www.varonis.com Open in urlscan Pro
45.60.154.169  Public Scan

16 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 78

• https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=1059589707 HTTP 307
• https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D1059589707

Request Chain 99

• https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
• https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
• https://segments.company-target.com/log?vendor=choca&user_id=AAIxYk7Ht5AAACEScfZVEw HTTP 303
• https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAIxYk7Ht5AAACEScfZVEw&verifyHash=2108bef7597245b8efbdd487a76d9628670dd0f5

Request Chain 107

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1675348014511&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2 HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D23300%252C4766249%26time%3D1675348014511%26url%3Dhttps%253A%252F%252Fwww.varonis.com%252Fblog%252Fpower-automate-data-exfiltration%26tm%3Dgtmv2%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1675348014511&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1675348014511&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&liSync=true&e_ipv6=AQKdU1G2hrvIzgAAAYYShfjwRRcNIAGkWcwyQ8bPwl4HKuMelrkcywsfUlbV3b4R4MjxoHo

Request Chain 114

• https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID HTTP 302
• https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=2853213917094208548 HTTP 302
• https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=2853213917094208548&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

125 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request power-automate-data-exfiltration Show response www.varonis.com/blog/	173 KB 47 KB	336ms 210ms	Document text/html	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 8490f4af6b81ec4daf828409ca90495864bedcd8275bc70ccf043862c60a2586 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control s-maxage=10800, max-age=0 cf-ray 79339aba8fd6bb4a-FRA content-encoding gzip content-security-policy upgrade-insecure-requests content-type text/html; charset=UTF-8 date Thu, 02 Feb 2023 14:26:53 GMT edge-cache-tag CT-65326053274,CT-66268097107,CT-66273490760,CT-66469717370,CT-66547768082,CT-66550280972,CT-99881042488,CG-740355147,P-142972,CW-96208974392,CW-96211538747,CW-96212523802,CW-96212951433,CW-96213126978,CW-96245579579,CW-97238715969,E-96208864691,E-96208978235,E-96211538746,E-96212567077,E-96212596044,E-96213126322,E-96213240931,E-96213272208,E-96213300764,E-96213917218,E-96214517767,E-96216577808,MENU-58181491309,MENU-80782729552,RA-96211823235,RA-96212481308,RA-96212747848,RA-96214109737,PGS-ALL,SW-2,GC-96226114154,GC-96707547488,GC-97247720850,GC-97335892342,GC-97859274366 etag W/"f669a5a69cf411c27e4676bce95d894d" last-modified Thu, 02 Feb 2023 01:24:57 GMT link </hs/hsstatic/HubspotToolsMenu/static-1.143/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} referrer-policy no-referrer-when-downgrade report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ci0iYCWlEvq34gaDGjDqvtzDbet2F3trGbllbPL%2BQH%2FvF8g2LLYojz04OcOBbqF5foGMr7opr75ggMCd1Yc5lddA%2FH8ghlWvOxnbSeh3Lir4FPNjDhOu%2Fw1dLuwlJ8ckLA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=31536000 vary Accept-Encoding x-cdn Imperva x-hs-cache-config BrowserCache-5s-EdgeCache-180s x-hs-cache-control s-maxage=10800, max-age=0 x-hs-cf-cache-status MISS x-hs-content-id 65326053274 x-hs-hub-id 142972 x-hs-prerendered Thu, 02 Feb 2023 01:24:57 GMT x-iinfo 14-144994166-144994183 NNNN CT(3 5 0) RT(1675348012771 45) q(0 0 0 0) r(1 1) U12
GET H2	200	index.js Show response www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.143/js/	10 KB 4 KB	52ms 50ms	Script application/javascript	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.143/js/index.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 9293649926b2fefcc745d0745f7069515068d051a0e5da1a8af0099fcbc2a285 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains last-modified Wed, 14 Dec 2022 14:39:49 GMT x-cdn Imperva etag W/"a058511f8075f32c8de21808866260c5" content-type application/javascript x-iinfo 14-144994166-0 0CNN RT(1675348012771 268) q(0 -1 -1 -1) r(0 -1) cache-control max-age=27221837, public content-length 3501 expires Thu, 14 Dec 2023 16:04:10 GMT
GET H2	200	project.js Show response www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/	1 KB 737 B	60ms 59ms	Script application/javascript	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains last-modified Tue, 09 Nov 2021 16:12:42 GMT x-cdn Imperva etag W/"61ca66de658cab9587e4636894680d5d" content-type application/javascript x-iinfo 14-144994166-0 0CNN RT(1675348012771 277) q(0 -1 -1 -1) r(0 -1) cache-control max-age=24048571, public content-length 556 expires Tue, 07 Nov 2023 22:36:24 GMT
GET H2	200	jquery-1.11.2.js Show response www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/	94 KB 33 KB	52ms 47ms	Script application/javascript	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 3d65f9e788f7ef78d0e1e40bdce42caf85b1c2b18d8eb1ecc358b113d01265d6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 08 Jan 2015 18:08:00 GMT x-cdn Imperva etag W/"5790ead7ad3ba27397aedfa3d263b867" content-type application/javascript x-iinfo 14-144994166-0 0CNN RT(1675348012771 285) q(0 -1 -1 -1) r(0 -1) cache-control max-age=24136773, public content-length 33218 expires Wed, 08 Nov 2023 23:06:26 GMT
GET H2	200	blog.min.css cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96213126322/1675216255813/hook-www-varonis-PBS/css/templates/	41 KB 6 KB	183ms 93ms	Stylesheet text/css	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96213126322/1675216255813/hook-www-varonis-PBS/css/templates/blog.min.css Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7c812a13ca023416e6259d521eedde079fecd16ebfeeb9e55c467fab921ff243 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 126022 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status PENDING x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Wed, 01 Feb 2023 01:50:58 GMT server cloudflare etag W/"2db0da9508a03508d8a954f48467f950" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * x-amz-meta-created-unix-time-millis 1675216257125 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eQgNqSVLVgbUocKQDZjJl67d3llkNhSK11%2BSQvk6eqc9LkgrQ%2B4lWOZ8Iq8nbtsOLDexIFY0Opcxt%2B6RNC1lzh49n%2BzPLc%2Bi4TDDH9P9TFMFb1exQzqmNIvRP3cWsYeggbDicov4E6CR%2B54UhXU%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abc78ef6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	css2 fonts.googleapis.com/	9 KB 1 KB	205ms 75ms	Stylesheet text/css	2a00:1450:400d:802::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Roboto+Mono:ital,wght@0,400;0,700;1,400;1,700&display=swap Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 3f11911fadb0cd958fe9b380cc6414fda8aa1fa2211d770728f8c46f5a9dc506 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 02 Feb 2023 14:26:53 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 02 Feb 2023 12:44:28 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 02 Feb 2023 14:26:53 GMT
GET H2	200	main.min.css cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96214517767/1675276216011/hook-www-varonis-PBS/css/	84 KB 17 KB	181ms 93ms	Stylesheet text/css	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96214517767/1675276216011/hook-www-varonis-PBS/css/main.min.css Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c82ae69adffb460b844246adbe12bf3ce53381741519c04da85c7907f13ba459 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 67158 x-amz-cf-pop IAD55-P5 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status PENDING x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Wed, 01 Feb 2023 18:30:18 GMT server cloudflare etag W/"7a0aeb4a99bef7c2410b4123147ff7fa" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * x-amz-meta-created-unix-time-millis 1675276217584 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fl11MqZAP6%2FNy5jclbPnhtfMfFetvjNSpy6BIgG%2Fkdr6rkEAEEsVqJSRq0eKSKoPKjnTTvj%2FUvChsU74b3bHvUCuuN7%2F5H5Ehu0b7AiJ0mwDAgFINpMqNIaOA29%2BUHL6DIcMg431f%2BUn8OfU2Yw%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abc78f36951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	fonts.min.css cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96208978235/1671725548578/hook-www-varonis-PBS/css/	4 KB 734 B	176ms 88ms	Stylesheet text/css	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96208978235/1671725548578/hook-www-varonis-PBS/css/fonts.min.css Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e93c3b6adf92f5c881be764cc1a501342826307e55e370545ce312bb04bbb36a Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279120 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 16:12:30 GMT server cloudflare etag W/"a74f4acc43e73f143525d13fc8e85a39" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671725549177 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AQJ6ny02vpIxm%2B6MqH812RmIDqU9X6cUSL66g%2BTpZu%2FBV3ECa8y5z2qG%2Bi%2FQdKmnVWAChYzvvD25oI19zG7W4qNn61KHn%2B%2B8LvtF%2FNuLWVhbn8EXtcKWvceBzbBKajpF50bKxCzkXhkqXuQWa%2BM%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abc78f66951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96213126978_Announcement_Banner.min.css cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96213126978/1671723022474/	1 KB 771 B	180ms 92ms	Stylesheet text/css	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96213126978/1671723022474/module_96213126978_Announcement_Banner.min.css Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b82914904dac6e1031e30b39b150812f963afa58df11c607160f41f0897cde6a Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279120 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:23 GMT server cloudflare etag W/"2448efcaf5097eeca9d1535d917ab331" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723022474 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iTsWc5Z%2FIF5ziUrAesI5yYURQ7j%2F9y3nQ%2FUCxRZ1Cvadimp6Wk8hZ2pXRDEnrSy2rbegEYB9XDxuZ3uAuUcHp1%2FcIEabHd48AYSDGi3OuW261G%2BRX4KUxPw%2BpGllJBKhxDksIYwpzEzEzB5u3a4%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abc78f76951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96212523802_Site_Nav_V2.min.css cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212523802/1671723031920/	415 B 592 B	178ms 90ms	Stylesheet text/css	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212523802/1671723031920/module_96212523802_Site_Nav_V2.min.css Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bd80c4171d07cffd4cd55230a36217c6f911b18de1090689acff11c9973ada3b Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279120 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:32 GMT server cloudflare etag W/"3d5b68f9d3cb1bbcab899379e00a4421" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723031920 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ic%2BF6OCk8464qMUxJ%2BSy3X2uhiqq%2BV8kTwneCjpGJQ%2Bxtpn9V0J2OPh8FtZarKIjgztUOgBr6YJXTyhhqgBXs7AzaWjy3vAa9JHDAtUTzZSLreCM%2BH%2B9BkDtW27hJiV%2BGcz%2FhaWgB2%2BKwHxG0vw%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abc78f96951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	LanguageSwitcher.css www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.11/sass/	1 KB 682 B	78ms 75ms	Stylesheet text/css	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.11/sass/LanguageSwitcher.css Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 5cf25b5cee1ed19c7b8167dbaff8ff494f2e5f185b607c84c78f3f0158939545 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains last-modified Tue, 10 Mar 2020 17:42:28 GMT x-cdn Imperva etag W/"116ce0ec359fc58e099de58c90ed35b9" content-type text/css x-iinfo 14-144994166-0 0CNN RT(1675348012771 296) q(0 -1 -1 -1) r(0 -1) cache-control max-age=24048571, public content-length 537 expires Tue, 07 Nov 2023 22:36:24 GMT
GET H2	200	module_96212951433_blog-form.min.css cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212951433/1671723022592/	3 KB 1 KB	213ms 126ms	Stylesheet text/css	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212951433/1671723022592/module_96212951433_blog-form.min.css Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279120 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:23 GMT server cloudflare etag W/"0beb1a886bb335c582b07556399b13e8" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723022592 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvwhBoz24CG5KJHcch1elgnqxi3mvSrCWmjWvxx0aoSiWEmj6cRQ969W39HJa9XtdNpkgwCcDjCecHPus7ZaDnqFYhqvQtQK5Zd0cQjCI1f6ADQJlDtlGpcDThoTQk%2BWViKncM%2BZrUjMROJX8Sk%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abc78fa6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96208974392_Blog_Sidebar_CTA.min.css cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96208974392/1672240070114/	853 B 1 KB	174ms 87ms	Stylesheet text/css	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96208974392/1672240070114/module_96208974392_Blog_Sidebar_CTA.min.css Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c1da9d4642eb970ef098894449a3b5f06044a28f9cf6b084e6ca5b64fda09496 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279120 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Wed, 28 Dec 2022 15:07:51 GMT server cloudflare etag W/"7f015bfea85e731d89eb674d85dd8a7d" vary Accept-Encoding access-control-allow-methods GET content-type text/css access-control-allow-origin * x-amz-meta-created-unix-time-millis 1672240070114 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QUiq6gUbSxTdm0STNAm%2FdAc1cBV8q%2BCdJsF1tgni4TZ7lRbw3PeTafUuPwfGmKfTRvKNiNLGw05GqOsESclqGkv%2BLPR1TSTZsYTDpObO2rTVWWMPhZxyjAmKRTKkB6MiH84qugWwoigrJCaxJPY%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abc78fb6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	plausible.js Show response plausible.io/js/	1 KB 1 KB	418ms 133ms	Script application/javascript	2400:52e0:1a00::894:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://plausible.io/js/plausible.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1a00::894:1 , Slovenia, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-IL1-894 / Resource Hash ae4216bfc85c99ffd32e7745f0d7d4cd5f57b714f3a4911176b8cd78a176c97c Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding br x-content-type-options nosniff cdn-edgestorageid 845 cdn-cachedat 02/02/2023 14:25:23 cdn-pullzone 682664 cross-origin-resource-policy cross-origin application 10.0.0.8 server BunnyCDN-IL1-894 cdn-proxyver 1.03 cdn-requestpullcode 200 vary Accept-Encoding, Accept-Encoding content-type application/javascript access-control-allow-origin * cdn-cache HIT cdn-uid 153cb5b1-399a-48ef-b5bf-098c03770254 cache-control public, max-age=3600 permissions-policy interest-cohort=() cdn-requestid 2a23b53c344ec16d46e08592e9147ca2 cdn-requestcountrycode DE cdn-status 200 cdn-requestpullsuccess True
GET H2	200	in.js Show response platform.linkedin.com/	509 KB 160 KB	167ms 44ms	Script text/javascript	2620:1ec:48:1::44 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://platform.linkedin.com/in.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:48:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Play / Resource Hash 3e4805c1cb17885636d08f1385a5d874316933fccf7f1bdd9548e25907b0b379 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:52 GMT content-encoding gzip nel {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true} x-cdn AZUR x-cdn-client-ip-version IPV6 x-cache TCP_HIT x-cdn-proto HTTP2 content-length 163381 x-li-uuid AAXzt51m2eFJbjb22iT5CA== server Play x-li-pop prod-lva1-x vary Accept-Encoding report-to {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true} content-type text/javascript; charset=UTF-8 x-li-fabric prod-lva1 cache-control public, max-age=3600 x-li-proto http/1.1 x-azure-ref 0LcjbYwAAAABUw7zVB273RaB9HKcSvcctRlJBMjMxMDUwNDE4MDQ5ADIyMjZhM2ViLTAxZTAtNDdiZi1hY2EyLTJiMDU4ZGZlYWQ3NQ== expires Thu, 2 Feb 2023 14:33:48 GMT
GET H2	200	eric-saraga-1.jpg info.varonis.com/hubfs/	9 KB 11 KB	887ms 522ms	Image image/webp	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hubfs/eric-saraga-1.jpg Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 54a02ee207b9ffea258d44ec388489cce13ab70fbbbd184b7bb248cd6ba5e9cc Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-68246728735,P-142972,FLS-ALL x-cdn Imperva x-amz-request-id EX5KNBV41J34ZNAY x-amz-server-side-encryption AES256 edge-cache-tag F-68246728735,P-142972,FLS-ALL x-iinfo 12-28752283-28752295 NNNN CT(8 6 0) RT(1675348013179 165) q(0 0 0 0) r(2 2) U5 x-amz-replication-status COMPLETED x-hs-https-only worker content-disposition inline; filename="eric-saraga-1.webp" x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 cf-bgj imgq:85,h2pri etag "4750d78c05bea94e00eec7761c09c611" vary Accept, Accept-Encoding access-control-allow-methods GET content-type image/webp access-control-allow-origin * x-amz-meta-created-unix-time-millis 1646950989425 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=31536000 via 1.1 d45e064f8c3e1035d136019303749e0e.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id krXxUVhhw6KO8oy6TGZiDeLG1.eOYF3X x-amz-cf-pop DFW57-P1 x-hs-alternate-content-type text/plain cf-polished qual=85, origFmt=jpeg, origSize=14867 x-cache RefreshHit from cloudfront cache-tag F-68246728735,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 9084 x-amz-id-2 PAkiz9Tb1jXDi0E9SaJ6lNGT+XJ2DfAy/iQ4ycQAoO66SPsAjpgcL5R9/wJn+XCk1Kdfr7ELWKQ= last-modified Thu, 10 Mar 2022 22:23:10 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xTAuxK0b35F6rKm8tofRozE1lhP5M2dkBfQlabrhFHAerLga0XpyNe2MlqCyfhiXC2KY1wadV4ju8Nrf3Wdqc254UBLAzmtsCzUcOzC1vL6nAgSsGjjzuVLsUNQRPI8hXLw%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 79339ac0a9e71f55-DEN x-amz-cf-id 6p_alFgxemL3bkFp9tzpRIDnphL5z3sG9sVJlsLMV84r9bd_CZlF_g==
GET H2	200	clock.svg 142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/images/	261 B 1 KB	191ms 87ms	Image image/svg+xml	2606:4700:4400::ac40:9ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/images/clock.svg Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 83f229b340a38177290c87de6089de00c226178f2c396cd16bb6b652f90463a8 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers content-encoding br x-amz-meta-cache-tag F-96213874047,FD-96213121421,P-142972,FLS-ALL age 1272853 x-amz-request-id 0REFKC7M9E62JQR8 x-amz-server-side-encryption AES256 edge-cache-tag F-96213874047,FD-96213121421,P-142972,FLS-ALL x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag W/"9da21bbdcb7bda8f614b22731a6a1661" vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723020458 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag none x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:53 GMT via 1.1 58dd513f0a53b3e6851a071cb857a706.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-version-id e4_EHb2_24wlhomDBkRuSSMzyhsBUxcS x-amz-cf-pop DUS51-C1 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-96213874047,FD-96213121421,P-142972,FLS-ALL x-amz-meta-index-tag none x-amz-storage-class INTELLIGENT_TIERING x-amz-id-2 rcaUdPZ9gR3WMLeLliy3ZyuqnzuUX0xD7TPgV0JyTPx8Oue4Mcfyai1/hrKpyl3/Dv99PdI8I4s= last-modified Thu, 22 Dec 2022 15:30:21 GMT server cloudflare cf-ray 79339abe8ea08fe8-FRA x-amz-cf-id War7fXPJgp_Fj1lZqEpnV5bW8H_DYctm1Ay5u1hQZDjbDdaTnNDSfA==
GET H2	200	Blog_PowerAutomate_BlogHero_FNL.png info.varonis.com/hs-fs/hubfs/	729 KB 731 KB	2020ms 1655ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hs-fs/hubfs/Blog_PowerAutomate_BlogHero_FNL.png?width=1245&name=Blog_PowerAutomate_BlogHero_FNL.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 4aa6cbf34c01e8f0a5d9839ed8bf05d27908b8c41b70ae35aec5959e9e69ef27 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-65330498995,P-142972,FLS-ALL x-cdn Imperva x-amz-request-id PGK1CS5P5QS4Z4NS x-amz-server-side-encryption AES256 edge-cache-tag F-65330498995,P-142972,FLS-ALL x-iinfo 12-28752283-28752297 NNNN CT(7 6 0) RT(1675348013179 166) q(0 0 0 3) r(2 15) U5 x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "720f06ebc0a4fcb8baa45ba7ae6e2984" vary Accept-Encoding access-control-allow-methods GET content-type image/png access-control-allow-origin * x-amz-meta-created-unix-time-millis 1643814395134 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:55 GMT strict-transport-security max-age=31536000 via 1.1 177fe113269515de0457522c3e847bb6.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id nrnFfdC4Jkol7tSMiRc5iRqTMRK6YHyV x-amz-cf-pop HEL50-C1 x-hs-alternate-content-type text/plain x-cache Miss from cloudfront cache-tag F-65330498995,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 746125 x-amz-id-2 +p4xFkbdRxCjzffEAnTYmWL2EpHKquz64g/y2iY9i2vZigjRJB8YaNJ9EUKM3ugUuZrBKqEm/T3QjyWHMznXog== last-modified Wed, 02 Feb 2022 15:06:36 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJ4wWSGeN99lnsV6ibUb6%2Ba43KgicPhg7I2VQZ2bACnTkHqvgTj%2FMx02QgDWeLIV8RL8uaJ4qXSjYCyiue2mSWUSvjAhQIAwecrcXxWWi1cehtqQl2OO2dV1ACtUlFjT9TE%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 79339ac0ac6d1f9a-DEN x-amz-cf-id z3Ga1xwSo9cmDwLLVkbMPkC-Ujne1ddoyuRKJUEj2GlnZIAPU-UFJg==
