad2-45b1-8b17-379eb0749e9f&session=6bb35ac4-221a-4409-81ac-2462353443e9&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A34%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26amp%3B%20Beyond%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&pageViewId=5abc7860-2a93-4f45-8268-525ea68c7d37&v=1.1.15

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 499ms
443ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=3df9dd2c-4ad2-45b1-8b17-379eb0749e9f&session=6bb35ac4-221a-4409-81ac-2462353443e9&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2009%3A51%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2276d4adecd2340b300ba5d4296ecef89d%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2009%3A51%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2009%3A51%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22cf897ce61a58c53c1861f742ebebc2622f6b0fcf%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2009%3A51%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2026%20Feb%202024%2009%3A51%3A34%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26amp%3B%20Beyond%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&pageViewId=5abc7860-2a93-4f45-8268-525ea68c7d37&v=1.1.15

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
455 B 503ms
103ms Image
image/gif 142.250.204.4
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1708941094004&cv=9&fst=1708938000000&num=1&guid=ON&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&tiba=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&cid=CAQSGwB7FLtq5jlOnVGiNpFlPLUfeb-LIeNMQ7ETfQ&random=3294255413&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.4 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:35 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.au/pagead/1p-user-list/950296937/ 42 B
108 B 104ms
104ms Image
image/gif 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/pagead/1p-user-list/950296937/?random=1708941094004&cv=9&fst=1708938000000&num=1&guid=ON&eid=375603260%2C466465926%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=480&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&tiba=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&cid=CAQSGwB7FLtq5jlOnVGiNpFlPLUfeb-LIeNMQ7ETfQ&random=3294255413&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f35.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:35 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 forms2.css
app-abj.marketo.com/js/forms2/css/ 13 KB
3 KB 21ms
21ms Stylesheet
text/css 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 2812
content-length: 2623
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
etag: "2c09c5-3437-60e27d4627680"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 85b74a50e9bea898-SYD
expires: Mon, 26 Feb 2024 13:51:34 GMT

GET
H2 200 forms2-theme-plain.css
app-abj.marketo.com/js/forms2/css/ 828 B
361 B 19ms
18ms Stylesheet
text/css 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
cf-cache-status: HIT
age: 2812
content-length: 246
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
etag: "1e1d62-33c-60e27d4627680"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 85b74a50e9bfa898-SYD
expires: Mon, 26 Feb 2024 13:51:34 GMT

GET
H2 200 getKnownLead Show response
app-abj.marketo.com/index.php/form/ 49 B
280 B 627ms
627ms Script
application/javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/getKnownLead?form=19277&lpId=&munchkinId=309-RHV-619&filledFields=true&_mkt_trk=id%3A309-RHV-619%26token%3A_mch-proofpoint.com-1708941094235-28380&callback=jQuery371003883152916803212_1708941094187&_=1708941094189

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c18a12f1fab791044c77b7d95f5375a86246ba644776a319b7db5d5a355b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
server: cloudflare
content-type: application/javascript; charset=utf-8
cf-ray: 85b74a50e9c0a898-SYD

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 3 KB
2 KB 107ms
106ms Script
text/javascript 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1708941094642&cv=11&fst=1708941094642&bg=ffffff&guid=ON&async=1&gtm=45be42l0v885828997z876619393za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&hn=www.googleadservices.com&frm=0&tiba=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&npa=0&pscdl=noapi&auid=1827095088.1708941094&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-950296937&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

501f2ebca0d1409039eeba4530ecd1f5c0eff312a15ebeaa12dec1fed75c1199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 747 B
721 B 314ms
110ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: fad7f3075c75555a19dd023c2317550688e7dd5be59b37cf12b6188cc9917a7b

Request headers

Referer: https://www.proofpoint.com/
accept-language: en-AU,en;q=0.9
Authorization: Token cf897ce61a58c53c1861f742ebebc2622f6b0fcf
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
X-6s-CustomID: WebTag1.0 76d4adecd2340b300ba5d4296ecef89d

Response headers

x-trace-id: 2642478769924365718
date: Mon, 26 Feb 2024 09:51:35 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: ap-northeast-1a
access-control-allow-origin: https://www.proofpoint.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 397

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 319ms
107ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.proofpoint.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Mon, 26 Feb 2024 09:51:34 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: ap-northeast-1a
x-trace-id: 6859102742685210219

GET
H/1.1 200
OK AU.png
www.proofpoint.com/modules/custom/pp_i18n/images/ 5 KB
6 KB 4ms
3ms Image
image/png 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/modules/custom/pp_i18n/images/AU.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

8a0733dd0cf11c03279cb16006ab9a98db3818f2651b8033aca347132f9082ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 16 Jan 2024 23:57:48 GMT
X-CDN: Imperva
Etag: "a2d182dd"
Content-Type: image/png
X-Iinfo: 11-61257022-0 0CNN RT(1708941092542 1223) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1155762, public
Content-Length: 5297
Expires: Sun, 10 Mar 2024 18:54:15 GMT

GET
H/1.1 200
OK language-selector.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 571 B
792 B 5ms
5ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/language-selector.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

89cfdadb23c7206b508ca2007f1e8c183f609fd283a91b03e19b64ee2f03a288

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:09 GMT
X-CDN: Imperva
Etag: "73801966"
Content-Type: image/svg+xml
X-Iinfo: 13-95980888-0 0CNN RT(1708941092542 1222) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1167781, public
Content-Length: 322
Expires: Sun, 10 Mar 2024 22:14:34 GMT

GET
H/1.1 200
OK language-selector-close.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 429 B
740 B 4ms
4ms Image
image/svg+xml 45.60.159.207
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/language-selector-close.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.159.207 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

96edd93e84addeee41ef9c34f49a339fead522f84e7c61a48877c8768b5d7caf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/sites/default/files/css/css_N4Q7_KkHiffvgxGoN3yRoBmeR8T6BXpCDfE4gPoraRQ.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Tue, 30 Jan 2024 23:54:09 GMT
X-CDN: Imperva
Etag: "ab0b796a"
Content-Type: image/svg+xml
X-Iinfo: 12-77244007-0 0CNN RT(1708941092542 1222) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1167782, public
Content-Length: 270
Expires: Sun, 10 Mar 2024 22:14:35 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1708941094740&li_adsId=d98bdae1-bd61-4e07-9fac-411c71b87caa&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthr...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1708941094740&li_adsId=d98bdae1-bd61-4e07-9fac-411c71b87caa&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthr...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%252C3955937%252C3976212%26time%3D1708941094740%26li_adsId%3Dd98bdae1-bd61-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1708941094740&li_adsId=d98bdae1-bd61-4e07-9fac-411c71b87caa&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthr...

0
277 B

189ms
189ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1708941094740&li_adsId=d98bdae1-bd61-4e07-9fac-411c71b87caa&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&cookiesTest=true&liSync=true
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9070519694664D0D88E6D778A1A55993 Ref B: SYD03EDGE2109 Ref C: 2024-02-26T09:51:35Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYSRdrzj6YHVDzs/KQkew==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Mon, 26 Feb 2024 09:51:35 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYSRdrwl9zBzPIx7viEYg==
pragma: no-cache
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 70EBD0139E8D485DB8047C362C7ABFEA Ref B: SYD03EDGE2109 Ref C: 2024-02-26T09:51:35Z
x-frame-options: sameorigin
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250%2C3955937%2C3976212&time=1708941094740&li_adsId=d98bdae1-bd61-4e07-9fac-411c71b87caa&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
489 B 505ms
192ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.proofpoint.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 9B41D82BD3144E5197AF0727B2A49071 Ref B: SYD03EDGE2109 Ref C: 2024-02-26T09:51:35Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://www.proofpoint.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYSRdrrKd72TqC+UqyEVQ==

GET
H/1.1 200
OK t.dhj Show response
t.sharethis.com/1/k/ 2 KB
2 KB 86ms
18ms Script
application/javascript 23.47.73.159
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sharethis.com/1/k/t.dhj?cid=c010&cls=B&dmn=www.proofpoint.com&rnd=1708941094752

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.159 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-159.deploy.static.akamaitechnologies.com

Software

Resource Hash

9c2df34e24fbac806c9d96da85e1c06df3f79267b0f105620b8cfcee0ced5b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000 ; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:35 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=2628000 ; includeSubDomains
Content-Type: application/javascript
Cache-Control: private, max-age=3600
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 1364
Expires: Mon, 26 Feb 2024 10:51:35 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
211 B 98ms
97ms XHR
text/plain 142.250.204.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1065740990&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&ul=en-us&de=UTF-8&dt=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAEK~&jid=1522579256&gjid=1587998071&cid=1465068310.1708941094&tid=UA-2257074-1&_gid=2110253003.1708941095&_r=1&_slc=1&gtm=45He42l0n81MGR7P8Xv76619393za200&gcd=13l3l3l3l1&dma=0&cd19=1465068310.1708941094&z=367409374

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.14 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
108 B 347ms
105ms Image
image/gif 142.250.204.4
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1708941094642&cv=11&fst=1708938000000&bg=ffffff&guid=ON&async=1&gtm=45be42l0v885828997z876619393za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&frm=0&tiba=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&npa=0&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqIzOgc783Q9x4dOv3WxZkk6x3RKzbzXNkb41HS_VmcA-W_9Jk&random=2551554649&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.4 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:35 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.au/pagead/1p-user-list/950296937/ 42 B
154 B 103ms
103ms Image
image/gif 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/pagead/1p-user-list/950296937/?random=1708941094642&cv=11&fst=1708938000000&bg=ffffff&guid=ON&async=1&gtm=45be42l0v885828997z876619393za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&frm=0&tiba=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&npa=0&fmt=3&is_vtc=1&cid=CAQSKQB7FLtqIzOgc783Q9x4dOv3WxZkk6x3RKzbzXNkb41HS_VmcA-W_9Jk&random=2551554649&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f35.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/ Frame A3FE
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=169250&conversionId=9734538&fmt=gif
https://px.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fpid%3D169250%26conversionId%3D9734538%26fmt%3Dgif%26cookiesTest%3Dtrue%26liSync%3Dtrue
https://px.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&cookiesTest=true&liSync=true

43 B
250 B

189ms
189ms

Image
image/gif

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&cookiesTest=true&liSync=true
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184?
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 831BEAE6BAD74469BF1EF09636F36A5F Ref B: SYD03EDGE2109 Ref C: 2024-02-26T09:51:35Z
linkedin-action: 1
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
content-type: image/gif
x-li-proto: http/2
content-length: 65
x-li-uuid: AAYSRdrzmiyxOIIaPwyejg==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Mon, 26 Feb 2024 09:51:35 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYSRdrwmU/j+7r1Du97yw==
pragma: no-cache
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CC3ED07FBF1E4D02B74EA77CCC287549 Ref B: SYD03EDGE2109 Ref C: 2024-02-26T09:51:35Z
x-frame-options: sameorigin
x-li-fabric: prod-ltx1
location: https://px.ads.linkedin.com/collect?pid=169250&conversionId=9734538&fmt=gif&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 img
pixel.mathtag.com/event/ Frame A3FE 0
302 B 509ms
200ms Image
image/gif 151.101.1.91
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1442966&mt_adid=226348&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=&ord=1477481491
Requested by: Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: MT3 1487 7fd7a36 master ord ord-pixel-x56 config_version:"2817" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-cache-hits: 0
date: Mon, 26 Feb 2024 09:51:35 GMT
via: 1.1 varnish
expires: Mon, 26 Feb 2024 09:51:34 GMT
server: MT3 1487 7fd7a36 master ord ord-pixel-x56 config_version:"2817"
age: 0
x-timer: S1708941095.190973,VS0,VE49
x-cache: MISS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-served-by: cache-bfi-krnt7300058-BFI

GET
H2 200 dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184
adservice.google.com/ddm/fls/z/ Frame A3FE 42 B
401 B 541ms
142ms Image
image/gif 142.250.204.2
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184