GET H2	200	killian-englert-200x200.jpg info.varonis.com/hubfs/Varonis_June2021/Images/	6 KB 8 KB	569ms 204ms	Image image/jpeg	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hubfs/Varonis_June2021/Images/killian-englert-200x200.jpg Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash cb70ad9ad7fd4869cbf60fa50f652d2959d028a61cf03768de8dfd0f37556892 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-49849033296,FD-49028151971,P-142972,FLS-ALL x-cdn Imperva age 51447 x-amz-request-id 9RDRC940D2M5EE2F x-amz-server-side-encryption AES256 edge-cache-tag F-49849033296,FD-49028151971,P-142972,FLS-ALL x-iinfo 12-28752283-28752299 NNNN CT(5 5 0) RT(1675348013179 169) q(0 0 0 4) r(0 0) U5 x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 cf-bgj imgq:85,h2pri etag "503fde766698dcedf5780f6de031270e" vary Accept-Encoding access-control-allow-methods GET content-type image/jpeg access-control-allow-origin * x-amz-meta-created-unix-time-millis 1625029493726 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=31536000 via 1.1 e5eb6c7f102110906ece71324dc7e664.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id vfR2dapHIio88waZQCsUqfmemydCLa5y x-amz-cf-pop DEN52-P3 x-hs-alternate-content-type text/plain cf-polished degrade=85, origSize=13154, status=webp_bigger x-cache RefreshHit from cloudfront cache-tag F-49849033296,FD-49028151971,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 6456 x-amz-id-2 VFllyZWCUD11Wo9Oh4k4tXi5CIAqJME5sKCgFm8pdnZpNIAt3lX1zLd//f+TvZhR2VJRRKsNuDw= last-modified Wed, 30 Jun 2021 05:04:54 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8uNZBHSme4pVQ9JzIgW9XEc0CioQ3pHtkNwsWMYn0VUAlulp7CHJuG1lLbOsqEMCyK3%2F%2F%2F9AJfjWYS9Ya1l0bU557tHo4c5fLY7X1mx4eRuvQ3ZlU1Zh0%2BnHmCmFX9PtAQ%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 79339ac0a9eb1f55-DEN x-amz-cf-id PkfznWtSn9d_g-oOxowi-BKlp4nmc0b7BVWk3I-MeF8gdOJteTJwCQ==
GET H2	200	nathan-coppinger.jpg info.varonis.com/hubfs/	8 KB 9 KB	1044ms 679ms	Image image/webp	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hubfs/nathan-coppinger.jpg Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash e85cf3579c5cf1f451d1f65902fa12530186b707f0c407ced72bb5cf45a9d7f2 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-68246079251,P-142972,FLS-ALL x-cdn Imperva x-amz-request-id 1C4FXEZR5B1QAN5N x-amz-server-side-encryption AES256 edge-cache-tag F-68246079251,P-142972,FLS-ALL x-iinfo 12-28752283-28752300 NNNN CT(5 5 0) RT(1675348013179 173) q(0 0 0 2) r(2 2) U5 x-amz-replication-status COMPLETED x-hs-https-only worker content-disposition inline; filename="nathan-coppinger.webp" x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 cf-bgj imgq:85,h2pri etag "be4997b6dbac7b88cf27720a745ed416" vary Accept, Accept-Encoding access-control-allow-methods GET content-type image/webp access-control-allow-origin * x-amz-meta-created-unix-time-millis 1646951015975 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=31536000 via 1.1 1a02ed973fa197a1dacf9e97520c66fa.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id 24fZA5drHI_p_muWRmdjbYZnlwX5Xo13 x-amz-cf-pop ORD53-C3 x-hs-alternate-content-type text/plain cf-polished qual=85, origFmt=jpeg, origSize=14186 x-cache RefreshHit from cloudfront cache-tag F-68246079251,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 7790 x-amz-id-2 D8DZYUUpOEmZ6aUcUjUYqJ8Q0Z7DjPma87aahvKW/SLAsICpHbW+oSTzYyM0ux4ATWeEiOvtc7c= last-modified Thu, 10 Mar 2022 22:23:36 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dFPAJItbciOkmAtPoqUdUzN4aV7QWrt%2B6yJYzw7B5uSfDR8sMz%2BF7K4WRVtCQA7CKMkh16b1xK7LXZ7zZp0axzZ3tXl7WP3jQgBvxOFHSt7vuSlj9fPrUjV1EyiNWXjKCw%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 79339ac0ad771f2a-DEN x-amz-cf-id FJ1JV4mXdd8Khed_vqyK8RZx4mjqewlBICWXaeYFuOymHbCz7O8Wug==
GET H2	200	cse.js Show response cse.google.com/	10 KB 4 KB	248ms 106ms	Script text/javascript	2a00:1450:400d:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cse.google.com/cse.js?cx=d594e21cf961c2c72 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:803::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software gws / Resource Hash 17b43f316a2f429c86875995a9b2e7d0d33ad965d5905f4e5f1422e8bd4bbfc8 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3481 x-xss-protection 0 accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64 server gws x-frame-options SAMEORIGIN report-to {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} content-type text/javascript; charset=UTF-8 cache-control private permissions-policy unload=() origin-trial AqRrpS1jM/HOs1rGR0CnXerKEP/QFz7qj9ApDSZqAO+0U+KcT/h/lxA6akW4ar0kT0V1bw5MD4t8O7L7OFwM5gUAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY3ODIzMzU5OX0= cross-origin-opener-policy-report-only same-origin-allow-popups; report-to="gws" expires Thu, 02 Feb 2023 14:26:53 GMT
GET H2	200	main.min.js Show response cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96212567077/1671725535717/hook-www-varonis-PBS/js/	10 KB 4 KB	91ms 91ms	Script application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96212567077/1671725535717/hook-www-varonis-PBS/js/main.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7d60e539caa4a8a752ee773f5a5b2402bdd384fc8e10fb994bc6545195208f4 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1246020 x-amz-cf-pop IAD55-P5 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 16:12:17 GMT server cloudflare etag W/"046b6b88aac855b08a7684cda7175d46" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671725536106 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ywryY3eREQ08s40zH%2FyJVrWlTgAMoQ%2FOYKazEvktI91uopztm1lKksIDtKUIAzjSwNUXOf7PYCqykZr4ncKT4K%2BdUdl0dnz9O9dDypDLU6FKj%2FdX4LMMcaCmLLr3Fk%2BTCfizd1nm4z%2FL9N1kY1s%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abdba7c6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96213126978_Announcement_Banner.min.js Show response cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96213126978/1671723021648/	796 B 1 KB	75ms 71ms	Script application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96213126978/1671723021648/module_96213126978_Announcement_Banner.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 39af86e2dd53ffb6556353df849d82858d5067433bf641be0f9df57c5ff7d6c0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279119 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:22 GMT server cloudflare etag W/"e57d077924b381424217fc1b5039d709" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723021648 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHV5nhqzVBgEySv0PosF%2Fc1wgAo5YZewFdmPekm4%2FeGlENm9254oANNbyySzFDak1%2FPICkUXv1K28oWMjgzvQykSyGLy2m%2FwQb%2BmwCYOxxCVpHtOaRdfA1TWy4YQVq5EhgK5058cHCrFirLYy0c%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abdeab26951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96212523802_Site_Nav_V2.min.js Show response cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212523802/1671723030977/	1014 B 762 B	77ms 72ms	Script application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212523802/1671723030977/module_96212523802_Site_Nav_V2.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee7b10183273f36d5b60f34362147c6258a435dec55c80892197b072201a9416 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279119 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:31 GMT server cloudflare etag W/"9003db52b98c7d701edcedcd234236c9" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723030977 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i5IBAOeXB9ti%2BFeWGKAFFHk%2F3N2iaUTqps1vKS6h6ETfQnAu7uPMEw2D6UL8HqBaCq12lbZ7G6IcPN1YT3GeiAhy2c6Wpk8OX5mx3WVxClx3ujL0V5K546l7OHNO5LDL%2FnbwmhwwF2SwN2jwE5A%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abdeab66951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_97238715969_Table_of_Contents_Sidebar_-_Global.min.js Show response cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97238715969/1672772721865/	785 B 822 B	78ms 73ms	Script application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97238715969/1672772721865/module_97238715969_Table_of_Contents_Sidebar_-_Global.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5c93211018c08cf8c90cd5fda1659a4c0751ba25b88ab8e9cf323e7dd96eb90f Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 759690 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status PENDING x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Tue, 03 Jan 2023 19:05:22 GMT server cloudflare etag W/"f5a6392cd5392ebe800c157047363f96" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1672772721865 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XWxsrYrOKH2NIMyC9zX%2BrzioX%2Bjil3BwgbNmY61X8wbMW1qgeR81fa2hzGDZFIdXRoT3ZgfSYcsj50DX5aUZv8uaEtqnMviQjr%2FSMSMRN%2FYEplJZueiyUwdGTZmKjsLAwhmpzj18BapPCerl8%2Bc%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abdeab86951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96212951433_blog-form.min.js Show response cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212951433/1671723021736/	232 B 470 B	80ms 76ms	Script application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212951433/1671723021736/module_96212951433_blog-form.