Requested by

Host: 4788165.fls.doubleclick.net
URL: https://4788165.fls.doubleclick.net/activityi;dc_pre=CODfidfdyIQDFfH0TAIdMWAAjg;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=2045191014704.184?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.2 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDQ3ODgxNjUKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3Byb29mcG9pbnQuY29tIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogQ09OVkVSU0lPTgpkZWJ1Z19r...
ad.doubleclick.net/ddm/activity/ Frame A3FE 0
2 KB 239ms
139ms Image
image/png 142.250.66.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDQ3ODgxNjUKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3Byb29mcG9pbnQuY29tIgp4ZmFfYXR0cmlidXRpb25faW50ZXJhY3Rpb25fdHlwZTogQ09OVkVSU0lPTgpkZWJ1Z19rZXk6IDE1NTczODk4OTQzODAxNDAxOTM4CmN0Y19jb252ZXJzaW9uX2J1Y2tldDogNwphcmNoZXR5cGVfaWQ6IDEKYXJjaGV0eXBlX2lkOiAzCmFyY2hldHlwZV9pZDogNAphcmNoZXR5cGVfaWQ6IDUKYXJjaGV0eXBlX2lkOiA2CmFyY2hldHlwZV9pZDogNwphcmNoZXR5cGVfaWQ6IDgKYXJjaGV0eXBlX2lkOiA5CmFyY2hldHlwZV9pZDogMTAKYXJjaGV0eXBlX2lkOiAxMQphcmNoZXR5cGVfaWQ6IDEyCmFyY2hldHlwZV9pZDogMTMKYXJjaGV0eXBlX2lkOiAxNAphcmNoZXR5cGVfaWQ6IDE1CmFyY2hldHlwZV9pZDogMTYKYXJjaGV0eXBlX2lkOiAxNwphcmNoZXR5cGVfaWQ6IDE4CmFyY2hldHlwZV9pZDogMTkKYXJjaGV0eXBlX2lkOiAyMAphcmNoZXR5cGVfaWQ6IDIxCmNvbnZlcnNpb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IENPTlZFUlNJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQUNUSVZJVFlfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDg4ODgwNTUKICB9Cn0KY29udmVyc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogQ09OVkVSU0lPTl9ESU1FTlNJT05fQ09OVkVSU0lPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMDItMjYiCiAgfQp9CmJyb3dzZXJfYXR0cmlidXRpb25fYXBpX3JlcXVlc3RfcHJvY2Vzc2luZ19iaXRzOiA1NzA0MjUzNDQKZ2NsaWQ6ICIiCnRyaWdnZXJfZGVkdXBsaWNhdGlvbl9rZXk6IDU2MDQ4MDk4ODg1OTM2OTQxODcK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.66.198 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s23-in-f6.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://4788165.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:34 GMT
attribution-reporting-register-trigger: {"aggregatable_deduplication_keys":[{"deduplication_key":"5604809888593694187"}],"aggregatable_trigger_data":[{"filters":{"14":["8888055"]},"key_piece":"0xd94bf6abb2dc9d9d","source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"key_piece":"0x8ee365edd594ce33","not_filters":{"14":["8888055"]},"source_keys":["1","3","4","5","6","7","8","9","10","11"]},{"filters":{"14":["8888055"]},"key_piece":"0x21cd28e64103518e","source_keys":["12","13","14","15","16","17","18","19","20","21"]},{"key_piece":"0x7d5c3900086ec21a","not_filters":{"14":["8888055"]},"source_keys":["12","13","14","15","16","17","18","19","20","21"]}],"aggregatable_values":{"1":327,"10":327,"11":5570,"12":65,"13":65,"14":65,"15":6356,"16":65,"17":65,"18":6356,"19":65,"20":65,"21":6356,"3":327,"4":327,"5":5570,"6":327,"7":327,"8":5570,"9":327},"debug_key":"15573898943801401938","debug_reporting":true,"event_trigger_data":[{"deduplication_key":"5604809888593694187","filters":{"14":["8888055"],"source_type":["event"]},"priority":"10","trigger_data":"1"},{"deduplication_key":"5604809888593694187","filters":{"14":["8888055"],"source_type":["navigation"]},"priority":"10","trigger_data":"6"},{"deduplication_key":"5604809888593694187","filters":{"source_type":["event"]},"priority":"0","trigger_data":"0"},{"deduplication_key":"5604809888593694187","filters":{"source_type":["navigation"]},"priority":"0","trigger_data":"7"}],"filters":{"8":["4788165"]}}
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: image/png
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 17087961.js Show response
bat.bing.com/p/action/ 0
117 B 120ms
119ms Script
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17087961.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 26 Feb 2024 09:51:34 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9455AFCB97224BD3811E2189CE30E06F Ref B: SYD03EDGE1919 Ref C: 2024-02-26T09:51:34Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
360 B 161ms
161ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17087961&tm=gtm002&Ver=2&mid=891ce689-df07-4988-81d2-7c261f96ba42&sid=a0808490d48c11eeb2d13bf7e7ed71e5&vid=a080ca40d48c11eeba7b3dec60a77a8a&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&r=&lt=1726&evt=pageLoad&sv=1&rn=785293

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 26 Feb 2024 09:51:34 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 10A120635E7C439D990B0DE6AE3393AD Ref B: SYD03EDGE1919 Ref C: 2024-02-26T09:51:34Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 8 B
155 B 96ms
95ms XHR
text/plain 64.233.170.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2257074-1&cid=1465068310.1708941094&jid=1522579256&gjid=1587998071&_gid=2110253003.1708941095&_u=YADAAEAAAAAAACAEK~&z=1748391640

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.170.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sg-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

7817ee889e9c73351b96c97c740c9dd746ba87ebd6c6fcab3cd77cd021920ce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 26 Feb 2024 09:51:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 314ms
104ms Image
image/gif 142.250.204.4
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2257074-1&cid=1465068310.1708941094&jid=1522579256&_u=YADAAEAAAAAAACAEK~&z=2041674141

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.4 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com.au/ads/ 42 B
107 B 102ms
102ms Image
image/gif 172.217.24.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.au/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2257074-1&cid=1465068310.1708941094&jid=1522579256&_u=YADAAEAAAAAAACAEK~&z=2041674141

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.24.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

hkg07s23-in-f35.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 143852102935619 Show response
connect.facebook.net/signals/config/ 62 KB
13 KB 231ms
231ms Script
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/143852102935619?v=2.9.147&r=stable&domain=www.proofpoint.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

037bd3254471a8df28fa54512d91bc91c42f382511446c26e52d22017598796e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 26 Feb 2024 09:51:35 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: rPRZ8rg7SzkgYuBJVwIGaKVG6/SbX/5TVxJxXBWdF2SnitLW9nvtGo4KqF0Wl02Oe3RVD5vYl0DJu8vZjN+AZw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 XDFrame Show response
app-abj.marketo.com/index.php/form/ Frame 9D1C 2 KB
883 B 864ms
864ms Document
text/html 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/index.php/form/XDFrame

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 85b74a54fc5ba898-SYD
content-encoding: gzip
content-length: 650
content-type: text/html; charset=utf-8
date: Mon, 26 Feb 2024 09:51:36 GMT
server: cloudflare
strict-transport-security: max-age=63113904
vary: Accept-Encoding
x-content-type-options: nosniff

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 220ms
207ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1708941095210&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.proofpoint.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 26 Feb 2024 09:51:35 GMT
expires: Mon, 26 Feb 2024 09:51:35 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ABPtcPoj_aL0OhzIRbIDVRQbjdjw_1NPAtdcz_6XD08UbPImQ8jaieO_aDCfgaMSoMxL7lnqCBDOYjX3SA

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
442 B 215ms
214ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1268939&r=1708941095210&ref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1268939
Referer: https://www.proofpoint.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPrFzwmFLU7o3UdaL64iXXKuhNK2EkTKsp5AdajIh29e2NBJv6YSTpBPeCLkHhbFEVcWDTw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Mon, 26 Feb 2024 10:51:35 GMT

GET
H/1.1 200
OK t_.htm Show response
t.sharethis.com/a/ Frame 2F2A 2 KB
1 KB 16ms
15ms Document
text/html 23.47.73.159
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sharethis.com/a/t_.htm?ver=1.1280.23384&cid=c010&cls=B

Requested by

Host: t.sharethis.com
URL: https://t.sharethis.com/1/k/t.dhj?cid=c010&cls=B&dmn=www.proofpoint.com&rnd=1708941094752

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.159 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-159.deploy.static.akamaitechnologies.com

Software

Resource Hash

ec73870a124df2d105249652c84da8f949bf73bcd5ca8ad6deca84b4fbd2e9d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000 ; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

Cache-Control: max-age=604800
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1160
Content-Type: text/html
Date: Mon, 26 Feb 2024 09:51:35 GMT
Expires: Mon, 04 Mar 2024 09:51:35 GMT
Strict-Transport-Security: max-age=2628000 ; includeSubDomains
X-Robots-Tag: noindex, nofollow

GET
H/1.1 200
OK t_.js Show response
t.sharethis.com/1.1280.23384/a/AU/ Frame 3245 24 KB
10 KB 17ms
17ms Script
text/javascript 23.47.73.159
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://t.sharethis.com/1.1280.23384/a/AU/t_.js?cid=c010&cls=B

Requested by

Host: t.sharethis.com
URL: https://t.sharethis.com/a/t_.htm?ver=1.1280.23384&cid=c010&cls=B

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.159 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-159.deploy.static.akamaitechnologies.com

Software

Resource Hash

83e4d17b79920091301961db060dbe040501d7703672bbe9162c891fe4579756

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000 ; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://t.sharethis.com/a/t_.htm?ver=1.1280.23384&cid=c010&cls=B
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:35 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=2628000 ; includeSubDomains
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Content-Length: 9412
Expires: Mon, 04 Mar 2024 09:51:35 GMT

GET
H/1.1

200
OK

nlsn
sync.sharethis.com/ Frame 3245
Redirect Chain

https://loadus.exelator.com/load/?p=847&g=001&j=0&gdpr=0&gdpr_consent=
https://loadus.exelator.com/load/?p=847&g=001&j=0&gdpr=0&gdpr_consent=&xl8blockcheck=1
https://sync.sharethis.com/nlsn?uid=cc81a4a87c3d5418019e2784ef560242

42 B
297 B

145ms
145ms

Image
image/gif

52.52.86.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.sharethis.com/nlsn?uid=cc81a4a87c3d5418019e2784ef560242

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Server

52.52.86.48 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-86-48.us-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://t.sharethis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:36 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
Stid: ZHwAA2XcXyYAAAAIflmwAw==
X-Robots-Tag: noindex, nofollow
Content-Length: 42
Content-Type: image/gif

Redirect headers

date: Mon, 26 Feb 2024 09:51:36 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://sync.sharethis.com/nlsn?uid=cc81a4a87c3d5418019e2784ef560242
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

lotame
sync.sharethis.com/int/ Frame 3245
Redirect Chain

https://bcp.crwdcntrl.net/5/c=9084/tp=SARE/tpid=ZHwAA2XcXyYAAAAIflmwAw%3D%3D&gdpr=0&gdpr_consent=?https%3A%2F%2Fsync.sharethis.com%2Fint%2Flotame%3Fuid%3D%24%7Bprofile_id%7D%26gdpr%3D0%26gdpr_conse...
https://bcp.crwdcntrl.net/5/ct=y/c=9084/tp=SARE/tpid=ZHwAA2XcXyYAAAAIflmwAw%3D%3D&gdpr=0&gdpr_consent=?https%3A%2F%2Fsync.sharethis.com%2Fint%2Flotame%3Fuid%3D%24%7Bprofile_id%7D%26gdpr%3D0%26gdpr_...
https://sync.sharethis.com/int/lotame?uid=e4b16b025a2e6374be23d1b3c2ba16bb&gdpr=0&gdpr_consent=

42 B
297 B

326ms
143ms

Image
image/gif

52.52.86.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.sharethis.com/int/lotame?uid=e4b16b025a2e6374be23d1b3c2ba16bb&gdpr=0&gdpr_consent=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Server

52.52.86.48 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-86-48.us-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://t.sharethis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:35 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
Stid: ZHwAA2XcXyYAAAAIflmwAw==
X-Robots-Tag: noindex, nofollow
Content-Length: 42
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:35 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.sharethis.com/int/lotame?uid=e4b16b025a2e6374be23d1b3c2ba16bb&gdpr=0&gdpr_consent=
cache-control: no-cache
x-server: 10.42.1.162
content-length: 0
expires: 0

GET
H/1.1

200
OK

ttd
sync.sharethis.com/ Frame 3245
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=1h1y1a7&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=1h1y1a7&ttd_tpi=1&gdpr=0&gdpr_consent=
https://sync.sharethis.com/ttd?uid=e09e3320-5d5d-492c-b27e-8a4cfb311424&gdpr=0&gdpr_consent=

42 B
297 B

580ms
144ms

Image
image/gif

52.52.86.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.sharethis.com/ttd?uid=e09e3320-5d5d-492c-b27e-8a4cfb311424&gdpr=0&gdpr_consent=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Server

52.52.86.48 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-86-48.us-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://t.sharethis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:35 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
Stid: ZHwAA2XcXyYAAAAIflmwAw==
X-Robots-Tag: noindex, nofollow
Content-Length: 42
Content-Type: image/gif

Redirect headers

location: https://sync.sharethis.com/ttd?uid=e09e3320-5d5d-492c-b27e-8a4cfb311424&gdpr=0&gdpr_consent=
date: Mon, 26 Feb 2024 09:51:35 GMT
server: Kestrel
content-length: 215

GET
H/1.1

200
OK

eyeota
sync.sharethis.com/ Frame 3245
Redirect Chain

https://ps.eyeota.net/pixel?pid=1mpb5m0&t=gif&gdpr=0&gdpr_consent=
https://ps.eyeota.net/pixel/bounce/?pid=1mpb5m0&t=gif&gdpr=0&gdpr_consent=
https://sync.sharethis.com/eyeota?uid=2hU3RnSM7FRpYarWzBg3tSqpZtRX_GULAqzPhhUGKhQ8&gdpr=0&gdpr_consent=

42 B
297 B

580ms
144ms

Image
image/gif

52.52.86.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.sharethis.com/eyeota?uid=2hU3RnSM7FRpYarWzBg3tSqpZtRX_GULAqzPhhUGKhQ8&gdpr=0&gdpr_consent=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Server

52.52.86.48 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-86-48.us-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://t.sharethis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:35 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
Stid: ZHwAA2XcXyYAAAAIflmwAw==
X-Robots-Tag: noindex, nofollow
Content-Length: 42
Content-Type: image/gif

Redirect headers

Location: https://sync.sharethis.com/eyeota?uid=2hU3RnSM7FRpYarWzBg3tSqpZtRX_GULAqzPhhUGKhQ8&gdpr=0&gdpr_consent=
Date: Mon, 26 Feb 2024 09:51:35 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2

200

csync.ashx
ml314.com/ Frame 3245
Redirect Chain

https://ml314.com/utsync.ashx?eid=50131&et=13&cid=lr&fp=ZHwAA2XcXyYAAAAIflmwAw%3D%3D&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fidsync.rlcdn.com%2F395886.gif%3Fpartner_uid%3D%5BPersonID%5D
https://idsync.rlcdn.com/395886.gif?partner_uid=3642340222842699791
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0MjM0MDIyMjg0MjY5OTc5MRAAGg0Ip77xrgYSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=9a377d6657df69015f83ac9d05c2fafeea0d0c8ce6d1b603f460ffba6a48ed2bf4cb09cee1a4f8eb&person_id=3642340222842699791&eid=50082