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 341dd4c8f3942fbc7cb55e50b3373a6c33d6fc9e4bc603f717799b7d6e56c3b6 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279119 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:22 GMT server cloudflare etag W/"8de996219d63f41bc32d5668b73548b6" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723021737 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2F%2B2B44tOp2Rl2CpeZ%2FIv9fJqR67KFLZARbCP4sgiYwXZ5mq5vlyWCcW9dqMqh6tYvLxMGkoHMARsPQ%2BPZkLfFFsdvyfD4aZ4hkl8KNo181bOMbX82rGCBtTJHI%2FL0pNnUokuMP%2BNff7cMKrmk4%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abdeaba6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96208974392_Blog_Sidebar_CTA.min.js Show response cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96208974392/1672240069262/	888 B 732 B	74ms 70ms	Script application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96208974392/1672240069262/module_96208974392_Blog_Sidebar_CTA.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 61d8e83d5352cbda241c2cdc9f50e525c182e0fe3247b930d9fa9160d52c6d0e Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1277099 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Wed, 28 Dec 2022 15:07:50 GMT server cloudflare etag W/"cceffd2febcef43a8fcd0f08d34a9216" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1672240069262 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6uPuhPtS415VNAF8mk3UmsaM3wbdkZbVabAnBxSx0dKJ9ltUsaPMc1tp54z9BKwRFTBpKCEWBNmlaIalSkiolbEfHvOlSeOK%2FINlN4K8F%2Bx50RSGxqZAnJ%2B9O9cjEZFXoj%2BerGQHF1rB7sDuPc8%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abdeabe6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	blog.min.js Show response cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96213917218/1671725532364/hook-www-varonis-PBS/js/templates/	1 KB 1001 B	79ms 76ms	Script application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96213917218/1671725532364/hook-www-varonis-PBS/js/templates/blog.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cb32abe8353e282b3926fcd1f7ebb3bcabcab1ee6da8392fc855c2a4fa9d5658 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279119 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 16:12:13 GMT server cloudflare etag W/"1167cd69a0f7550d1d1f9253e5fed3e7" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671725532594 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0W2T1kAvHqN%2BWQx42yQDhrganV4jCGPL7yPIQPtf6LrU160pqJlpaqfHE2CyCd%2FP95tLS3HIO98ibNA0jgRUS6IFCn3Zs5NcRV1u57QM5IFZySqzIoOj9aDDjGZpKhnONuJMq4JBaF9nRoBEQxw%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abdeabf6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	jquery.toc.min.js Show response cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96216577808/1671725538389/hook-www-varonis-PBS/js/templates/	1 KB 987 B	71ms 67ms	Script application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96216577808/1671725538389/hook-www-varonis-PBS/js/templates/jquery.toc.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 549589 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 16:12:19 GMT server cloudflare etag W/"39e23085840845568c2de46aea67930a" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671725538389 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GbPjXL5Kn8LKHpSn4xIme8%2BEpwiaVuv72Hfy8xheeA0%2BBizv9S8tkXbkpAm6CQ4K4sgk%2BIF91E5Onux4hGbCne3ijp7lsf43Rk%2F9bEmCD6b91X%2F5yA60dM5wFeXo7IlZCoGW%2BuutVlU0Hnbb%2FtE%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abdeac06951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	142972.js Show response www.varonis.com/hs/scriptloader/	1 KB 701 B	60ms 57ms	Script application/javascript	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/hs/scriptloader/142972.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 2c29c4f2400f2d23465e8b5211a59c177b1ef42282c97f4ea9b793ef6c74e51e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSubDomains last-modified Thu, 02 Feb 2023 14:25:51 GMT x-cdn Imperva etag "e361ca53" content-type application/javascript;charset=utf-8 x-iinfo 14-144994166-144990718 2CNN RT(1675348012771 605) q(0 0 0 -1) r(0 0) cache-control max-age=46, public content-length 490 expires Thu, 02 Feb 2023 14:27:39 GMT
GET H2	200	_Incapsula_Resource Show response www.varonis.com/	147 KB 21 KB	59ms 56ms	Script application/javascript	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=676828940 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash 7c2fe690a3bb9e855a654a8ef0998924850f61c5af4b3685aba6cab95ea1912d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control no-cache, no-store content-encoding gzip x-robots-tag noindex content-length 21059 content-type application/javascript
GET H2	200	gtm.js Show response www.googletagmanager.com/	257 KB 85 KB	152ms 62ms	Script application/javascript	2a00:1450:4001:803::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 9ee13ec5a238f141114ca802453f1b33eb05afa1c97747cfaccdd00219c3bd5b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 86534 x-xss-protection 0 last-modified Thu, 02 Feb 2023 12:00:00 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 02 Feb 2023 14:26:53 GMT
GET H2	200	Graphik-Medium-Cy-Web.woff2 142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/fonts/	46 KB 47 KB	259ms 157ms	Font application/font-woff2	2606:4700:4400::ac40:9ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/fonts/Graphik-Medium-Cy-Web.woff2 Requested by Host: cdn2.hubspot.net URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96208978235/1671725548578/hook-www-varonis-PBS/css/fonts.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736 Request headers Referer https://cdn2.hubspot.net/ Origin https://www.varonis.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-96213439926,FD-96213689192,P-142972,FLS-ALL age 1272097 x-amz-request-id 0RE5W3S4Z1VM928H x-amz-server-side-encryption AES256 edge-cache-tag F-96213439926,FD-96213689192,P-142972,FLS-ALL x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "b1508d27f0878f1a2c67e3104acc6f04" vary Accept-Encoding access-control-allow-methods GET content-type application/font-woff2 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723020100 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag none x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:53 GMT via 1.1 172e63b20fb363ed969de28ae3937e20.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-version-id eSCTDVXf0rw7DtXiZ_P2UJ6HrlSlRwOe x-amz-cf-pop FRA2-C1 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-96213439926,FD-96213689192,P-142972,FLS-ALL x-amz-meta-index-tag none x-amz-storage-class INTELLIGENT_TIERING content-length 47393 x-amz-id-2 dY8K6nKh+u92O2ZwZknUV/oSNlzILGo1tiNRR/ig1BMAfvKPaTxNRL1d3fyoG3Tuy9Aocsn/uq0= last-modified Thu, 22 Dec 2022 15:30:21 GMT server cloudflare accept-ranges bytes cf-ray 79339abe8eb69232-FRA x-amz-cf-id SUqe0xibFTyUTTz6hmUHTm-t-sf7lnemfhT5qknK4XLJ3EDvLXcXJw==
GET H2	200	Graphik-Semibold-Cy-Web.woff2 142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/fonts/	47 KB 48 KB	272ms 170ms	Font application/font-woff2	2606:4700:4400::ac40:9ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/fonts/Graphik-Semibold-Cy-Web.woff2 Requested by Host: cdn2.hubspot.net URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96208978235/1671725548578/hook-www-varonis-PBS/css/fonts.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390 Request headers Referer https://cdn2.hubspot.net/ Origin https://www.varonis.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-96213121423,FD-96213689192,P-142972,FLS-ALL age 1416903 x-amz-request-id 16J0RF32M3P937NT x-amz-server-side-encryption AES256 edge-cache-tag F-96213121423,FD-96213689192,P-142972,FLS-ALL x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "912a296360c873da4d505fecc03d44a5" vary Accept-Encoding access-control-allow-methods GET content-type application/font-woff2 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723020452 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag none x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:53 GMT via 1.1 b17dca9c320b96e12b996848d121ffe4.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-version-id IoQ2r.Y1A_3CG0leJDPnn2OyxqBhPHZP x-amz-cf-pop DUS51-P2 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-96213121423,FD-96213689192,P-142972,FLS-ALL x-amz-meta-index-tag none x-amz-storage-class INTELLIGENT_TIERING content-length 48237 x-amz-id-2 /Np407MKx1XeguYQVsfM8sc9xaZjvVaQxjZ4tHJaDRfrZd3myaeh9MNYBFDJSuZxjZlOaWl5dfM= last-modified Thu, 22 Dec 2022 15:30:21 GMT server cloudflare accept-ranges bytes cf-ray 79339abe8eb79232-FRA x-amz-cf-id spnRg1vUadJMMoXdE7TKznlcnOPtc5PSW6GYFFhZxF3j-BaSEA8qNw==
GET H2	200	Graphik-Regular-Cy-Web.woff2 142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/fonts/	42 KB 43 KB	271ms 169ms	Font application/font-woff2	2606:4700:4400::ac40:9ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/fonts/Graphik-Regular-Cy-Web.woff2 Requested by Host: cdn2.hubspot.net URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96208978235/1671725548578/hook-www-varonis-PBS/css/fonts.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70 Request headers Referer https://cdn2.hubspot.net/ Origin https://www.varonis.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-96213662568,FD-96213689192,P-142972,FLS-ALL age 1272097 x-amz-request-id 0RE2GVM5WZ9JM6WN x-amz-server-side-encryption AES256 edge-cache-tag F-96213662568,FD-96213689192,P-142972,FLS-ALL x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "3c6b915f90783765fd47bc0e05b46078" vary Accept-Encoding access-control-allow-methods GET content-type application/font-woff2 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723020400 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag none x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:53 GMT via 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-version-id fRuzj7.1nN1vocc2A6bhnC1_0W.Fn8nR x-amz-cf-pop FRA56-P7 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-96213662568,FD-96213689192,P-142972,FLS-ALL x-amz-meta-index-tag none x-amz-storage-class INTELLIGENT_TIERING content-length 43329 x-amz-id-2 aH4CShep1x+3WPQzONgEsMqCgFxmbgFloxDTsnQmWyjTA3w+Jsj5sFpaJko1idAmN1yRZfM0sIk= last-modified Thu, 22 Dec 2022 15:30:21 GMT server cloudflare accept-ranges bytes cf-ray 79339abe8eb99232-FRA x-amz-cf-id Vn5BYMmNAmJTqSUYOFywjkrAmE_O7zxtmiYQx5d5s8zfXNOk7M2D6Q==
GET DATA	200 OK	truncated /	138 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 705ad0ca48bf5a9ff984245e776e70bc5335f2474b4ae0c43a7142176a8e68ab Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	bullet1.svg 142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis--gflores~40webstacks.com/images/bullets/	197 B 624 B	183ms 98ms	Image image/svg+xml	2606:4700:4400::ac40:9ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis--gflores~40webstacks.com/images/bullets/bullet1.svg Requested by Host: cdn2.hubspot.net URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96213126322/1675216255813/hook-www-varonis-PBS/css/templates/blog.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d1020c7c5fbc2aa49bdfc248dfebca490b1dd2be3282c909b6a9fb5fa6577b89 Request headers accept-language de-DE,de;q=0.9 Referer https://cdn2.hubspot.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers content-encoding br x-amz-meta-cache-tag F-75779877454,FD-75779701883,P-142972,FLS-ALL age 1056519 x-amz-request-id 902P84YC96B9DBPY x-amz-server-side-encryption AES256 edge-cache-tag F-75779877454,FD-75779701883,P-142972,FLS-ALL x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag W/"96e89016b9edf9d6938a114b8b8bd5df" vary Accept-Encoding access-control-allow-methods GET content-type image/svg+xml access-control-allow-origin * x-amz-meta-created-unix-time-millis 1654752150490 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag none x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:53 GMT via 1.1 88f858f045c3909fad9cebbada511aee.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-version-id PGHiqa5l5H8NWY4VgFLDNvkU6m.fvdJH x-amz-cf-pop FRA56-P4 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-75779877454,FD-75779701883,P-142972,FLS-ALL x-amz-meta-index-tag none x-amz-storage-class INTELLIGENT_TIERING x-amz-id-2 KHApD5CW/C5JJAPKDtifWfKYfPbPManUNMV6ty6uwiBIEPb3Z0NK+k/xlax3+EfWXHUnC6ZH9lI= last-modified Thu, 09 Jun 2022 06:32:11 GMT server cloudflare cf-ray 79339abe8ea38fe8-FRA x-amz-cf-id ujGS4hRcS-8wqMguHsCtO7trFYr6MKw6Bt2lRZ6C1LEa1QtA4I-YFw==
GET H2	200	Blog_SecurityRWD_202203_FNL.png info.varonis.com/hs-fs/hubfs/	143 KB 145 KB	659ms 314ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hs-fs/hubfs/Blog_SecurityRWD_202203_FNL.png?width=568&name=Blog_SecurityRWD_202203_FNL.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 14d6722e5f00f4ba56dd2f66281ba537b1dad467b54d57d29078eceebddcdb54 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=31536000 via 1.1 9557da2570df16242f84a67f254d7f30.cloudfront.net (CloudFront) cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-cdn Imperva x-amz-cf-pop IAD89-P1 cf-polished origSize=186170, status=vary_header_present x-amz-server-side-encryption AES256 edge-cache-tag F-70529508360,P-142972,FLS-ALL cache-tag F-70529508360,P-142972,FLS-ALL x-amz-storage-class INTELLIGENT_TIERING x-cache RefreshHit from cloudfront x-iinfo 12-28752283-28752302 NNNN CT(3 5 0) RT(1675348013179 177) q(0 0 0 1) r(1 1) U5 x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 146438 last-modified Wed, 18 Jan 2023 11:24:31 GMT cf-bgj imgq:85,h2pri server cloudflare etag "caf3703514adf8fb70e30034fad2d071" vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETA9lev2XshXo0uIKjA5J19f81WinJVIayQXAZUx99CHy3yYMs9OdVpTyz3RGDylrZoRyFhfxTcSkxJdGwPQaHUGUARQR5m6pLwSxOxo9%2B8hAHb6TE1FLyzBY2lhnA49ZIA%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 access-control-allow-credentials false accept-ranges bytes cf-ray 79339ac0ac7e8e98-DEN x-amz-cf-id rmrnV2fDwjnRxNJwujHqe04_1fcPTc1DDxTxFQhs2Jij_deBx8yX9A== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	Blog_BlogHero_AutomatedPostureManagement_202301_FNL.png info.varonis.com/hs-fs/hubfs/	169 KB 171 KB	1025ms 680ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hs-fs/hubfs/Blog_BlogHero_AutomatedPostureManagement_202301_FNL.png?width=568&name=Blog_BlogHero_AutomatedPostureManagement_202301_FNL.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 9214e46ae643d16a9bee530a65da6407c60bf4274e14e4412374bdbe8b1dfa14 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=31536000 via 1.1 040f8a2cdffe1cf7a35d28e06c3ed574.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-cdn Imperva x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 edge-cache-tag F-99891631878,P-142972,FLS-ALL cache-tag F-99891631878,P-142972,FLS-ALL x-amz-storage-class INTELLIGENT_TIERING x-cache Miss from cloudfront x-iinfo 12-28752283-28752304 NNNN CT(3 8 0) RT(1675348013179 179) q(0 0 0 0) r(2 5) U5 x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 173438 last-modified Wed, 01 Feb 2023 01:47:15 GMT server cloudflare etag "4a77e53f32aff99a71a2863804b893b4" vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VInCnBNCd2AfSDvQxfBBwwbexSwhl%2FcMrbE5Ore5WP7B%2FVbBthHnJ7oCnEl2lLtEks%2FpVsgQx0ChWvP888E%2F7szJ7PNvdEv8juojsYmI%2FG3OAZ0azz61sSIez4Snt0Y%2Bd88%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 access-control-allow-credentials false accept-ranges bytes cf-ray 79339ac0bfd6c7d5-DEN x-amz-cf-id 6lU0sPz5q-fv-tzR-nuyAa2Py1F3Vb2CMfKq0n8EfLNoRViRz2LgRA== x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET DATA	200 OK	truncated /	135 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 98afd206fa05914642f73c3d31ac4d02fa4718e8ecdaaa5ec494751cace9f62a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf-8
GET H2	200	Graphik-Bold-Cy-Web.woff2 142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/fonts/	47 KB 48 KB	199ms 116ms	Font application/font-woff2	2606:4700:4400::ac40:9ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/raw_assets/public/hook-www-varonis-PBS/fonts/Graphik-Bold-Cy-Web.woff2 Requested by Host: cdn2.hubspot.net URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96208978235/1671725548578/hook-www-varonis-PBS/css/fonts.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e78c8571835c19bd1a941799d68bc14b99413f2679d3410c41d1d4d3a00f50f4 Request headers Referer https://cdn2.hubspot.net/ Origin https://www.varonis.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-96214519388,FD-96213689192,P-142972,FLS-ALL age 328237 x-amz-request-id HYMD91BNK39CMMQ5 x-amz-server-side-encryption AES256 edge-cache-tag F-96214519388,FD-96213689192,P-142972,FLS-ALL x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "188f3225882f51f9eff1c090718bee01" vary Accept-Encoding access-control-allow-methods GET content-type application/font-woff2 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723020089 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag none x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:53 GMT via 1.1 5c0d26cafc949da4f2fa947ea21b4f74.cloudfront.net (CloudFront) cf-cache-status HIT x-amz-version-id .fHnHWJieW3sV_lZe4jRisx3gDfkdM5Y x-amz-cf-pop CDG52-P1 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-96214519388,FD-96213689192,P-142972,FLS-ALL x-amz-meta-index-tag none x-amz-storage-class INTELLIGENT_TIERING content-length 48457 x-amz-id-2 /kMqiCwWctei5j/4qCLAr/rnfGaoCEHfG9S4e4vP2iZR7PMU7BjdvDt7TdmYGBbvBfghao+JmS8= last-modified Thu, 22 Dec 2022 15:30:21 GMT server cloudflare accept-ranges bytes cf-ray 79339abe8eba9232-FRA x-amz-cf-id UpWnOYMDGS9LZnFGENi3hWUnNSENaEY_zQI9TBjxV1t8Io60hkggCw==
GET H2	200	L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0mQ.woff2 fonts.gstatic.com/s/robotomono/v22/	22 KB 22 KB	182ms 52ms	Font font/woff2	2a00:1450:400d:80a::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/robotomono/v22/L0xTDF4xlVMF-BfR8bXMIhJHg45mwgGEFl0_3vrtSM1J-gEPT5Ese6hmHSh0mQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Roboto+Mono:ital,wght@0,400;0,700;1,400;1,700&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f39f934bc7f7b1b4dfa532f4b38dac960a3a7ad6bb9789a412f03bdcb4abd9f5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.varonis.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Mon, 30 Jan 2023 07:49:50 GMT x-content-type-options nosniff age 283023 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 22168 x-xss-protection 0 last-modified Mon, 11 Jul 2022 18:56:28 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Tue, 30 Jan 2024 07:49:50 GMT
GET H2	200	img1-png.png info.varonis.com/hubfs/	341 KB 343 KB	1016ms 1010ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hubfs/img1-png.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 042466aaf7512d3e4a31ea6f78adfe639e92ded8c67cf4ae98ecd3e2e741e3c6 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-65330263887,P-142972,FLS-ALL x-cdn Imperva x-amz-request-id QY7SFJY1MJDD4M4E x-amz-server-side-encryption AES256 edge-cache-tag F-65330263887,P-142972,FLS-ALL x-iinfo 12-28752283-28752299 PNNN RT(1675348013179 201) q(0 0 0 0) r(2 9) U5 x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "7958d5dd58566ae95c1e029809f62618" vary Accept-Encoding access-control-allow-methods GET content-type image/png access-control-allow-origin * x-amz-meta-created-unix-time-millis 1643814877138 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:55 GMT strict-transport-security max-age=31536000 via 1.1 5ae6b1227c5565476676f5f1039b8206.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id nwRU8Jlax5Xny.Yiys9H6I47Xlqgmn2L x-amz-cf-pop HEL50-C1 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-65330263887,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 349027 x-amz-id-2 aTx+ZTaPnIjX99ntCwKyPe8dfwBhVmOXXTnNaoHkmM6ik/5528rjTQOVok6TPeL/ZegHM9SAPow= last-modified Wed, 02 Feb 2022 15:14:38 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p4h6sxRRjDHm3KSF%2FqFO8y%2BLWHFQnANuidTy%2FBvcdUDV2MydrRWjw8nVpe6ybrL3uAl95gdx7Cbo5vRwgTpsKR702rmV1Ehz9dEsZWrpmqtCJCLD1bC876ZVemHp%2F4HAs54%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 79339ac0da1b1f55-DEN x-amz-cf-id RKXXzpAasdUV3_RgA06SQpjHV8TYmv4NSYZgItKg_xkdnaBB5mPd5w==