43 B
124 B

32ms
31ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=9a377d6657df69015f83ac9d05c2fafeea0d0c8ce6d1b603f460ffba6a48ed2bf4cb09cee1a4f8eb&person_id=3642340222842699791&eid=50082
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Protocol: H2
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://t.sharethis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

expires: Tue, 27 Feb 2024 09:51:35 GMT
date: Mon, 26 Feb 2024 09:51:35 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

Redirect headers

date: Mon, 26 Feb 2024 09:51:35 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=9a377d6657df69015f83ac9d05c2fafeea0d0c8ce6d1b603f460ffba6a48ed2bf4cb09cee1a4f8eb&person_id=3642340222842699791&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1

200
OK

yahoo
sync.sharethis.com/ Frame 3245
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=SHARE&gdpr=0&euconsent=
https://ups.analytics.yahoo.com/ups/58724/cms?partner_id=SHARE&gdpr=0&euconsent=
https://sync.sharethis.com/yahoo?uid=y-xVbLVxhE2oP2uFBrhnU9qil.zKuDk4k9QVg-~A&gdpr=0

42 B
297 B

281ms
144ms

Image
image/gif

52.52.86.48
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.sharethis.com/yahoo?uid=y-xVbLVxhE2oP2uFBrhnU9qil.zKuDk4k9QVg-~A&gdpr=0

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

HTTP/1.1

Server

52.52.86.48 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-86-48.us-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://t.sharethis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date: Mon, 26 Feb 2024 09:51:35 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Connection: keep-alive
Stid: ZHwAA2XcXyYAAAAIflmwAw==
X-Robots-Tag: noindex, nofollow
Content-Length: 42
Content-Type: image/gif

Redirect headers

location: https://sync.sharethis.com/yahoo?uid=y-xVbLVxhE2oP2uFBrhnU9qil.zKuDk4k9QVg-~A&gdpr=0
date: Mon, 26 Feb 2024 09:51:35 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 collect
www.google-analytics.com/ 35 B
131 B 2ms
2ms Image
image/gif 142.250.204.14
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1065740990&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&ul=en-us&de=UTF-8&dt=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=aADAAEABAAAAACAEK~&jid=&gjid=&cid=1465068310.1708941094&tid=UA-2257074-1&_gid=2110253003.1708941095&gtm=45He42l0n81MGR7P8Xv76619393za200&gcd=13l3l3l3l1&dma=0&cd19=1465068310.1708941094&cd2=&cd3=&cd5=&cd6=&cd10=Sydney&cd11=New%20South%20Wales&cd12=Australia&cd17=&z=1279246826

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.14 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 07:52:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 7146
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 98ms
98ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je42l0v890103917z876619393za220&_p=1708941093465&gcd=13l3l3l3l1&npa=0&dma=0&cid=1465068310.1708941094&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAC&_s=2&sid=1708941094&sct=1&seg=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&dt=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&en=page_view&_et=179&tfd=2753
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
744 B 317ms
2ms Image
image/svg+xml 18.67.111.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/facebook.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.111.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-111-16.syd62.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 22:54:08 GMT
via: 1.1 7bbccbab99aa927533c5da8ccfb22e02.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD62-P2
age: 1076248
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 301
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
etag: "c6e9be45643e197ce1db1d7e24a99adc"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
x-amz-cf-id: zoBUA6lmhV6jwyO039VPwP9Z7zZZFhOr4nK8cruIiPm352q6zVHHGw==

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 368 B
776 B 108ms
3ms Image
image/svg+xml 18.67.111.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/twitter.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.111.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-111-16.syd62.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

76ffdc5337cd5a509f15d70767b85a793aead82975d0d86912e1607e963c9aed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:47:05 GMT
via: 1.1 7bbccbab99aa927533c5da8ccfb22e02.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 15 Sep 2023 16:58:49 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P2
age: 270
x-amz-server-side-encryption: AES256
etag: "2deb3d5121d475d195577a70b0a91a0c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 368
x-amz-cf-id: Pkjx5zPKx_Ra_K73bpkRFcl8oOFnplVfNkrluCc17D5_etUttoKtAQ==

GET
H2 200 linkedin.svg
platform-cdn.sharethis.com/img/ 456 B
881 B 107ms
4ms Image
image/svg+xml 18.67.111.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/linkedin.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.111.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-111-16.syd62.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

cb8c2b19fd9b56c41db14bd71b5c0616c1ba4e99b08c8e75084cf695f74b7120

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 17:51:04 GMT
via: 1.1 7bbccbab99aa927533c5da8ccfb22e02.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P2
age: 1094432
etag: "fa43b4ede18498b114fc7185993f6da7"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 456
x-amz-cf-id: RXxt_PdzO5G7k5eKnHQNfxVzNwJBoBzdjAyEtb5QQ5Ht4aTSBznYyw==

GET
H2 200 email.svg
platform-cdn.sharethis.com/img/ 343 B
786 B 97ms
3ms Image
image/svg+xml 18.67.111.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/email.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.67.111.16 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-67-111-16.syd62.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 29 Jan 2024 20:57:22 GMT
via: 1.1 7bbccbab99aa927533c5da8ccfb22e02.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD62-P2
age: 2379254
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 343
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
etag: "5977437466e857c7ddcadda6f6d88c2a"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
x-amz-cf-id: JBHRFFp3-5AFngkqT8i9wqJI37BImoFrYH2RdfywG_u4ZNZDngzkAQ==

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 315ms
2ms Image
text/plain 157.240.8.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=143852102935619&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&rl=&if=false&ts=1708941095404&sw=1600&sh=1200&v=2.9.147&r=stable&ec=0&o=4126&fbp=fb.1.1708941095401.1974131476&cs_est=true&ler=empty&cdl=API_unavailable&it=1708941095155&coo=false&exp=e1&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.8.35 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-syd2.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 26 Feb 2024 09:51:35 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 466ms
466ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=3df9dd2c-4ad2-45b1-8b17-379eb0749e9f&session=6bb35ac4-221a-4409-81ac-2462353443e9&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A34%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26amp%3B%20Beyond%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&pageViewId=5abc7860-2a93-4f45-8268-525ea68c7d37&v=1.1.15

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
BLOB 200
OK 8fc4d73c-91ea-4f0d-be40-60c0787f8442
https://www.proofpoint.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.proofpoint.com/8fc4d73c-91ea-4f0d-be40-60c0787f8442
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 193ms
192ms Stylesheet
text/css 54.204.62.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.62.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-204-62-38.compute-1.amazonaws.com
Software: /
Resource Hash: 42a3729f9abf852e767fa970a50466acbb898dba53c5aebe575fcd80124179f5

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 26 Feb 2024 09:51:35 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 577ms
193ms Fetch
image/jpeg 54.204.62.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.62.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-204-62-38.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 26 Feb 2024 09:51:36 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 forms2.min.js Show response
app-abj.marketo.com/js/forms2/js/ Frame 9D1C 199 KB
66 KB 18ms
17ms Script
application/x-javascript 104.16.95.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-abj.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: app-abj.marketo.com
URL: https://app-abj.marketo.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.95.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://app-abj.marketo.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
age: 4092
etag: "2011e9-31ad2-60e27d4627680"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 85b74a5a782ba898-SYD
expires: Mon, 26 Feb 2024 13:51:36 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 185 B
381 B 193ms
193ms XHR
text/plain 54.204.62.38
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=dG-GbvdPxi8YOQyjVLjRlg&is_js=true&landing_url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&t=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&tip=zcR6qFQQ1ORoE4a7HbIzaBEPX5epjIvTZXXTVUyeW3A&host=https%3A%2F%2Fwww.proofpoint.com&sa-user-id-v3=s%253AAQAKINvQVxW7yYhKIdFylJQUX6vfXH9NOFijMF2WsFBH8KDKEHwYBCCnvvGuBjABOgRUSQl9QgSsr03n.DfNkSdiFcMeqA%252BcGtsOrXjuDfDowqlaxWWNBqsxQ9Jw&sa-user-id-v2=s%253Aixp5FsgBUsNLlU0cTOLBBkLLcKA.7cHJSn0tg3AzPkXx4rTzF6kZsiLHq5U5k%252FvtJUaqeeU&sa-user-id=s%253A0-8b1a7916-c801-52c3-4b95-4d1c4ce2c106.MeXpcAJnHY9SzvJ3rNSUD9ocND1L2qdav8YOhwzWEWw
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.62.38 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-204-62-38.compute-1.amazonaws.com
Software: /
Resource Hash: 00a028b6540a3f5309fccc8c5c6d5d5e1da884807e21931d907f29f7247ea734

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-origin: https://www.proofpoint.com
date: Mon, 26 Feb 2024 09:51:36 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 185
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 438ms
438ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=3df9dd2c-4ad2-45b1-8b17-379eb0749e9f&session=6bb35ac4-221a-4409-81ac-2462353443e9&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A35%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26amp%3B%20Beyond%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&pageViewId=5abc7860-2a93-4f45-8268-525ea68c7d37&v=1.1.15

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 core Show response
js.driftt.com/ Frame C918 2 KB
1 KB 217ms
216ms Document
text/html 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1708941300000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8912e42fc410c1e5bb6e04f4e0a8f1866487446cf71653c511dab44ab077214a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 26 Feb 2024 09:51:37 GMT
etag: W/"482adde291895ad7be66f439d8f9a745"
last-modified: Thu, 22 Feb 2024 22:13:15 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-id: SeoqPvts7OPtwf4ejWMtRNPugkZc6MtcksAahBQ0CyQGJaWRkQ7yRA==
x-amz-cf-pop: SYD1-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: XvT8gvzbfzrBnydNuPrvZvAmu.DXnl9L
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 11

GET
H2 200 chat Show response
js.driftt.com/core/ Frame CC4F 2 KB
1 KB 213ms
212ms Document
text/html 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1708941300000/5dfsgn7m2kst.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8912e42fc410c1e5bb6e04f4e0a8f1866487446cf71653c511dab44ab077214a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 26 Feb 2024 09:51:37 GMT
etag: W/"482adde291895ad7be66f439d8f9a745"
last-modified: Thu, 22 Feb 2024 22:13:15 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-id: PiTFgxs_vLzKMenH7KZzNe4rXqdqgqJa4fDKMLht09HwpZr4B52OGg==
x-amz-cf-pop: SYD1-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: XvT8gvzbfzrBnydNuPrvZvAmu.DXnl9L
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 14

GET
H2 200 nr-rum-1.252.0.min.js Show response
js-agent.newrelic.com/ 45 KB
16 KB 462ms
151ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.252.0.min.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://www.proofpoint.com/
Origin: https://www.proofpoint.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id: MnZvesGWBG.EVnzUmRfpgushluAYDfro
content-encoding: br
via: 1.1 varnish
date: Mon, 26 Feb 2024 09:51:37 GMT
strict-transport-security: max-age=300
x-amz-request-id: SMJTAW8HT8514C3C
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15806
x-amz-id-2: eJvMZ+8OUA9UbUqdQeErbq68CYqNKzRoshi5Dj1vYck5yBKb/DrymjtSCM6V0T6nSoXwJyOZwL8=
x-served-by: cache-bfi-krnt7300054-BFI
last-modified: Tue, 13 Feb 2024 00:41:07 GMT
server: AmazonS3
x-timer: S1708941098.685490,VS0,VE0
etag: "2c25d4506676f166485b739ec4e56a2e"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 25201

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 441ms
440ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=3df9dd2c-4ad2-45b1-8b17-379eb0749e9f&session=6bb35ac4-221a-4409-81ac-2462353443e9&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A36%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26amp%3B%20Beyond%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&pageViewId=5abc7860-2a93-4f45-8268-525ea68c7d37&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:37 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 runtime~main.9529c9e3.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 6 KB
3 KB 3ms
3ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fc7d5e41bfcae13c9f8d4ceb0c50f1a19b9ca02f68334f9f864ca4f36048412f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:23 GMT
x-amz-version-id: xuGqZg35SFEHjNQJFXAlA9HwZ4._ikQ.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1438514
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 09 Feb 2024 17:52:46 GMT
server: istio-envoy
etag: W/"aa41f0c3b09fe172de965115f65bf8a2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ji_GbtKTj32j7H4yWYDSuYTmhmPvrE78umLDeLMBOluw-Hi7Rak6Rg==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 35 KB
13 KB 4ms
3ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 16:54:42 GMT
x-amz-version-id: HDcHxkf5IcGKwetkykXXAu0vS7qaFySC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1961815
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Fri, 02 Feb 2024 20:15:44 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aVvFC-arQkNdia9u5pyqOf-6Y4fgttQ09aklDdljbs6BcF76XxK4CA==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 7 KB
3 KB 4ms
4ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 17:04:25 GMT
x-amz-version-id: 0GtKQXehXpP_cde0808GwW30t_5Mwtdo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 3775632
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 11 Jan 2024 23:20:34 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ng8R0uwOb2wJA5KsebgRVM96nn_bgAIALGvX9wW8PlmKvUeNMB-9lQ==

GET
H2 200 runtime~main.9529c9e3.js Show response
js.driftt.com/core/assets/js/ Frame C918 6 KB
3 KB 3ms
3ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

fc7d5e41bfcae13c9f8d4ceb0c50f1a19b9ca02f68334f9f864ca4f36048412f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:23 GMT
x-amz-version-id: xuGqZg35SFEHjNQJFXAlA9HwZ4._ikQ.
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1438514
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 09 Feb 2024 17:52:46 GMT
server: istio-envoy
etag: W/"aa41f0c3b09fe172de965115f65bf8a2"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mWMPdJyBObjDSWqod9r664rdZNIf-S4tQ4jzCy_YSI8g6GCH1XJXdw==