GET H2	200	MicrosoftTeams-image-3.png info.varonis.com/hs-fs/hubfs/	99 KB 101 KB	828ms 823ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hs-fs/hubfs/MicrosoftTeams-image-3.png?quality=high&width=1002&name=MicrosoftTeams-image-3.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 33d970ca699683b656ad32aa6aa2433612a06aad0e8d8084613cc6c821482795 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-cdn Imperva x-amz-server-side-encryption AES256 edge-cache-tag F-65329810557,P-142972,FLS-ALL x-iinfo 12-28752283-28752295 PNNN RT(1675348013179 202) q(0 4 4 3) r(7 7) U5 x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "596a091027c2b9bbcc45061feaec5fc0" vary origin, Accept-Encoding x-amz-meta-created-unix-time-millis 1643814195087 content-type image/png cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=31536000 via 1.1 e418fd5667de46c635f0321ea814c2e0.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop IAD89-P1 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-65329810557,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 101048 last-modified Wed, 02 Feb 2022 15:03:16 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EW8VnYd3lX0UzANQN5%2Bxq2jZshPti%2B41Li8wY70%2FjJwvrIZPnRbxzdAyRS2rXcxLplLefSz359BVIDyfZ%2FcbmM2X139vBV6c7yX20%2FC0FWMUiIMRmPwdeGvMbB7891PWnvA%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-credentials false accept-ranges bytes cf-ray 79339ac2cc301f55-DEN x-amz-cf-id K1YGC84lPnhZtAR0mAyVaZ9jEzSbvbYkh_F3TRNGr_rJ6W13238DaA==
GET H2	200	img3-png.png info.varonis.com/hubfs/	222 KB 225 KB	1913ms 1908ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hubfs/img3-png.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 5f7807f53ce6922a5ef5423078085b2e018df0f1665c2cc229a58dac0a0226c3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-65330399083,P-142972,FLS-ALL x-cdn Imperva x-amz-request-id PGKAQ75A9WHQ422Y x-amz-server-side-encryption AES256 edge-cache-tag F-65330399083,P-142972,FLS-ALL x-iinfo 12-28752283-28752300 PNNN RT(1675348013179 320) q(0 4 4 0) r(17 17) U5 x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "61973ee15321734ac4785cd86ca0fc55" vary Accept-Encoding access-control-allow-methods GET content-type image/png access-control-allow-origin * x-amz-meta-created-unix-time-millis 1643814899220 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:55 GMT strict-transport-security max-age=31536000 via 1.1 52e9ff09c55e90b0ce0815fde7edef3c.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id 9a9Yya6i6aKqUfMqBRcai26D0_VXqR4D x-amz-cf-pop HEL50-C1 x-hs-alternate-content-type text/plain x-cache Miss from cloudfront cache-tag F-65330399083,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 227795 x-amz-id-2 xxOMXT1/sgMgGOQBi3RpCWixZtvZN6HgqZl0HJkGhjRWVLMZSKNKH+g+63bCopOj7LL7hkeMtnI= last-modified Wed, 02 Feb 2022 15:15:00 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qvi6aijo6HEolhVwS%2Fhf%2FAIGKkXfZTYBssaDIKpCgQ5lxvlrLunmwS5YrgeUiW%2FOPxgH79P%2F08eBZIoS79GPGVMCvXQPq2waqJFJt2Y0bSRH3xrTI%2BQLNrezRLYBj8D0hB0%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 79339ac3884a1f2a-DEN x-amz-cf-id mnDoavH9u6qmRnZiv0WxWWB-hPO290kvWVZViAHFqcO5Atc1KWlOIQ==
GET H2	200	img4-png.png info.varonis.com/hubfs/	36 KB 38 KB	1782ms 1776ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hubfs/img4-png.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 00278a453914097eee273e1a0b21a14d0a54603c66f7f6d80d518458284a7da8 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-65332189239,P-142972,FLS-ALL x-cdn Imperva x-amz-request-id 0KJ0J6273SN8647H x-amz-server-side-encryption AES256 edge-cache-tag F-65332189239,P-142972,FLS-ALL x-iinfo 12-28752283-28752302 PNNN RT(1675348013179 323) q(0 3 3 1) r(13 13) U5 x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "469b7e2843c1ad60d31e87a9eefb2580" vary Accept-Encoding access-control-allow-methods GET content-type image/png access-control-allow-origin * x-amz-meta-created-unix-time-millis 1643814934655 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:55 GMT strict-transport-security max-age=31536000 via 1.1 71208833688838f959b0e70682af50b2.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id C8JynRNsXnOH_aZ5OcswSJhEpdW2lzVg x-amz-cf-pop HEL50-C1 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-65332189239,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 37016 x-amz-id-2 9NidmiO24xnDGBvyNYN/UH44VHFsN8q5Fv4zDFUv/s8zqxZU2Zyh89cvdLr3wot3u8tx7PXYw7I= last-modified Wed, 02 Feb 2022 15:15:35 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V27zF7m%2BW6oA%2FbU8aP5GL%2FY1WAHGqcsFU7C%2FbVYJBIgiGlAAMHzkNxPUYgo9JhAZRkjDv3RSQCeGXBs4D4ape9UaNX4OV5mowWfYzehMlKkjfWRDz8yASYWBDFMJVxl0KgU%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 79339ac37ec28e98-DEN x-amz-cf-id k4YK4zol0nVpSeNyAw86eexsAnJwgm0l_3ZsPFdTH3vMuNa4vvtI0w==
GET H2	200	img5-png.png info.varonis.com/hubfs/	40 KB 42 KB	1439ms 1433ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hubfs/img5-png.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash d6565a1bd1d49a65db10a0462a849777279d835b0056c40df63882ad8f87ee98 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-meta-cache-tag F-65330399235,P-142972,FLS-ALL x-cdn Imperva x-amz-request-id 0KJ9TAGQZXFQW010 x-amz-server-side-encryption AES256 edge-cache-tag F-65330399235,P-142972,FLS-ALL x-iinfo 12-28752283-28752304 PNNN RT(1675348013179 324) q(0 3 3 0) r(11 11) U5 x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "f2ddf266befc20b70c8ae18a5af91204" vary Accept-Encoding access-control-allow-methods GET content-type image/png access-control-allow-origin * x-amz-meta-created-unix-time-millis 1643814940072 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:55 GMT strict-transport-security max-age=31536000 via 1.1 b41c5c36f8ef3fb3917c7ce9f7687196.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-version-id 2yporWCEaPN0dtoOVRacAQw1cHOfSSJR x-amz-cf-pop HEL50-C1 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-65330399235,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 41199 x-amz-id-2 Z5c2H5lWhTrFsIici3hPaA1XnttbpZcMT5A9WgezbL98u47aqwzydUC6i2cuDPIQjoQv21aVmWQ= last-modified Wed, 02 Feb 2022 15:15:41 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4NEqs%2F%2Fhc5%2BeLEkQMvE7eTxRz7liS0My%2Bh7w73oyhximUaalHvNd7mWp0EToRd8UuoyEJZDWrjXUOf%2F8MjB4bFfOCbef23ssp4IP0DcJetp%2FMax7cLOrhohvsxB5QdQMpF8%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 79339ac3c939c7d5-DEN x-amz-cf-id 0i1LuCkZ0IPUDrUl15O28-tmJbT9ZVuQ1ecxvM_wiVpxsMt7cmk7Yw==
GET H2	200	img6-png-1.png info.varonis.com/hs-fs/hubfs/	619 KB 621 KB	1243ms 1237ms	Image image/png	45.60.150.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://info.varonis.com/hs-fs/hubfs/img6-png-1.png?quality=high&width=1935&name=img6-png-1.png Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.150.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 5e55452233b43f3b87f7de71f06eead6a103165b1989fe8a9ca834caca8976d5 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-cdn Imperva x-amz-server-side-encryption AES256 edge-cache-tag F-65332191277,P-142972,FLS-ALL x-iinfo 12-28752283-28752295 PNNN RT(1675348013179 325) q(0 5 5 1) r(7 7) U5 x-amz-replication-status COMPLETED x-hs-https-only worker x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 etag "2bc65867168b9faba8340afe051e90de" vary origin, Accept-Encoding x-amz-meta-created-unix-time-millis 1643815610939 content-type image/png cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 x-robots-tag all x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15 date Thu, 02 Feb 2023 14:26:55 GMT strict-transport-security max-age=31536000 via 1.1 349b149961d8d2361c29d4be4b5847f2.cloudfront.net (CloudFront) cf-cache-status MISS nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-amz-cf-pop IAD89-P1 x-hs-alternate-content-type text/plain x-cache RefreshHit from cloudfront cache-tag F-65332191277,P-142972,FLS-ALL x-amz-meta-index-tag all alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 634084 last-modified Wed, 02 Feb 2022 15:26:52 GMT server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FPNWUgcEinYx5f%2FzJieGZ4DicaYI7bUwBZkbwRsl0VisRqCC%2Fb%2FZaSdQZ1LYGC1doiWWBQyO0KCJGeVeyEXmRLVMMHYqf2ce4lRabCkGhgVKZKUJXaqUPpNwSThg9gYgzpo%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-credentials false accept-ranges bytes cf-ray 79339ac4ddfc1f55-DEN x-amz-cf-id gi0mlu32ZQcd865MEdpjNhueZ0EbfdEAFGcSOis2kZH_QyKLmiVJEA==
GET H2	200	cse_element__en.js Show response www.google.com/cse/static/element/6cb65d33d738e8fe/	304 KB 101 KB	192ms 62ms	Script text/javascript	2a00:1450:400d:80c::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/cse/static/element/6cb65d33d738e8fe/cse_element__en.js?usqp=CAI%3D Requested by Host: cse.google.com URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6d0bd2559fe211ed2277e68b320a39b65e98834fd5c9e86df6c941c36b5bb24a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Wed, 01 Feb 2023 22:10:06 GMT content-encoding gzip x-content-type-options nosniff age 58608 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 103749 x-xss-protection 0 last-modified Tue, 24 Jan 2023 19:47:03 GMT server sffe vary Accept-Encoding report-to {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="prose-team" expires Thu, 01 Feb 2024 22:10:06 GMT
GET H2	200	default+en.css www.google.com/cse/static/element/6cb65d33d738e8fe/	41 KB 9 KB	184ms 55ms	Stylesheet text/css	2a00:1450:400d:80c::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/cse/static/element/6cb65d33d738e8fe/default+en.css Requested by Host: cse.google.com URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2b0789c3ab7df1f2580e95bb47eb5bb6dc19b4fc5a91b1f1ae1d9484dab534a9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Wed, 01 Feb 2023 00:41:17 GMT content-encoding gzip x-content-type-options nosniff age 135937 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 9086 x-xss-protection 0 last-modified Tue, 24 Jan 2023 19:47:03 GMT server sffe vary Accept-Encoding report-to {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]} content-type text/css cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="prose-team" expires Thu, 01 Feb 2024 00:41:17 GMT
GET H2	200	minimalist.css www.google.com/cse/static/style/look/v4/	5 KB 2 KB	183ms 54ms	Stylesheet text/css	2a00:1450:400d:80c::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/cse/static/style/look/v4/minimalist.css Requested by Host: cse.google.com URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 13:57:34 GMT content-encoding gzip x-content-type-options nosniff age 1760 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1452 x-xss-protection 0 last-modified Mon, 25 May 2020 08:30:00 GMT server sffe vary Accept-Encoding report-to {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]} content-type text/css cache-control public, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="prose-team" expires Thu, 02 Feb 2023 14:47:34 GMT
GET H2	200	all.js Show response connect.facebook.net/en_GB/	3 KB 2 KB	143ms 41ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_GB/all.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 89cffbe2e8475b3cb924b00d12b404029ecff62971b4cc74f8a9a10e39270ad2 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Thu, 02 Feb 2023 14:26:53 GMT content-md5 5QnOlUhg4CX3ydRovcM9tQ== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 1686 x-fb-rlafr 0 x-fb-debug 0ILN/lLv9g5zt7M7Ybw2Re1/Hyrmq9HlzzXIKWZ2L7jhjoi8L3l8+LbcbUx3U8sdXG6nH0l2QzQF7HIxlVF5yQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 686109401 x-fb-content-md5 e9a232bb065da10b7973410fd566775a cross-origin-opener-policy same-origin-allow-popups etag "5e4c331d4bd30357c79bc7620504348b" vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 access-control-allow-origin * origin-agent-cluster ?0 access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=1200,stale-while-revalidate=3600 x-frame-options DENY timing-allow-origin * expires Thu, 02 Feb 2023 14:41:10 GMT
GET H/1.1	200 OK	widgets.js Show response platform.twitter.com/	91 KB 28 KB	170ms 40ms	Script application/javascript	2606:2800:234:46c:e8b:1e2f:2bd:694 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://platform.twitter.com/widgets.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6738) / Resource Hash 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Thu, 02 Feb 2023 14:26:54 GMT Content-Encoding gzip Age 1416 X-Cache HIT P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Server-Timing x-cache;desc= HIT,x-tw-cdn;desc=VZ Content-Length 27630 x-amzn-internal-status 304 Last-Modified Tue, 24 Jan 2023 21:41:51 GMT Server ECS (frb/6738) Etag "9e99725b7a4cd730a934afba2a438bb5+gzip" Access-Control-Max-Age 3000 Access-Control-Allow-Methods GET Content-Type application/javascript; charset=utf-8 Access-Control-Allow-Origin * x-tw-cdn VZ Cache-Control public, max-age=1800 Vary Accept-Encoding
GET H2	200	main.min.js cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96212567077/1671725535717/hook-www-varonis-PBS/js/	10 KB 4 KB	73ms 73ms	Other application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96212567077/1671725535717/hook-www-varonis-PBS/js/main.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7d60e539caa4a8a752ee773f5a5b2402bdd384fc8e10fb994bc6545195208f4 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1246020 x-amz-cf-pop IAD55-P5 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 16:12:17 GMT server cloudflare etag W/"046b6b88aac855b08a7684cda7175d46" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671725536106 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6sr1l8gUzm7hv%2Bd8jVoizhzvfcfvz%2FWWw4C5NqU%2BuEk89s3hMafJ4PTbLX%2BQmSEYB2deJkt09DMZ7A5ejE%2BrXwkf7cOFk2bbarDEqTRDyvmo7As0BKHuEmXSr0GeUVDcMSPUZz86Oeafcv698w%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abeebdc6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96213126978_Announcement_Banner.min.js cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96213126978/1671723021648/	796 B 736 B	76ms 74ms	Other application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96213126978/1671723021648/module_96213126978_Announcement_Banner.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 39af86e2dd53ffb6556353df849d82858d5067433bf641be0f9df57c5ff7d6c0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279119 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:22 GMT server cloudflare etag W/"e57d077924b381424217fc1b5039d709" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723021648 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42Dy2Nb2FiapCPTessjmN%2FTfxA2TQ%2Ba2Ao%2FinuTziCF3kLO2d%2F7vIPbko%2F%2B7bqj5Zc6AzP55oghBMsM8jnbB1Vue6AuC7JfDCEybS%2BaPQ%2F3SaRabzy1QfsRPh7wgdpqiu8Mtjqnh%2BQGzNz7xiTg%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abeebdd6951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96212523802_Site_Nav_V2.min.js cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212523802/1671723030977/	1014 B 755 B	73ms 72ms	Other application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212523802/1671723030977/module_96212523802_Site_Nav_V2.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee7b10183273f36d5b60f34362147c6258a435dec55c80892197b072201a9416 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279119 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:31 GMT server cloudflare etag W/"9003db52b98c7d701edcedcd234236c9" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723030977 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AuuNy2pMfTbHf2FXjcvFNzJ%2BEPYfoSgWwXnGxxAXm64tQ2VoQi%2BCsz1a%2Fmpekbt23fA4PAatF3TcC6didJmOAHr6Fbg3fKUmqecp7gIUFyehtDhevCJ2o148jnH4kwPOPQcn4MmZQ4ZzeOOoAxo%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abeebe16951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96212951433_blog-form.min.js cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212951433/1671723021736/	232 B 452 B	74ms 73ms	Other application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96212951433/1671723021736/module_96212951433_blog-form.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 341dd4c8f3942fbc7cb55e50b3373a6c33d6fc9e4bc603f717799b7d6e56c3b6 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279119 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 15:30:22 GMT server cloudflare etag W/"8de996219d63f41bc32d5668b73548b6" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671723021737 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PInrgTR5uIo3RONVunC8e%2BGc%2FXm8Lhqq%2FAeYP%2F0LXhbveDdNOAUCRaeZM1fnjH6gmKqzfCscrvo9UOfULhs2jHyCRrCZmoCNTB8ZTyKIzkfMmqvMQc%2FGzX5WGIBLv1908aoiCXoI3z0WpdsX%2FC0%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abeebe26951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	module_96208974392_Blog_Sidebar_CTA.min.js cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96208974392/1672240069262/	888 B 1 KB	67ms 66ms	Other application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96208974392/1672240069262/module_96208974392_Blog_Sidebar_CTA.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 61d8e83d5352cbda241c2cdc9f50e525c182e0fe3247b930d9fa9160d52c6d0e Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1277099 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Wed, 28 Dec 2022 15:07:50 GMT server cloudflare etag W/"cceffd2febcef43a8fcd0f08d34a9216" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1672240069262 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eq7BJHJjKr3%2F%2FoHWfZjPBiHIRdWX0uAlwCs0bXvJ9EtlB%2FOmqm8lzbP2Tidg5tF5wqproNuT7V6rstKMdJJx4yq5nBCdusxPaOsNO9S6jhqP53PtHyEbA0b2Z0neiuLSZ4WA7cht6bZZv3pEx3U%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abeebe46951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	blog.min.js cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96213917218/1671725532364/hook-www-varonis-PBS/js/templates/	1 KB 991 B	83ms 83ms	Other application/javascript	2606:4700::6811:f2cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/96213917218/1671725532364/hook-www-varonis-PBS/js/templates/blog.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:f2cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cb32abe8353e282b3926fcd1f7ebb3bcabcab1ee6da8392fc855c2a4fa9d5658 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:53 GMT content-encoding br cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1279119 x-amz-cf-pop IAD89-P1 x-amz-server-side-encryption AES256 x-hs-alternate-content-type text/plain x-amz-storage-class INTELLIGENT_TIERING x-amz-replication-status COMPLETED x-hs-cf-lambda us-east-1.enforceAclForReadsProd 15 last-modified Thu, 22 Dec 2022 16:12:13 GMT server cloudflare etag W/"1167cd69a0f7550d1d1f9253e5fed3e7" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript; charset=utf-8 access-control-allow-origin * x-amz-meta-created-unix-time-millis 1671725532594 cache-control s-maxage=1814400, max-age=1209600, stale-while-revalidate=900 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uWGmU5NPPVxwSJuQUNCOa9LeNO6ziKhiqQdKfioZSI5muG4CvkXNF5PnVqH1ni6IcOIrFBdaTmWTAtOtvUoBHM2e8FflEQZike0ZymjjZiL4r8FDO9pH%2BRiilav4xdSaWbQFngfV58%2BlUDsfPUc%3D"}],"group":"cf-nel","max_age":604800} cf-ray 79339abeebe56951-FRA x-hs-cf-lambda-enforce us-east-1.enforceAclForReadsProd 15
GET H2	200	142972.js Show response js.hs-analytics.net/analytics/1675347900000/	65 KB 20 KB	308ms 222ms	Script text/javascript	2606:4700::6811:43b0 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-analytics.net/analytics/1675347900000/142972.js Requested by Host: www.varonis.com URL: https://www.varonis.com/hs/scriptloader/142972.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 393b0becc23ba36fa164dfbf272bc92694e9762562efe2d621f7de2919e80144 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT x-amz-version-id null content-encoding br cf-cache-status MISS x-amz-request-id M17VFYQFH62TGSS5 x-amz-server-side-encryption AES256 x-amz-id-2 eo0R2Nz0OTKJkMnuGaJKCZJMxu8058rY4UvCct2HYojwnnryA72NqceTh1YswYHm+HrZmMCyiUc= last-modified Tue, 31 Jan 2023 15:17:02 GMT server cloudflare etag W/"600c34eade3b3a2414708ffc25735ef4" vary origin, Accept-Encoding content-type text/javascript cache-control max-age=300, public access-control-allow-credentials false cf-ray 79339abfbd7b9b9e-FRA expires Thu, 02 Feb 2023 14:31:54 GMT