GET
H2 200 9.4a3e9801.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 35 KB
13 KB 4ms
3ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.4a3e9801.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 03 Feb 2024 16:54:42 GMT
x-amz-version-id: HDcHxkf5IcGKwetkykXXAu0vS7qaFySC
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1961815
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Fri, 02 Feb 2024 20:15:44 GMT
server: istio-envoy
etag: W/"c6f58dd3d60f07462254b842dd4f9ca1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 27LtZLkIz_5-xphfyvR6SGhf69j9EVpYlZTNOnM1B0s2v1Nuv0AdNQ==

GET
H2 200 main~493df0b3.d2a43907.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 7 KB
3 KB 4ms
4ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.d2a43907.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
Origin: https://js.driftt.com
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 17:04:25 GMT
x-amz-version-id: 0GtKQXehXpP_cde0808GwW30t_5Mwtdo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 3775632
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
last-modified: Thu, 11 Jan 2024 23:20:34 GMT
server: istio-envoy
etag: W/"e094b276ad2035c3a46871991c258c2d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VHCEfQ2dm5TCX-uQIZ8OKIyEd0_oOteeo1KWX60tyeZZ5FBmEXANZg==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 23 KB
8 KB 7ms
4ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 21:21:16 GMT
x-amz-version-id: 65ii9EnlUnj1HzZRPX6CoO.BD3iy1XfV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 4969821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: SK8zufM0en4QKqtJNHGZL0nPO9BpbAQ6gttpWeaXwvIXl6P7h0uT7A==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 36 KB
10 KB 7ms
5ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 15:49:27 GMT
x-amz-version-id: o996jMEEz_i4L4KeYj87TpylOOnjK0J4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 4989730
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Z33-S2XoRlmbOhjJWspnAYtfLtHnBhrIX0G0cByJkRhVx24u5tMhyA==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 32 KB
11 KB 8ms
5ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 28 Oct 2023 13:10:00 GMT
x-amz-version-id: Ky6QIkZiBGtiJJ5ArZwKu1e32zvPbxo9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 10442497
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Oct 2023 17:57:48 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0Jx3BhAopBKIelCdfzBoU7AWsEXjHEfsaL-R9QPahy7c0tshtwUnkg==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 17 KB
6 KB 10ms
6ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 17:04:25 GMT
x-amz-version-id: DbwcQn3g_fkeD8DIIgOY5MqJQcEFzwP1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 3775631
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 Jan 2024 23:20:33 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: NAOGNSUaC43w3B61jflICb_C-PCWd9qdXHQyA2FiPL0VCekLv1MWpg==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 25 KB
8 KB 10ms
7ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:24:30 GMT
x-amz-version-id: E8Kyt0aPqa7g6nzuPdK87DcTkBe6paaX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2564827
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 26 Jan 2024 18:11:48 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WRxJwlxU6PA8wc-JbTVQ4VgoExJHnnkTFhj_pEGQXpIp6JJbGM8sxQ==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 74 KB
23 KB 10ms
8ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:09 GMT
x-amz-version-id: oIGbGg9XbONt.vr.HKXFz3lBaAwrq6ua
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742328
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 25 Jan 2024 15:45:14 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: X2hT2h2EG82k0ddxUajA6a2r5N4uuufYftsSXOR9uEH90TRVcJwG-A==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 66 KB
20 KB 11ms
8ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 19:44:49 GMT
x-amz-version-id: vWLMHlUZ2N1cEBvj7bKxL6VV2JgNhA.J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 7913208
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 21 Nov 2023 16:21:41 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: -LGwc5uDarauWhTgWH0Og877xTyTwa-Bn9PMapze1RVTpW0Mak-sqQ==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 91 KB
28 KB 14ms
11ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:24:30 GMT
x-amz-version-id: 7uu9aLsmsE12PcYigoZg20kXdULejU5Q
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2564827
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 26 Jan 2024 18:11:47 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: WCHsG4Y8DmEEOLKR3p11UR9fxY75AQf4f1YY5apgaL9F_PCgKFTWHQ==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 23 KB
7 KB 15ms
13ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 17:15:20 GMT
x-amz-version-id: cZI1cI6WRHhkzkWa3N1Jh4ekBwSSYCCx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 5330177
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BYMd1G09AUVvh22f_31lz-Cnd5nyK6mKl0UlbeqgnihXXp6pXoMoeA==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 62 KB
20 KB 16ms
14ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:24:30 GMT
x-amz-version-id: NsT9ot_uYUH1JzKQLAtG3io3Q5fLtgrd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2564827
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 26 Jan 2024 18:11:48 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mTunrjlgIYLs7SOw-7LerSBZ2AzuY9y2VkBvCSXXwRdz6-zQ4KfYBQ==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 105 KB
34 KB 17ms
15ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:09 GMT
x-amz-version-id: qFoxrPEaroxdYcrYmwJBadQLY.rPXGDo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742327
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 25 Jan 2024 15:45:15 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: OwQ774RCxXWpnie4LkCWZsNgx74Xok2zqeMB7rUWNjHGyG7WCp_XHA==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 12 KB
4 KB 18ms
16ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:09 GMT
x-amz-version-id: 6Sh5b_It8mGmTuwdZeGIb9M6jFgL8k4s
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742327
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Thu, 25 Jan 2024 15:45:15 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: QCr3sDy23EzZ3VoltYqKY74q1Lw3eBISvRjnLhLkxCf12clAJVb61A==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 13 KB
6 KB 18ms
17ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:50:15 GMT
x-amz-version-id: qJYC3VkwoiKn3pMOB54Rk.IYgMXpbMYm
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 4975282
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bvnB6bbcluXVNi9EVQrJbM06JK1F_PFAcZurlMTsiIcuPkY0xGZ-gA==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 17 KB
7 KB 19ms
17ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 17:16:43 GMT
x-amz-version-id: 9XBjxFxayKbabIF2yelSQk8jdbs.8_S0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 5330093
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wzDUPH2cQdBqg4y6DVbzd4x22BYynDXj5m1HAjwYtCG2i8mkDpv48w==

GET
H2 200 8.ab226b4a.chunk.css
js.driftt.com/core/assets/css/ Frame CC4F 31 KB
4 KB 19ms
18ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 11 Feb 2024 23:39:48 GMT
x-amz-version-id: ZqrCweV0RnU7yx8GnS7fcZU_jqiJQbYJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1246309
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 09 Feb 2024 17:52:42 GMT
server: istio-envoy
etag: W/"1e97f00f07b87f701d0bf06259f954e4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CkTNHW4DE4FhQruw2Eu6pmJwV96b2hP6ZDW0-Ma4M33oO_xyoI2_vA==

GET
H2 200 8.ce202881.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 82 KB
26 KB 20ms
19ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.ce202881.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: mQIEwfFQyClv1G1Ejf6MWBI5BBswFf_l
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2295060
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 65
last-modified: Tue, 30 Jan 2024 16:30:58 GMT
server: istio-envoy
etag: W/"182944c0e758d6ff6a202ce976d91cc6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PBhKwqJG7bIOPWrKvIs6n2lUG9eo_qWlTdqV_hNR9YW73cPAdVlMnw==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame CC4F 24 B
693 B 19ms
18ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 16:05:08 GMT
x-amz-version-id: bzasxw0o12QiOTjmKm3GfU1Jl9CaaCMb
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD1-C2
age: 2828789
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
content-length: 24
last-modified: Tue, 23 Jan 2024 17:38:17 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 21I9cDIW-rgR8Qs0N20_5j3twEfWFI2XCOAsvoHUS3OZF7u1FlNamA==

GET
H2 200 16.0a87dc8c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 93 KB
24 KB 20ms
20ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.0a87dc8c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 11 Feb 2024 23:39:48 GMT
x-amz-version-id: SrOokcQZAdNnCfVn5PzNJKSmCyvthhPL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1246309
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 40
last-modified: Fri, 09 Feb 2024 17:52:43 GMT
server: istio-envoy
etag: W/"4d556324f40b4d890d1ae22bdef7d679"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pWifw6V6ed8pNdbUwwqaLfNus4nxUT1QpOcKvV9CeiHayk6oERuuCQ==

GET
H2 200 24.7f33ec6b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 51 KB
14 KB 21ms
21ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.7f33ec6b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

50ae38488522123a40313a67234c357d2b15b74e0114a69344b4d0ec711ce4a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:24 GMT
x-amz-version-id: IJ.g6.blKin4pKm5qEbkM9S7OXyKk.QY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1438513
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 09 Feb 2024 17:52:44 GMT
server: istio-envoy
etag: W/"e79409f6e07e1acc7ff47a8873a070f5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FKw4ilbbZSQAKVRJWF3mEP-kyFC0jZCJHG-aUk2Bbl1uOUXbti9M2Q==

GET
H2 200 17.76424341.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 40 KB
13 KB 22ms
21ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.76424341.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

60942f2cf61e5111f92383919330337b1f447270fc61ef81a0d113fa599cc833

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:24 GMT
x-amz-version-id: Izaeib97V9biXJLsdd2dJ3iva_raJqvW
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1438513
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 09 Feb 2024 17:52:43 GMT
server: istio-envoy
etag: W/"b2d396c6e8a21414ed43a83422cd3e28"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wUxQvIF7qK2cTcue5nd-7XW-31CUd4jwEc_u7Ayj5MEmwAI1mS9d8Q==

GET
H2 200 51.558be3c5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 23 KB
8 KB 19ms
9ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 21:21:16 GMT
x-amz-version-id: 65ii9EnlUnj1HzZRPX6CoO.BD3iy1XfV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 4969821
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 27
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"fa281fcbe4b2e35558d60fae3e316367"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Sc5noQXdr2nisKO-bJIiZKp5SHkQ7k-0qkwpQwLXkmdDureWFgg02Q==

GET
H2 200 35.d0f1ccda.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 36 KB
10 KB 19ms
9ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/35.d0f1ccda.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 15:49:27 GMT
x-amz-version-id: o996jMEEz_i4L4KeYj87TpylOOnjK0J4
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 4989730
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 33
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"46fa5a7bc37a22544a908e4ad950309c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: v_RII8wGAJsnMv-OP4FcKsNi1gqdKPq8uVtYD-nlMVrmrq-Iin8PeA==

GET
H2 200 22.6b9a301a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 32 KB
11 KB 20ms
10ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.6b9a301a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 28 Oct 2023 13:10:00 GMT
x-amz-version-id: Ky6QIkZiBGtiJJ5ArZwKu1e32zvPbxo9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 10442497
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 27 Oct 2023 17:57:48 GMT
server: istio-envoy
etag: W/"d8739a9fe9a3a42936f5cd86c8727494"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qL0yvGlXtwsDZXF4rVKPO7kcLTUKA4M2zrlpkC88lAzsfbtBc5fv8w==

GET
H2 200 19.6f85b843.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 17 KB
6 KB 20ms
11ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.6f85b843.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 17:04:25 GMT
x-amz-version-id: DbwcQn3g_fkeD8DIIgOY5MqJQcEFzwP1
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 3775631
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Thu, 11 Jan 2024 23:20:33 GMT
server: istio-envoy
etag: W/"e28ebc3391b56e8f01ea063dc089e9d3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Xc53jZmdglef7qqPjWMcbB72Uwkl4iuNPp1eiw-XXK5gZNeg63fb8A==

GET
H2 200 41.b4fc4de2.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 25 KB
8 KB 21ms
11ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/41.b4fc4de2.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:24:30 GMT
x-amz-version-id: E8Kyt0aPqa7g6nzuPdK87DcTkBe6paaX
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2564827
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 26 Jan 2024 18:11:48 GMT
server: istio-envoy
etag: W/"a2ace4f65aa7b34dedb884f6cfe9df8d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1NqPTPyaOl5BiEovanL87OM-YHu3SVw48ZVDgiWcWuYztYQ4nG20dQ==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 74 KB
23 KB 21ms
12ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:09 GMT
x-amz-version-id: oIGbGg9XbONt.vr.HKXFz3lBaAwrq6ua
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742328
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 25 Jan 2024 15:45:14 GMT
server: istio-envoy
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wUmhb2XRXrUIpbtU-SEoH7x7XcR783frLOw2t1RCeIJXXewDfHfSLw==

GET
H2 200 26.04e7f30b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 66 KB
20 KB 22ms
12ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.04e7f30b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 19:44:49 GMT
x-amz-version-id: vWLMHlUZ2N1cEBvj7bKxL6VV2JgNhA.J
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 7913208
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 21 Nov 2023 16:21:41 GMT
server: istio-envoy
etag: W/"49ce5445ddcf5d24ef3badc4eb1a11dd"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bm09k5DA1GeRb_BJ4uxCpd2V14OfHAzb-IaGLDE6cHD7Lnv9f6wXhg==

GET
H2 200 14.e24a6190.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 91 KB
28 KB 22ms
13ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/14.e24a6190.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:24:30 GMT
x-amz-version-id: 7uu9aLsmsE12PcYigoZg20kXdULejU5Q
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2564827
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 14
last-modified: Fri, 26 Jan 2024 18:11:47 GMT
server: istio-envoy
etag: W/"16d7ae86e21434a32157d3226ac9bb77"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: MsdqIUY6EvfJqYMmhyYMgd8WgOfgCo2OOdYzKdfCrPHZ01w5BGuOLQ==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 23 KB
7 KB 23ms
14ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 17:15:20 GMT
x-amz-version-id: cZI1cI6WRHhkzkWa3N1Jh4ekBwSSYCCx
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 5330177
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Bz-iB3lYgsh-X-6TFVZKCHKJ9tKA5fJAI73bqeAOeKbYRxw2AcC13g==

GET
H2 200 18.9c1bd1fb.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 62 KB
20 KB 24ms
15ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.9c1bd1fb.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:24:30 GMT
x-amz-version-id: NsT9ot_uYUH1JzKQLAtG3io3Q5fLtgrd
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2564827
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Fri, 26 Jan 2024 18:11:48 GMT
server: istio-envoy
etag: W/"02f09379c544befa413d22eb57ed41de"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fdk4JhfBVQfDVokobkc8kNGSn_FkQtsSQikAgxW_VddHpLGmJcSFRg==

GET
H2 200 49.f7274268.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 105 KB
34 KB 24ms
15ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/49.f7274268.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:09 GMT
x-amz-version-id: qFoxrPEaroxdYcrYmwJBadQLY.rPXGDo
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742327
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Thu, 25 Jan 2024 15:45:15 GMT
server: istio-envoy
etag: W/"e268d36b98f0119a2bb1a15f69fd4ffe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dsOdlYBth2HfIVwoNFsS8d6C69YLZQfFoEr_x-Xgd64wZy-PKX2IDA==

GET
H2 200 40.31ef8dbf.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 12 KB
4 KB 23ms
16ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/40.31ef8dbf.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:09 GMT
x-amz-version-id: 6Sh5b_It8mGmTuwdZeGIb9M6jFgL8k4s
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742327
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 26
last-modified: Thu, 25 Jan 2024 15:45:15 GMT
server: istio-envoy
etag: W/"b0793fa46e8c0ae1846b7be8a833da35"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wxPLWqxgVwFVG87Fk0s_UO3PzzOP7NQkQhYogw522SEi7p_HJ1OU5A==

GET
H2 200 29.31d09948.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 13 KB
6 KB 23ms
17ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/29.31d09948.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:50:15 GMT
x-amz-version-id: qJYC3VkwoiKn3pMOB54Rk.IYgMXpbMYm
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 4975282
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 17
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"455157cb49065fb85fed54901ddaeb0e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1-8MRr-lZ9vgoRngx7_qGhJtwgHXfyYxAA940RKh45KQ882Gt8u4lQ==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 17 KB
7 KB 23ms
17ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 26 Dec 2023 17:16:43 GMT
x-amz-version-id: 9XBjxFxayKbabIF2yelSQk8jdbs.8_S0
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 5330093
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Tue, 19 Dec 2023 18:34:37 GMT
server: istio-envoy
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dgcI3rmzty8d3w0lrIDEBcX5Vqh7le8kPXBrmfa9zxkOPyRec3o9YQ==

GET
H2 200 8.ab226b4a.chunk.css
js.driftt.com/core/assets/css/ Frame C918 31 KB
4 KB 13ms
7ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/8.ab226b4a.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 11 Feb 2024 23:39:48 GMT
x-amz-version-id: ZqrCweV0RnU7yx8GnS7fcZU_jqiJQbYJ
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1246309
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 09 Feb 2024 17:52:42 GMT
server: istio-envoy
etag: W/"1e97f00f07b87f701d0bf06259f954e4"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dVskvJSf1H0Rin28tT4dLCAuFGl37gJvfYPW3eT2kVt7gYDulpUgsA==

GET
H2 200 8.ce202881.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 82 KB
26 KB 23ms
18ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.ce202881.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:37 GMT
x-amz-version-id: mQIEwfFQyClv1G1Ejf6MWBI5BBswFf_l
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2295060
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 65
last-modified: Tue, 30 Jan 2024 16:30:58 GMT
server: istio-envoy
etag: W/"182944c0e758d6ff6a202ce976d91cc6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 2V2QSzi9Egb6ldACDGGc7eaSDnVJ5JYiZfQ-KazWBa7GFQp5257vsA==

GET
H2 200 16.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame C918 24 B
694 B 14ms
8ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/16.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Wed, 24 Jan 2024 16:05:08 GMT
x-amz-version-id: bzasxw0o12QiOTjmKm3GfU1Jl9CaaCMb
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD1-C2
age: 2828789
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 21
content-length: 24
last-modified: Tue, 23 Jan 2024 17:38:17 GMT
server: istio-envoy
etag: "0c5dad92482d9a7c7c253510f5082465"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: P5gaKKjLgx9iXSOPP_N2K1nKzkNx2vBfBI2NOUfHx8ftbad_4LB7_g==

GET
H2 200 16.0a87dc8c.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 93 KB
24 KB 24ms
18ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.0a87dc8c.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 11 Feb 2024 23:39:48 GMT
x-amz-version-id: SrOokcQZAdNnCfVn5PzNJKSmCyvthhPL
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1246309
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 40
last-modified: Fri, 09 Feb 2024 17:52:43 GMT
server: istio-envoy
etag: W/"4d556324f40b4d890d1ae22bdef7d679"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kyG7BCVyXCZce-SnCupZ-uoyQzd0O1GC23yR6YNDLXdk4qPAAxkUyA==

GET
H2 200 24.7f33ec6b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 51 KB
14 KB 24ms
19ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.7f33ec6b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

50ae38488522123a40313a67234c357d2b15b74e0114a69344b4d0ec711ce4a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:24 GMT
x-amz-version-id: IJ.g6.blKin4pKm5qEbkM9S7OXyKk.QY
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1438513
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 09 Feb 2024 17:52:44 GMT
server: istio-envoy
etag: W/"e79409f6e07e1acc7ff47a8873a070f5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Fuu-I-M6C0XEQVSdUGUhG232C86Mz8Us16j12a2pTjYDOhRwYvVj6A==

GET
H2 200 17.76424341.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 40 KB
13 KB 25ms
18ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.76424341.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

60942f2cf61e5111f92383919330337b1f447270fc61ef81a0d113fa599cc833

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:24 GMT
x-amz-version-id: Izaeib97V9biXJLsdd2dJ3iva_raJqvW
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1438513
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Fri, 09 Feb 2024 17:52:43 GMT
server: istio-envoy
etag: W/"b2d396c6e8a21414ed43a83422cd3e28"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8ESeF7EjFXyvewPHZeLk2mhPfBwtTa51Ro2YTzTbNQ5jgj7yc69iiA==

GET
H2 200 37.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame CC4F 3 KB
1 KB 3ms
2ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/37.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:11 GMT
x-amz-version-id: ftYqUvTj.PUGPscYFycQV7E5dFmTti.S
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 25 Jan 2024 15:45:12 GMT
server: istio-envoy
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1nAoqQ1cHXbAvN7zbCQM4_yhm00bgTS85_t_qLAptdgN5JXUHxMWjw==

GET
H2 200 37.fba521ea.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 3 KB
2 KB 4ms
3ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.fba521ea.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b1700a9f05644621ffe3a13f59d5258261f170718eb8a6076e5fc55cd918afc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:16:52 GMT
x-amz-version-id: xjtqmvmGCF_5aoLvs301rH4qtFtIOHxH
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 4977285
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 41
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: W/"deb91ed165197613da3fac3d4f67edf9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: EVONk3pevqRb81oT5Ku2A43PMv7cVZSzqI30Jx06SsjxTM9YpKM4bQ==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 9 KB
3 KB 5ms
4ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:11 GMT
x-amz-version-id: RxTHaCa46at4aE_c3OtihYNrMXpjzFNh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 25 Jan 2024 15:45:13 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PhTvF8T5UB76ToUGdiOCZ0HAWfMpJiEqZQgXoEU2CfYKY8O5Z3chtQ==

GET
H2 200 27.01c2bea5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 35 KB
10 KB 5ms
4ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.01c2bea5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:24:31 GMT
x-amz-version-id: 70xCSkbb2Tg6NwkgD58R3pHWzZOHtG9s
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2564826
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
last-modified: Fri, 26 Jan 2024 18:11:48 GMT
server: istio-envoy
etag: W/"04a233a42dcf8c50a83bfecea8ba552d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: hjpoPF4ZK2YCjV6KU2khE2qCJBg6ry3JDY8FzbyszJGIh2pKUdp86w==

GET
H2 200 28.b5e8f5e1.chunk.css
js.driftt.com/core/assets/css/ Frame C918 8 KB
2 KB 4ms
3ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/28.b5e8f5e1.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:11 GMT
x-amz-version-id: __lcFfiEZy3eNnsl8xraId8TtKxwVJHe
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 20
last-modified: Thu, 25 Jan 2024 15:45:12 GMT
server: istio-envoy
etag: W/"e7107bc29ccb3c6d928f0f8f10a0f22d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VkAICcpnhuDKawnQUEUEPUwtPOPYXj9jC38e5sngQGhRYf4IYWPTcA==

GET
H2 200 28.07e1b068.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 15 KB
6 KB 6ms
5ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.07e1b068.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

7d78bcb45e61155283355f98b205d9dc7b416aef6cfd5ae58c76d7633941a52b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:38 GMT
x-amz-version-id: n2Ilv3EJ7xNfD3rdnMTYy30EaO4FuNsw
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2295059
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 22
last-modified: Tue, 30 Jan 2024 16:30:57 GMT
server: istio-envoy
etag: W/"c5f153de3aa4a7014a810aa46b771779"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: TvG2bNgKQ3vJJWM4LZt_ZROPbrfyaIrwJjb4wVD5_JfSsJUd9geVvw==

GET
H2 200 25.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame C918 365 B
1 KB 5ms
5ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/25.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 23:49:13 GMT
x-amz-version-id: rajTxTkIhKh9X22Hd040.Q95o21j02OQ
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD1-C2
age: 3751344
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
content-length: 365
last-modified: Thu, 11 Jan 2024 23:20:31 GMT
server: istio-envoy
etag: "06b2963b029c0824382815165bfea73e"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DibYUG0fporD4iKXX3X0raFFcLSo3Aeq6NjZ48g1tA4v0XGkSV5POw==

GET
H2 200 25.67862572.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 92 KB
25 KB 6ms
6ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.67862572.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

8afb6c394c753852596c484e8e09d9e3a3fdcaffbcfd8855e0ff97710f98e41d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Fri, 09 Feb 2024 18:16:25 GMT
x-amz-version-id: J49giViUzvRADF2BchKYayHGhbCr__Nk
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1438512
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 99
last-modified: Fri, 09 Feb 2024 17:52:44 GMT
server: istio-envoy
etag: W/"8d997df2511297b8e457c84407a52fbe"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _L93vAQT1vnFS3pXEW13NiV9E3tRlsi9i2tHXKqmSic5_vP8yXGbQQ==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 9 KB
3 KB 6ms
5ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:11 GMT
x-amz-version-id: RxTHaCa46at4aE_c3OtihYNrMXpjzFNh
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 25 Jan 2024 15:45:13 GMT
server: istio-envoy
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: w_Z36GNQ-tTr3kTeqGgry48JkPEXwzucoIlSkHlfs3wDRUgB9cRSnA==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame CC4F 7 KB
2 KB 5ms
4ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 13 Jan 2024 23:49:13 GMT
x-amz-version-id: zu2mnxCFDLXZ8o0KyAMux5xoMxb4Re_9
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 3751344
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Thu, 11 Jan 2024 23:20:31 GMT
server: istio-envoy
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 8dxolyp9RbFi9EsI9UXk1XaKcBTt4EyBg_Y74pu10YFcbBLe-3zShQ==

GET
H2 200 3.f50b964b.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 54 KB
15 KB 7ms
1ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.f50b964b.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:11 GMT
x-amz-version-id: TMTFpYa7BSmcL6VAkCFAa5vzvt0V9SOS
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Thu, 25 Jan 2024 15:45:15 GMT
server: istio-envoy
etag: W/"1ac37bf2b93050f29058b66a9ad43e10"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: koOz79gpAnNn-zWlBJO6en9OI_0avXKO6wDN4rhFQf1jm3ug2LvRAg==

GET
H2 200 1.12ba17b6.chunk.css
js.driftt.com/core/assets/css/ Frame CC4F 44 KB
7 KB 5ms
0ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.12ba17b6.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 27 Jan 2024 17:24:31 GMT
x-amz-version-id: CqQB6ltgGpf8m.Vr6fScL3RjSpFqRtcA
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2564826
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 16
last-modified: Fri, 26 Jan 2024 18:11:46 GMT
server: istio-envoy
etag: W/"3b8ba82e1bac13ee29e9764a55620d99"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HixGk_JuYtzbf_qYiC30_21QyT9Fh2GRALZqy1unKsmk-Ueq4iHESA==

GET
H2 200 1.30d23e08.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 54 KB
17 KB 10ms
3ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.30d23e08.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

ebc6864388422f0526dd1be3d78d40f17410bbdaa50809606a7f017c4d347345

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 11 Feb 2024 23:39:49 GMT
x-amz-version-id: kJjpXaU0DvCwVfr3xvzsSJwk3b2WS8YN
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1246308
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 40
last-modified: Fri, 09 Feb 2024 17:52:43 GMT
server: istio-envoy
etag: W/"e66872f1c9a70f62c1283ed6349dfc0c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ahMdR4aRjLe7-DOIo55hrtOW1laBmJJxYQuC8pDG-13ZJV2iU66NPA==

GET
H2 200 4.c6304c2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 23 KB
10 KB 10ms
4ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/4.c6304c2e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a55619fd27a0e1c6c940e668707a13ea02bc52953106260a570c28e5a300c070

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Thu, 25 Jan 2024 16:06:12 GMT
x-amz-version-id: g4LjTk4ywF1GInd1rEuxmE8JY093QWcV
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2742325
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 15
last-modified: Thu, 25 Jan 2024 15:45:15 GMT
server: istio-envoy
etag: W/"672c1436035fd059b992723cdedd3472"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: PNvEE9Luwq3kiNa17oCPBLIDrJq3v1DQAMtDYNMydOlm_NTQeUe_Wg==

GET
H2 200 34.5fdd3e3b.chunk.css
js.driftt.com/core/assets/css/ Frame CC4F 16 KB
3 KB 6ms
2ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.5fdd3e3b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a03b854d10519fd5be9cdcbc78fad3927c1a3de9e84fa74353c8a19cc20d0501

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 20:20:38 GMT
x-amz-version-id: IrMkVQs7lH.AehsQAbAKz1mDjOweAHHO
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 2295059
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
last-modified: Tue, 30 Jan 2024 16:30:54 GMT
server: istio-envoy
etag: W/"6f779260053e30787f84dfa7ba6743e5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: T58pKZywjmQ4USyd43iqMW2cXhzGK42w-GhYMsM-SDvTLBezAwIs1w==

GET
H2 200 34.a74cf682.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 13 KB
5 KB 8ms
5ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.a74cf682.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

a0ecd664d717fc9ad0a511a6379f291db344fd80bfe9058989c0f4d658d65e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 11 Feb 2024 23:39:50 GMT
x-amz-version-id: YGkRl94JxuCTmwA9l21Yn2Fojw3BbiXT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1246307
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 12
last-modified: Fri, 09 Feb 2024 17:52:44 GMT
server: istio-envoy
etag: W/"a5ca20176509792eb61e2e83db9487a0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: vfNxd2gQWa5dqDE31I-mRRsqTSPrTTCKhCwSN-HjFb5ydiLMpcV5HA==

POST
H2 200 v2 Show response
bootstrap.api.drift.com/widget_bootstrap/ping/ Frame C918 207 B
647 B 646ms
219ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

b7738a1e839a0c565352056f8efb00ee9ee01ba4f58638490e8b8b3e74584f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 26 Feb 2024 09:51:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: d553d3d95d37ebf0
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 9
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 207

POST
H/1.1 200 0ae22ad83e Show response
bam.nr-data.net/1/ 40 B
406 B 778ms
466ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/0ae22ad83e?a=573869349&v=1.252.0&to=bgQBYERQXBBWVBFbDldOIldCWF0NGHMXRxFYDT9aWVVXP3RYC0YTVg0PUURtfAxTUjNbBE4iDFpCQ10PW1IXH19PCAZD&rst=5256&ck=0&s=af9b87231d8660b3&ref=https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond&hr=0&qt=11&ap=2159&be=890&fe=3869&dc=836&at=QkMWFgxKT08VVkcIGkQc&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1708941092548,%22n%22:0,%22f%22:0,%22dn%22:14,%22dne%22:14,%22c%22:14,%22s%22:15,%22ce%22:20,%22rq%22:20,%22rp%22:891,%22rpe%22:895,%22di%22:1696,%22ds%22:1696,%22de%22:1726,%22dc%22:4747,%22l%22:4756,%22le%22:4759%7D,%22navigation%22:%7B%7D%7D&fp=1560&fcp=1560
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.252.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a

Request headers

Referer: https://www.proofpoint.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 26 Feb 2024 09:51:38 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-bfi-krnt7300105-BFI

POST
H2 200 v3 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame C918 25 B
89 B 224ms
221ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v3

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 26 Feb 2024 09:51:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 8fa1a7fba4955692
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

POST
H2 200 widget_bootstrap Show response
bootstrap.api.drift.com/ Frame C918 33 KB
11 KB 464ms
464ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

5c559785e24db8a2ccab8fa61a55b4eaf475e934d470f7d5657a16474c753091

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 26 Feb 2024 09:51:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: 736f915bdc7510ce
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 256
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 436ms
435ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=3df9dd2c-4ad2-45b1-8b17-379eb0749e9f&session=6bb35ac4-221a-4409-81ac-2462353443e9&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26amp%3B%20Beyond%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&pageViewId=5abc7860-2a93-4f45-8268-525ea68c7d37&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:38 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 441ms
441ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=3df9dd2c-4ad2-45b1-8b17-379eb0749e9f&session=6bb35ac4-221a-4409-81ac-2462353443e9&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A38%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26amp%3B%20Beyond%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&pageViewId=5abc7860-2a93-4f45-8268-525ea68c7d37&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:39 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 track Show response
event.api.drift.com/ Frame C918 644 B
703 B 211ms
210ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

134b03526cacae29381746ea862c9ff8f924aab1e20a1d0fe7ed0d5638b760e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMTEyMjcxMTM0MCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3NDA1NjM0OTgsImlhdCI6MTcwODk0MTA5OH0.Ah7nxemc-19ycAl74gAas9O4yAu9ByivZFnNMWcuThlZgZuN04iv7-AcUqAext7fHzVpbMGvkHzONWlyNvo_Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Feb 2024 09:51:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: a3f63477c80fff5f
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 644

OPTIONS
H2 200 track
event.api.drift.com/ Frame 0
0 212ms
210ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://event.api.drift.com/track

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 26 Feb 2024 09:51:39 GMT
requestid: drift7683d844ef38c3f28e6564c803f
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

OPTIONS
H2 200 evaluate_with_log
targeting.api.drift.com/targeting/ Frame 0
0 218ms
209ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 26 Feb 2024 09:51:39 GMT
requestid: drifte26e88a42d2ab4123c5c6194d58
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 evaluate_with_log Show response
targeting.api.drift.com/targeting/ Frame C918 1 KB
553 B 210ms
210ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/targeting/evaluate_with_log

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

78023a4953f1d255c9d5546b99b71a03acc62d1cb213b827371913c50b0c226d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMTEyMjcxMTM0MCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3NDA1NjM0OTgsImlhdCI6MTcwODk0MTA5OH0.Ah7nxemc-19ycAl74gAas9O4yAu9ByivZFnNMWcuThlZgZuN04iv7-AcUqAext7fHzVpbMGvkHzONWlyNvo_Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Feb 2024 09:51:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
server: istio-envoy
requestid: ac7be249cca6f8ae
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 490

GET
H2 200 collect
www.google-analytics.com/ 35 B
95 B 2ms
2ms Image
image/gif 142.250.204.14
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1065740990&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&ul=en-us&de=UTF-8&dt=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Drift%20Widget&ea=Playbook%20Fired&el=Playbook%20ID%3A%201741196&_u=aDDAAEABAAAAACAEK~&jid=&gjid=&cid=1465068310.1708941094&tid=UA-2257074-1&_gid=2110253003.1708941095&gtm=45He42l0n81MGR7P8Xv76619393za200&gcd=13l3l3l3l1&dma=0&cd19=1465068310.1708941094&z=1890019795

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.204.14 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s25-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 07:52:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 7151
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C918 19 KB
7 KB 3ms
2ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core?d=1&embedId=5dfsgn7m2kst&eId=5dfsgn7m2kst&region=US&forceShow=false&skipCampaigns=false&sessionId=3de9c28a-b0c7-4710-a99f-8ad8de463a7e&sessionStarted=1708941097.296&campaignRefreshToken=c9c7623c-a776-4d85-86ee-2a133d1acdbc&hideController=false&pageLoadStartTime=1708941093443&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 09:47:19 GMT
x-amz-version-id: jP1VbgmiUz322PbGNcbb._G81nmdpudf
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1901061
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Fri, 02 Feb 2024 20:15:44 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Iy90fSuoeh87bVGxGyum8ipp87lhUqleFIJbvgjPiHAdxDmdRHI6Ww==

POST
H2 204 widget Show response
targeting.api.drift.com/impressions/ Frame C918 0
39 B 218ms
217ms XHR
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiIyMTEyMjcxMTM0MCIsImNsaWVudElkIjoiZjZ6dWl6ZHloeHJtN3IiLCJ1c2VySWRUeXBlIjoiTEVBRCIsInNjb3BlIjoibGVhZCIsImlzcyI6IjEwOTYyNTAiLCJleHAiOjE3NDA1NjM0OTgsImlhdCI6MTcwODk0MTA5OH0.Ah7nxemc-19ycAl74gAas9O4yAu9ByivZFnNMWcuThlZgZuN04iv7-AcUqAext7fHzVpbMGvkHzONWlyNvo_Xw
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Feb 2024 09:51:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: a28fd048e84ec7f3
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-allow-credentials: true
x-envoy-upstream-service-time: 10
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version

GET
H2 200 57.28dde8ce.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 19 KB
7 KB 3ms
2ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/57.28dde8ce.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 04 Feb 2024 09:47:19 GMT
x-amz-version-id: jP1VbgmiUz322PbGNcbb._G81nmdpudf
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
x-amz-cf-pop: SYD1-C2
age: 1901061
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 29
last-modified: Fri, 02 Feb 2024 20:15:44 GMT
server: istio-envoy
etag: W/"3c4cd13822c0069a68e9f9c8240f5ba9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Cbb_y70UC5o_bK-oFfbxxP9xA-YnD-rQkRPgaM-pX33Rye0m2JYJOw==

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 101ms
101ms Ping
text/plain 216.239.32.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-B1V8SZE3GL&gtm=45je42l0v890103917z876619393za220&_p=1708941093465&gcd=13l3l3l3l1&npa=0&dma=0&cid=1465068310.1708941094&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=3&sid=1708941094&sct=1&seg=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&dt=TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26%20Beyond%20%7C%20Proofpoint%20US&en=6sense&_et=879&up.company_name=&up.industry=&up.employee_count=&up.employee_range=&tfd=7754
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-B1V8SZE3GL
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.32.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Feb 2024 09:51:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 widget
targeting.api.drift.com/impressions/ Frame 0
0 208ms
208ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://targeting.api.drift.com/impressions/widget

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Mon, 26 Feb 2024 09:51:40 GMT
requestid: drift2054ca84fa2bee2acdb87ecc9df
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

GET
H2 200 https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1309750%252Fb676fc411192216d9fa871532ccd1ef16m64sa65z394%3Ffit%3Dmax%26fm%3Dpng%26h...
driftt.imgix.net/ Frame C918 3 KB
3 KB 766ms
152ms Image
image/png 151.101.66.208

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://driftt.imgix.net/https%3A%2F%2Fdriftt.imgix.net%2Fhttps%253A%252F%252Fs3.us-east-1.amazonaws.com%252Fcustomer-api-avatars-prod%252F1309750%252Fb676fc411192216d9fa871532ccd1ef16m64sa65z394%3Ffit%3Dmax%26fm%3Dpng%26h%3D200%26w%3D200%26s%3D66f22e2d85aec618f47000d1029736f1?fit=max&fm=png&h=200&w=200&s=f333800c5d66a1ec12ddc6d9d2ea2213

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.66.208 -, , ASN (),

Reverse DNS

Software

Google Frontend /

Resource Hash

4997035dbb477fd4132f3770718fe988c59a3659a74952f5473c366ff6a79907

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:41 GMT
x-content-type-options: nosniff
age: 3005150
x-cache: HIT, HIT
x-imgix-id: 58d330ad921d156f24a9c9ee73509de7abd20922
cross-origin-resource-policy: cross-origin
content-length: 3195
x-served-by: cache-sjc10042-SJC, cache-bfi-krnt7300046-BFI
x-imgix-render-farm: 02.131624
last-modified: Mon, 22 Jan 2024 15:05:51 GMT
server: Google Frontend
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=315360000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 43.e483d03f.chunk.css
js.driftt.com/core/assets/css/ Frame CC4F 900 B
2 KB 3ms
3ms Stylesheet
text/css 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/43.e483d03f.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

12ffe3ad71f763d9057baf43e0f1c1482bb9a0372602020554c4d52f52b37981

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sat, 30 Dec 2023 19:16:41 GMT
x-amz-version-id: qtHMm.jp01fVX9W5eD7sFiPuNPqOQkb6
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD1-C2
age: 4977299
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 19
content-length: 900
last-modified: Fri, 29 Dec 2023 19:54:11 GMT
server: istio-envoy
etag: "0bd11a8facc0a9d41713c64ed1ba1289"
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: n9DPA8K-BsEEOPlybMopdG_GCnauKNszn_L4_4JdStF0tldky5IuTA==

GET
H2 200 43.bd189648.chunk.js Show response
js.driftt.com/core/assets/js/ Frame CC4F 303 B
998 B 4ms
3ms Script
application/javascript 13.224.181.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/43.bd189648.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.9529c9e3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.181.124 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-181-124.syd1.r.cloudfront.net

Software

istio-envoy /

Resource Hash

e6fe88a41144fac0a75be6c94627d7ddbe2d58e0ccea7d714ea7108e1be694de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1708941093443
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Sun, 31 Dec 2023 16:50:16 GMT
x-amz-version-id: TisE0KvOcDp.ix7Z_twMVOKaw5vqYQ5x
via: 1.1 98c0260f137c498b550b5ea75d3bc892.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: SYD1-C2
age: 4899684
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-envoy-upstream-service-time: 18
content-length: 303
last-modified: Fri, 29 Dec 2023 19:54:13 GMT
server: istio-envoy
etag: "64c5c459373f38cfa09d006a64744acb"
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YY4RRnmJbl66mKK_kNXVZE3F-f7VsYAWDUpdgmr6W_hFpNeAnJQ6vg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 436ms
436ms Image
image/gif 23.47.73.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=76d4adecd2340b300ba5d4296ecef89d&svisitor=null&visitor=3df9dd2c-4ad2-45b1-8b17-379eb0749e9f&session=6bb35ac4-221a-4409-81ac-2462353443e9&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2026%20Feb%202024%2009%3A51%3A39%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226008%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20about%20the%20TA569%20threat%20actor%3B%20known%20for%20its%20deployment%20of%20website%20injections%20leading%20to%20a%20JavaScript%20payload%20known%20as%20SocGholish.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22TA569%20Threat%20Actor%20Overview%3A%20SocGholish%20%26amp%3B%20Beyond%20%7C%20Proofpoint%20US%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fblog%2Fthreat-insight%2Fta569-socgholish-and-beyond&pageViewId=5abc7860-2a93-4f45-8268-525ea68c7d37&v=1.1.15

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.47.73.144 Inkster, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-47-73-144.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date: Mon, 26 Feb 2024 09:51:40 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event3/ Frame C918 25 B
85 B 222ms
221ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event3/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/51.558be3c5.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 26 Feb 2024 09:51:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: istio-envoy
requestid: 61510e3e305f33b1
access-control-max-age: 1209600
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
vary: Accept-Encoding
access-control-allow-credentials: true
x-envoy-upstream-service-time: 13
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25

Verdicts & Comments Add Verdict or Comment

179 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

64 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.proofpoint.com/us/blog/threat-insight	1969-12-31 23:59:59	Name: hide_lang_switcher Value: 1
www.proofpoint.com/us/blog/threat-insight	1969-12-31 23:59:59	Name: pp_user_country Value: au
.proofpoint.com/	1970-01-21 03:26:37	Name: visid_incap_177663 Value: hVYB0hVZQzG2byDylnfAWiNf3GUAAAAAQUIPAAAAAADCAv5vgiVl95TrTXpLaNAJ
.proofpoint.com/	1969-12-31 23:59:59	Name: incap_ses_332_177663 Value: 0ihiUqiabVizDUCx54CbBCRf3GUAAAAA0+FrlQT4kaNVBsPJ9Hcylg==
.proofpoint.com/	1970-01-21 03:29:23	Name: _vwo_uuid_v2 Value: DD491C9F68101D29153A3054065A8D6D5\|66bb55f7b924f7862a3a09f35a8508aa
.app-abj.marketo.com/	1970-01-20 18:42:22	Name: __cf_bm Value: XgWbQ.6uww2eIfunhLB44qsT.gvYBE40NK8mb3_7jcA-1708941094-1.0-AXKKm0I1vF5E5BhgJG1TiEqstrZQepj6Ew/QHfrGJPigfbzwLWCzeMsYis3nJE1uDJPqHYFa9XcElq/0EfqkA3A=
.proofpoint.com/	1970-01-21 04:18:21	Name: _mkto_trk Value: id:309-RHV-619&token:_mch-proofpoint.com-1708941094235-28380
.proofpoint.com/	1970-01-20 20:51:57	Name: _gcl_au Value: 1.1.1827095088.1708941094
www.proofpoint.com/	1970-01-21 04:18:21	Name: _gd_visitor Value: 3df9dd2c-4ad2-45b1-8b17-379eb0749e9f
www.proofpoint.com/	1970-01-20 18:42:35	Name: _gd_session Value: 6bb35ac4-221a-4409-81ac-2462353443e9
.sharethis.com/	1970-01-21 03:29:23	Name: __stid Value: ZHwAA2XcXyYAAAAIflmwAw==
.sharethis.com/	1970-01-21 03:29:23	Name: __stidv Value: 2
.proofpoint.com/	1970-01-21 03:29:23	Name: fpestid Value: ohIRckjkmTFWSMMXp5Cft-9GOYmKUbwDtFrjp2t_vfYHoS6BkR_UN8hNRLrDFeHkphxxtA
.proofpoint.com/	1970-01-21 04:18:21	Name: _ga Value: GA1.2.1465068310.1708941094
.proofpoint.com/	1970-01-20 18:43:47	Name: _gid Value: GA1.2.2110253003.1708941095
.proofpoint.com/	1970-01-20 18:42:21	Name: _gat_UA-2257074-1 Value: 1
.doubleclick.net/	1970-01-21 04:18:21	Name: IDE Value: AHWqTUmcNnjyFNypovbVSIP0E7p6ElyST40-A-ZgNFeYMRjeuptIhVSxCDRqAUVw-40
.doubleclick.net/	1970-01-20 23:01:33	Name: receive-cookie-deprecation Value: 1
.proofpoint.com/	1970-01-20 18:43:47	Name: _uetsid Value: a0808490d48c11eeb2d13bf7e7ed71e5
.proofpoint.com/	1970-01-21 04:03:57	Name: _uetvid Value: a080ca40d48c11eeba7b3dec60a77a8a
.bing.com/	1970-01-21 04:03:57	Name: MUID Value: 09D5A79C3DC16BA209D6B3AD3C506AA5
.bat.bing.com/	1970-01-20 18:52:25	Name: MR Value: 0
tracking.g2crowd.com/	1970-01-20 19:02:30	Name: _session_id Value: dfc624e142aaf809cf94f05b4aee2059
.g2crowd.com/	1970-01-20 18:42:22	Name: __cf_bm Value: VnQoXQJr1zVOX9C5SycCfHCvETuB_sZdEzhnLzFvmCw-1708941095-1.0-AVeWNjHZ11vps5ctBmwuOl1fKiTwoWLDVYmxq6RgPJU6vIPsnGc/5nmnujXMfOz3CI4FVwADXHaN08mQvrR9aqU=
.doubleclick.net/	1970-01-20 19:25:33	Name: ar_debug Value: 1
.techtarget.com/	1970-01-20 18:42:22	Name: __cf_bm Value: 6_BBtBGnMgncJaObkZ8.C6qWUs5KT.PiUFk.NbcqpPE-1708941095-1.0-AbKnImJaljJX7xBymqVfag5qrj72Tj7NTAaKslijms120GgtGA7Ntg81lYVfYg1SNZOowkl/8mTPvezSlNs7FnU=
.linkedin.com/	1970-01-20 18:43:47	Name: lidc Value: "b=TGST03:s=T:r=T:a=T:p=T:g=3165:u=1:x=1:i=1708941095:t=1709027495:v=2:sig=AQEKF5bkUEI57zFLrmQtVCUWDQ02GLBZ"
.t.sharethis.com/	1970-01-20 19:25:33	Name: pxcelPage_default_c010_B Value: 0_6_1708941095284
.adsrvr.org/	1970-01-21 03:29:23	Name: TDID Value: e09e3320-5d5d-492c-b27e-8a4cfb311424
.proofpoint.com/	1970-01-21 04:18:21	Name: _ga_B1V8SZE3GL Value: GS1.1.1708941094.1.1.1708941095.59.0.0
.eyeota.net/	1970-01-21 03:29:23	Name: mako_uid Value: 18de4d3b184-57800000010d59ec
.eyeota.net/	1970-01-20 18:42:21	Name: SERVERID Value: 23020~DM
.adsrvr.org/	1970-01-21 03:29:23	Name: TDCPM Value: CAEYBSABKAIyCwjy27CB6K7bPBAFOAE.
.proofpoint.com/	1970-01-20 20:51:57	Name: _fbp Value: fb.1.1708941095401.1974131476
.linkedin.com/	1970-01-20 20:51:57	Name: li_sugr Value: d9977a6e-da11-4623-bace-929cea3f62e2
.linkedin.com/	1970-01-20 19:25:33	Name: UserMatchHistory Value: AQLqfnQqFXJrbAAAAY3k07Gd8tgsKI6wd1WJ8rCL-Oc-9J1uvFEAMWaJaVg48Amcp-JwV0xilV5gvg
.linkedin.com/	1970-01-20 19:25:33	Name: AnalyticsSyncHistory Value: AQIdxvJ6-1ZLDQAAAY3k07GddKaWlRZOMxa8oFIGjeEruRkxiJTJnkzX4-viBqNQY2WaFHRN8ZvGVDgXdI2d4Q
.linkedin.com/	1970-01-21 03:27:57	Name: bcookie Value: "v=2&64d70e7f-a4d2-431f-8f2e-30540c13d5fb"
.ml314.com/	1970-01-21 03:29:23	Name: pi Value: 3642340222842699791
.6sc.co/	1970-01-21 04:18:21	Name: 6suuid Value: 8c492f17cf330100275fdc650b0200000ca24500
.www.linkedin.com/	1970-01-21 03:27:57	Name: bscookie Value: "v=1&20240226095135df73c86f-9dcd-4a63-87af-776f48ffa92cAQEpSn1nb6E0H2TXR6PUYA2_tO_5dMkN"
.rlcdn.com/	1970-01-21 03:27:57	Name: rlas3 Value: /V0igk3WJj8z1aLgLc00oBKgtCPLvjqO9JHLmef9BME=
.yahoo.com/	1970-01-21 03:28:18	Name: A3 Value: d=AQABBCdf3GUCEIuvEQMF_aPHG4ZLBzur65wFEgEBAQGw3WXmZdww0iMA_eMAAA&S=AQAAAgTMMeHFHlspNpUjSRfKq6E
tags.srv.stackadapt.com/	1970-01-21 03:27:57	Name: sa-user-id Value: s%3A0-8b1a7916-c801-52c3-4b95-4d1c4ce2c106.MeXpcAJnHY9SzvJ3rNSUD9ocND1L2qdav8YOhwzWEWw
.srv.stackadapt.com/	1970-01-21 03:27:57	Name: sa-user-id Value: s%3A0-8b1a7916-c801-52c3-4b95-4d1c4ce2c106.MeXpcAJnHY9SzvJ3rNSUD9ocND1L2qdav8YOhwzWEWw
tags.srv.stackadapt.com/	1970-01-21 03:27:57	Name: sa-user-id-v2 Value: s%3Aixp5FsgBUsNLlU0cTOLBBkLLcKA.7cHJSn0tg3AzPkXx4rTzF6kZsiLHq5U5k%2FvtJUaqeeU
.srv.stackadapt.com/	1970-01-21 03:27:57	Name: sa-user-id-v2 Value: s%3Aixp5FsgBUsNLlU0cTOLBBkLLcKA.7cHJSn0tg3AzPkXx4rTzF6kZsiLHq5U5k%2FvtJUaqeeU
tags.srv.stackadapt.com/	1970-01-21 03:27:57	Name: sa-user-id-v3 Value: s%3AAQAKINvQVxW7yYhKIdFylJQUX6vfXH9NOFijMF2WsFBH8KDKEHwYBCCnvvGuBjABOgRUSQl9QgSsr03n.DfNkSdiFcMeqA%2BcGtsOrXjuDfDowqlaxWWNBqsxQ9Jw
.srv.stackadapt.com/	1970-01-21 03:27:57	Name: sa-user-id-v3 Value: s%3AAQAKINvQVxW7yYhKIdFylJQUX6vfXH9NOFijMF2WsFBH8KDKEHwYBCCnvvGuBjABOgRUSQl9QgSsr03n.DfNkSdiFcMeqA%2BcGtsOrXjuDfDowqlaxWWNBqsxQ9Jw
www.proofpoint.com/	1970-01-21 03:27:57	Name: sa-user-id Value: s%253A0-8b1a7916-c801-52c3-4b95-4d1c4ce2c106.MeXpcAJnHY9SzvJ3rNSUD9ocND1L2qdav8YOhwzWEWw
www.proofpoint.com/	1970-01-21 03:27:57	Name: sa-user-id-v2 Value: s%253Aixp5FsgBUsNLlU0cTOLBBkLLcKA.7cHJSn0tg3AzPkXx4rTzF6kZsiLHq5U5k%252FvtJUaqeeU
www.proofpoint.com/	1970-01-21 03:27:57	Name: sa-user-id-v3 Value: s%253AAQAKINvQVxW7yYhKIdFylJQUX6vfXH9NOFijMF2WsFBH8KDKEHwYBCCnvvGuBjABOgRUSQl9QgSsr03n.DfNkSdiFcMeqA%252BcGtsOrXjuDfDowqlaxWWNBqsxQ9Jw
.crwdcntrl.net/	1970-01-21 01:11:06	Name: _cc_dc Value: 2
.crwdcntrl.net/	1970-01-21 01:11:06	Name: _cc_id Value: e4b16b025a2e6374be23d1b3c2ba16bb
.analytics.yahoo.com/	1970-01-21 03:27:57	Name: IDSYNC Value: 19b8~2gyx
.rlcdn.com/	1970-01-20 20:08:45	Name: pxrc Value: CKe+8a4GEgUI6AcQABIFCNtOEAA=
.exelator.com/	1970-01-20 21:35:09	Name: EE Value: "cc81a4a87c3d5418019e2784ef560242"
.adnxs.com/	1970-01-20 20:51:57	Name: XANDR_PANID Value: nV4e9MbLIxs61ucSU6M7mplPKGHoiXoPf7n7kwTHsMZterjoxL-m4yMD-UIcoOyBClJmINqnObpo_vZvQPf5XM9QK58OMekdOENpIjJxpww.
.adnxs.com/	1970-01-21 04:18:21	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:51:57	Name: uuid2 Value: 916563861363931583
.exelator.com/	1970-01-20 21:35:09	Name: ud Value: "eJxrXxzq6XKLQSE52cIw0STRwjzZOMXUxNDCwNAy1cjcwiQ1zdTMwMjEaHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDIaEl%252BUWb6otDgxUUpaQyLSopPBR%252F7lAUAeywqRQ%253D%253D"
www.proofpoint.com/	1970-01-20 18:42:22	Name: drift_campaign_refresh Value: c9c7623c-a776-4d85-86ee-2a133d1acdbc
www.proofpoint.com/	1970-01-21 04:18:21	Name: drift_aid Value: ba0959ad-6ee8-4d1c-b8c0-750610d775d1
www.proofpoint.com/	1970-01-21 04:18:21	Name: driftt_aid Value: ba0959ad-6ee8-4d1c-b8c0-750610d775d1

187 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
javascript	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond(Line 1454) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond(Line 1454) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://munchkin.marketo.net/munchkin.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond(Line 1478) Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/143852102935619?v=2.9.147&r=stable&domain=www.proofpoint.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://js.driftt.com/include/1708941300000/5dfsgn7m2kst.js Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com .visualwebsiteoptimizer.com app.vwo.com .sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com ; img-src 'self' 'unsafe-inline' data: blob: .visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com ; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com .visualwebsiteoptimizer.com ; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Security-Policy	default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com .visualwebsiteoptimizer.com app.vwo.com .sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js; object-src 'self'; style-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com ; img-src 'self' 'unsafe-inline' data: blob: .visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com ; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com .visualwebsiteoptimizer.com ; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: ; connect-src 'self' 'unsafe-inline' .visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

309-rhv-619.mktoresp.com
4788165.fls.doubleclick.net
ad.doubleclick.net
adservice.google.com
analytics.google.com
app-abj.marketo.com
attr.ml-api.io
b.6sc.co
bam.nr-data.net
bat.bing.com
bcp.crwdcntrl.net
bootstrap.api.drift.com
buttons-config.sharethis.com
c.6sc.co
cms.analytics.yahoo.com
connect.facebook.net
dev.visualwebsiteoptimizer.com
driftt.imgix.net
epsilon.6sense.com
event.api.drift.com
fonts.googleapis.com
geoip-js.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
idsync.rlcdn.com
ipv6.6sc.co
j.6sc.co
js-agent.newrelic.com
js.driftt.com
l.sharethis.com
loadus.exelator.com
match.adsrvr.org
metrics.api.drift.com
ml314.com
munchkin.marketo.net
pixel.mathtag.com
platform-api.sharethis.com
platform-cdn.sharethis.com
ps.eyeota.net
px.ads.linkedin.com
s.ml-attr.com
secure.adnxs.com
snap.licdn.com
stats.g.doubleclick.net
sync.sharethis.com
t.sharethis.com
tags.srv.stackadapt.com
targeting.api.drift.com
tracking.g2crowd.com
trk.techtarget.com
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.com.au
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.proofpoint.com
103.43.90.117
104.16.95.80
104.18.33.110
104.18.36.196
13.107.21.200
13.107.42.14
13.224.181.124
13.237.11.119
13.56.36.101
142.250.204.14
142.250.204.2
142.250.204.4
142.250.204.8
142.250.66.194
142.250.66.198
142.250.76.102
142.251.221.74
15.197.193.217
151.101.1.91
151.101.2.137
151.101.66.208
157.240.8.23
157.240.8.35
162.247.243.29
172.217.24.35
172.64.144.225
18.143.106.89
18.67.111.101
18.67.111.16
18.67.111.30
18.67.111.85
192.28.144.124
216.239.32.181
23.1.240.49
23.214.38.209
23.47.73.144
23.47.73.159
34.111.208.231
34.117.77.79
34.96.102.137
35.244.154.8
45.60.159.207
52.0.156.250
52.52.86.48
54.147.21.139
54.204.62.38
54.251.52.200
64.233.170.156
68.67.153.60
76.223.9.105
00a028b6540a3f5309fccc8c5c6d5d5e1da884807e21931d907f29f7247ea734
029d219cdef5f07caa9c512aa1e804f9251cc8623c2461dd9c01cb680700da97
037bd3254471a8df28fa54512d91bc91c42f382511446c26e52d22017598796e
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
117457a154f3f942675177c493160561dc6391a60c4afbf93a91e65da5bdc6d3
12ffe3ad71f763d9057baf43e0f1c1482bb9a0372602020554c4d52f52b37981
134b03526cacae29381746ea862c9ff8f924aab1e20a1d0fe7ed0d5638b760e5
168ebd89f3a9ffb66f609bdf01034cb2dd90af136676fde9193abb2ac0e517f4
17b023deed8da26f85aec8ec905699b3e1d94703319059ef69597f18412a022a
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1cf21f57d161f8de548c33c5232d48fa022d3a594ce5ea0df88b48ffeab17525
1ed7c57fe7db291b2aa6b49cbcadb4f6bec5523037b3504a4838072dece248ce
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2632767b652b8d6e0a9bba35dd89cb580138cc604b6a862f21eec1cfa7ea6096
2a8a441d8086f20a64563edc759aba1de84d932e34ff77b8bb0279a730cdb428
2c4d39b25c345fb5db9db115749d05b048a1146cc9ccaedc31a73d6affaf476b
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2fdb22da214a2f7bcfb7d56f8abbdca611c002e04b290aff79caa93d4aaa76f3
332a6273af6fdc033f936b6754b3c8af335763469fe94ac2fc3246273d4c63e0
3337f36bd89c27dbe1dca4b71fb177d826b736950f2150aff6acce0180a86fc5
33a8fb1c404f784e5c0b9807adc3b2ffb47b5c4f9ba7050aaf04734f5aff2dc7
37843bfca90789f7ef8311a8377c91a0199e47c4fa057a420df13880fa2b6914
3c33966bb6e4c8c404affba23a87352c6e0acd91a787381eec4d72f5907ed77d
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
40c18a12f1fab791044c77b7d95f5375a86246ba644776a319b7db5d5a355b08
42a3729f9abf852e767fa970a50466acbb898dba53c5aebe575fcd80124179f5
44533fc213c9a0044f2a50eae9852b6bca91a5e14ee8f74c0bd314266bea8ae2
45396b8359112c614d4aab3fcb716deaabc47e477078f675d7bf69f5791c8f53
46454a26b3142dec4540c21c9c156f2b3e570488667f1bbcf81854e27925f2a4
479f333c6cdf10724e19b33079cab821bb37b0a463170ea9943dcbc0c6d9dc67
481baffabb9011ae6ffd10103983908ebc2c06e6f6be7797d226ccee04c2172f
4997035dbb477fd4132f3770718fe988c59a3659a74952f5473c366ff6a79907
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
4ea58eb07cdef07c8d8ae7fea6f7ce6dc7febf2a1556ab992e0ce37724582d09
501f2ebca0d1409039eeba4530ecd1f5c0eff312a15ebeaa12dec1fed75c1199
50ae38488522123a40313a67234c357d2b15b74e0114a69344b4d0ec711ce4a5
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
54f7c5abf7cebc48854d137c8cf94a49de5ee1f85479004016a62f02d56b9222
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5680e67bec883a7cc47635705afdaa0d28ad681a1bec515983784fe6c002356b
57c74eb0d5e0ec7098c99e921db575346808a900903d39ba3cdab32c4d206fc7
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
58fdb03fac3e89e51525a5a45eb777395d1b499bf4483e96201b6becddbe516f
594d3ade307f6f48a5ef5143228b9da7c4e78589177ac70e91d31fe75ea83d60
5c559785e24db8a2ccab8fa61a55b4eaf475e934d470f7d5657a16474c753091
5ca742541d65d718402499ed1d84d003258ce2116562169b85744cf7d798485a
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5f3083b731588016304b0ac105b66985b8ffc9d2c7a2e627f0435da5e86a4648
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
60942f2cf61e5111f92383919330337b1f447270fc61ef81a0d113fa599cc833
61940a024b4eb9586443a3d82b256fc46976567a27380f969e42f8f2faeb80bf
637bd059ef7a81089f0b6111be2ed656ca25fdf9200af682a3154a4ab5eab498
6861a320271e0fda832800e20d53b858ef409f88d9bc9c1a48953888289d1ea3
68bf74082f8a4c49d604ea4c599e861b5dd032b1497a75231b74ca1b20853dcb
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6b7970f123e87891537b8ffc02756230f04ab709f6e86d99628d1d7517b1ce06
6c9c6406c9bd9814cf84974221433003377b67f071ec5411fddbcba4ec109bca
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
747310f4043c850ae6b76c074e86b80057cea2d56cd595d0179b4aa9cb5077e5
7641f066c35d0ca15d4897bfe49d640ed4c143ff8f04030c2020cbb2acfa7b0b
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
76ffdc5337cd5a509f15d70767b85a793aead82975d0d86912e1607e963c9aed
78023a4953f1d255c9d5546b99b71a03acc62d1cb213b827371913c50b0c226d
7817ee889e9c73351b96c97c740c9dd746ba87ebd6c6fcab3cd77cd021920ce7
7849ba1748f8188749df28e9d59ca4e570a8495684353d8df4715fa70a81e787
7bbb51c6357175f19a69c141db5eceecd3fa371e3affcfb238e433545a4ca93e
7d4c8d64de2bdfd840f846b0ed993d89a3f61cae7c9477a4a6cafbfae8f47163
7d78bcb45e61155283355f98b205d9dc7b416aef6cfd5ae58c76d7633941a52b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83e4d17b79920091301961db060dbe040501d7703672bbe9162c891fe4579756
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
8912e42fc410c1e5bb6e04f4e0a8f1866487446cf71653c511dab44ab077214a
89cfdadb23c7206b508ca2007f1e8c183f609fd283a91b03e19b64ee2f03a288
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a0733dd0cf11c03279cb16006ab9a98db3818f2651b8033aca347132f9082ff
8afb6c394c753852596c484e8e09d9e3a3fdcaffbcfd8855e0ff97710f98e41d
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
8f0f8792237470ee661c6afc32ca68200dd74bcc0d544d0fd54c7777af362eae
939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353
94a96a4fc313fe6dfba290ed6bc0e802eaab40810e59032a06f6774553b1c6ae
96edd93e84addeee41ef9c34f49a339fead522f84e7c61a48877c8768b5d7caf
98027b235fe596c3d4954af1307fda6b83df3d32c705ea0a1234518d05db2632
9c1b1066c42f920ce30aee11e0645fc48f66f13f828e31865b34abe54d6dd4e0
9c2df34e24fbac806c9d96da85e1c06df3f79267b0f105620b8cfcee0ced5b1c
a03b854d10519fd5be9cdcbc78fad3927c1a3de9e84fa74353c8a19cc20d0501
a0ecd664d717fc9ad0a511a6379f291db344fd80bfe9058989c0f4d658d65e1c
a4906cfd4e4215e5b8deb7cc3b83269a906110cd1f5f97316628032cb1ee7394
a55619fd27a0e1c6c940e668707a13ea02bc52953106260a570c28e5a300c070
aa4e61ea34efffdda8f0dc0b401826f1cbdef256941574aae6f13fa54e02d07a
aca64b0717c03050a52e321c85bb15cdc2df3b199c3e864247d80baae1c63910
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afbd41e7209fa3aef6f53c7a5713aa542a7be54c432fec2d690e0dfaccd528d1
b0af909b7ae6ad2644bfe2a60d939092aaf113b2cbc4ed2981a892869143b98a
b0e6c1c112eda28bd4787e19ce4920424990b564c0fb3b828ec605d91ba4813e
b13c9311dec3f49821d88065299e95cc1c4e6c26acc4b27b4ebdb380d40d8788
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1700a9f05644621ffe3a13f59d5258261f170718eb8a6076e5fc55cd918afc7
b480bbc5834651fb48a482fb5711ea65de49e97a9491ca7e89cecf0bfb26ccd1
b4db5c4844f2d9760dbfe6c13daa07bafa8fcd740f2172a7ca8ac237e27286d8
b7738a1e839a0c565352056f8efb00ee9ee01ba4f58638490e8b8b3e74584f66
b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
bba54915db71fc417be4d5852ec7d138d7c3fa90356ddee98b5267a7db7e6b5b
be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d
bff2eb456da2bc3f6f2e7741e733c878a88830488a13932a36233b89083090c0
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
c5a7210fc1388e35300d7b257180c2ed4d0cdcf1a37e3372536c9a8c4f000db9
cb8c2b19fd9b56c41db14bd71b5c0616c1ba4e99b08c8e75084cf695f74b7120
cf9e92205faeb2fc9929f8aaf67ee6fb15084be8994babd310cfa01d62e29e5c
d14e287ddae470b06c4639e73260ca21a4c9b7cfdf56e02965a8f50fb5333b42
d53ad65904b3e7c8a7dbf9479478e5c3f84ac198f1d81f3a97edd0e4af552e3a
d70fa5dc6c8bfe9d7824be31e669528533d0879a2b1600a7df68b880f4d44296
da9b29cad35666ad35df54fc721ff8d0838660640456185a86521e6c506b81cd
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
ddbd99a98baa51ec26f0c36d7a048d0ebb99777a15507fab1b0a0f0b12c452e4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0c6f8695589df90e63442fee1c9cf14e60dfc4fd8ce7296515b1d6db41e1d3d
e2a193fa1b1801dcdddf024a250b04b496f5e36e4324a8de73948e6421ff5865
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e555f4b34b579e6528d6bbd4819620a634c0759b41dfa99520b7ca5aa5117b11
e6fe88a41144fac0a75be6c94627d7ddbe2d58e0ccea7d714ea7108e1be694de
e9841d9258210b13f0870a80d02ce8f3224c8798d1c0d618f210a573ce96038e
ea518ce385aa454e58d10892b7053245bc5f0200b9fe16c47cfdd1ab355d061f
ebc6864388422f0526dd1be3d78d40f17410bbdaa50809606a7f017c4d347345
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ec73870a124df2d105249652c84da8f949bf73bcd5ca8ad6deca84b4fbd2e9d0
edf1011ad272d21b66ae82a21a9d029186dc81c9f13972203fc3107f75835d4b
ee6ffdd8c9cbb3735466a4da958a10e8280426b4479e8b5788212b1b82fe25f4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6ed28e5e26ebba4c6c19329aea432fba0c64c0f9fbfb321d4105072d2541363
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
fad7f3075c75555a19dd023c2317550688e7dd5be59b37cf12b6188cc9917a7b
fc7d5e41bfcae13c9f8d4ceb0c50f1a19b9ca02f68334f9f864ca4f36048412f
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe5f2a40422e9a55187b3204161cbce1ba1d03a2eb4fa971bd10451562fed99a
ff8f406b684c6674dbd3705d3f6d2cd10b5eedbc2c67a7773f235d69ef122d04

www.proofpoint.com Open in urlscan Pro 45.60.159.207 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

213 Requests

95 %HTTPS

0 %IPv6

40 Domains

59 Subdomains

43 IPs

4 Countries

3679 kBTransfer

8358 kBSize

64 Cookies

18 Outgoing links

Redirected requests

213 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.proofpoint.com Open in urlscan Pro
45.60.159.207 Public Scan

Screenshot
Live screenshot

Full Image

213
Requests

95 %
HTTPS

0 %
IPv6

40
Domains

59
Subdomains

43
IPs

4
Countries

3679 kB
Transfer

8358 kB
Size

64
Cookies

213 HTTP transactions
0 data transactions