GET H2	200	conversations-embed.js Show response js.usemessages.com/	73 KB 21 KB	141ms 51ms	Script application/javascript	2606:4700::6811:eccc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.usemessages.com/conversations-embed.js Requested by Host: www.varonis.com URL: https://www.varonis.com/hs/scriptloader/142972.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:eccc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a2937f3299d73f3d0c53f0b73b582b3ff16495bf9efc133f3195dcc5c2341ed2 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT x-amz-version-id taqgEgnsrT5tsXCQJYBxI5iw6YGfjof_ via 1.1 76e55a2361219fb19722e949475d1844.cloudfront.net (CloudFront) cf-cache-status HIT content-encoding br x-amz-cf-pop IAD12-P3 age 70 x-amz-server-side-encryption AES256 content-security-policy-report-only frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=conversations-embed/static-1.12020/bundles/project.js&cfRay=7933990adaea911e-IAD x-cache Hit from cloudfront cache-tag staticjsapp-conversations-embed-web-prod,staticjsapp-prod x-amz-replication-status COMPLETED last-modified Wed, 01 Feb 2023 11:33:55 UTC server cloudflare etag W/"34276ce78542d549ceeb934446d38e5a" vary Accept-Encoding content-type application/javascript; charset=utf-8 x-hs-cache-status HIT cache-control max-age=600 cf-ray 79339abffefe9ba4-FRA x-amz-cf-id VAfgCalGsD-UOWrm3D2xj0y8E2-K2K-QteHCEkRhGtyzJtCNam4Llg== x-hs-target-asset conversations-embed/static-1.12020/bundles/project.js
GET H2	200	142972.js Show response js.hs-banner.com/	66 KB 17 KB	149ms 55ms	Script text/javascript	2606:4700:4400::ac40:9a55 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/142972.js Requested by Host: www.varonis.com URL: https://www.varonis.com/hs/scriptloader/142972.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d7bebaff4227ac90bc8794cf99cab76bbe725bf598a10fb5085397384d3487bc Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT x-amz-version-id A2k1ZJxBCq6IocoBDEnjnBVR.pmEYH9E content-encoding br cf-cache-status HIT x-amz-request-id 5Y6MCJD3H6HA7MM0 age 145 x-amz-server-side-encryption AES256 x-amz-id-2 aundZGChcvjYehJ/akbv3/pZZ4+BscNCljFACqNrE45MJ40A70rIRhdMw2INRafKr+8uKZQRoc8= last-modified Tue, 17 Jan 2023 01:23:06 GMT server cloudflare etag W/"204731fa97b640d40bfbd68d3bcee7bd" access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type text/javascript; charset=UTF-8 access-control-allow-origin https://www.varonis.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing cache-control max-age=300, public access-control-allow-credentials true vary origin, Accept-Encoding timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 79339ac05bb75c20-FRA expires Thu, 02 Feb 2023 14:29:29 GMT
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Content-Type image/png
GET H2	200	_Incapsula_Resource www.varonis.com/	1 B 36 B	42ms 41ms	Image text/plain	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Show image Full URL https://www.varonis.com/_Incapsula_Resource?SWKMTFSR=1&e=0.38742359165622653 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains cache-control no-cache, no-store x-robots-tag noindex content-length 1 content-type text/plain
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	131ms 43ms	Script text/javascript	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Thu, 02 Feb 2023 12:54:50 GMT last-modified Tue, 10 Jan 2023 21:29:14 GMT server Golfe2 age 5524 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20085 expires Thu, 02 Feb 2023 14:54:50 GMT
GET H2	200	/ Show response googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/	2 KB 1 KB	161ms 57ms	Script text/javascript	2a00:1450:4001:812::2002 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/?random=1675348013983&cv=11&fst=1675348013983&bg=ffffff&guid=ON&async=1&gtm=2wg1u0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tiba=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&uamb=0&uaw=0&rfmt=3&fmt=4 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash 3aa8cf300724daf2c2f2e604f80b17be47a72e7aaec295a8720014f3b29d4b6b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT content-encoding br x-content-type-options nosniff server cafe content-type text/javascript; charset=UTF-8 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" cache-control no-cache, must-revalidate cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 919 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	23 KB 8 KB	165ms 41ms	Script application/javascript	2a04:4e42:600::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash cda252dc01c656d59193d8d696f26c3e95f10b87711e2413e28362532bae984a Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Mon, 23 Jan 2023 21:56:14 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "03d5db9dfd00a5719bb4c9261e6fa1bb" vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 7356
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	83 KB 32 KB	466ms 116ms	Script application/x-javascript	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1DD2) / Resource Hash 1ae740ebbe1a0c68cdf60b2d5df40126d47e6c69d19bf794b8a99ad5ceb81992 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding gzip last-modified Thu, 02 Feb 2023 06:03:19 GMT server ECS (nyb/1DD2) age 4061 etag "2c2dbdccc36d91:0" vary Accept-Encoding x-cache HIT content-type application/x-javascript cache-control max-age=86400 accept-ranges bytes content-length 32316
GET H2	200	LB4pGhMk.min.js Show response tag.demandbase.com/	67 KB 19 KB	150ms 46ms	Script application/javascript	108.138.17.47 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tag.demandbase.com/LB4pGhMk.min.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 108.138.17.47 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-108-138-17-47.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 36e8d386092daf7c48d812345f0db0699fa215437d59cd4be5766bfe56cf36e9 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-amz-version-id A1cslOWAe4Ba20Ya.qLlyJ_JVLhJcFHZ content-encoding gzip via 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront) date Thu, 02 Feb 2023 14:20:52 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-amz-cf-pop FRA56-P7 age 374 x-cache Hit from cloudfront last-modified Wed, 26 Oct 2022 08:58:18 GMT server AmazonS3 etag W/"aeb3fbef64bf065ba940cdbc1dd849a2" vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control public, max-age=3600 permissions-policy accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=() x-amz-cf-id tSWlSipuKgin6oFsUEqYQ_KFOjOoQj1YLgMRliDta1v_HHOSXogWNw==
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	106 KB 28 KB	41ms 40ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash c1e56ad863615fc191d80d7807852db95e57579f6535186d83d04ecdebef5236 Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 02 Feb 2023 14:26:54 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 27843 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug XUV6kL4DuMj21MLELDGlPeiRrX20J5qqd49WLUojM8W2wLsM6hOae8SUrfI6/p/61iHQhhj4hEVachnycpggUQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 686109401 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	142972.js Show response js.hs-scripts.com/	1 KB 832 B	157ms 53ms	Script application/javascript	2606:4700::6811:d6cc CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-scripts.com/142972.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:d6cc , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c29c4f2400f2d23465e8b5211a59c177b1ef42282c97f4ea9b793ef6c74e51e Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding br cf-cache-status HIT x-hubspot-correlation-id fe871f58-ae04-41cb-a546-52e6ff48ff58 age 10 cf-polished origSize=1417 cf-bgj minify last-modified Thu, 02 Feb 2023 14:26:44 GMT server cloudflare x-trace 2BE16505672391C5307BA371858303130E578EC7F6000000000000000000 access-control-max-age 3600 vary origin, Accept-Encoding content-type application/javascript;charset=utf-8 access-control-allow-origin https://www.varonis.com cache-control public, max-age=60 access-control-allow-credentials true cf-ray 79339ac17e3891dd-FRA expires Thu, 02 Feb 2023 14:27:54 GMT
GET H2	200	sl.js Show response scout-cdn.salesloft.com/	6 KB 3 KB	196ms 48ms	Script application/javascript	2606:4700::6812:df5a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://scout-cdn.salesloft.com/sl.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:df5a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT x-amz-version-id 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc content-encoding br cf-cache-status HIT strict-transport-security max-age=0 x-amz-request-id T6PEEJ4YHQPP2VC5 age 2212 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-id-2 FmkYlW+e9TViiNHj1Uo71Xi6OHku5/16lKyRzxV/LN2S4wnxpewyFpYzmzK3HjahmlGOqyVHOo8= last-modified Mon, 13 Dec 2021 16:28:37 GMT server cloudflare etag W/"d74cc4825c8e333b2116da3fcc649db1" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control public, max-age=14400 cf-ray 79339ac20924371d-FRA expires Thu, 02 Feb 2023 18:26:54 GMT
GET H/1.1	200 OK	events.js Show response tags.srv.stackadapt.com/	17 KB 6 KB	481ms 118ms	Script text/javascript	34.196.141.135 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/events.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.196.141.135 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-141-135.compute-1.amazonaws.com Software / Resource Hash a798eda7573d2a3fe282bd9857bbf92c7dc558903c3273c5343fb39d029f95ae Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Thu, 02 Feb 2023 14:26:54 GMT Cache-Control max-age=5 Content-Encoding gzip Connection keep-alive Content-Length 5384 Content-Type text/javascript
GET H2	200	uwt.js Show response static.ads-twitter.com/	56 KB 15 KB	208ms 47ms	Script application/javascript	199.232.16.157 FASTLY
General Check archive.org Show headers Download Go to Full URL https://static.ads-twitter.com/uwt.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 199.232.16.157 Vienna, Austria, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding gzip last-modified Thu, 27 Oct 2022 16:56:53 GMT etag "32ad004436155ec972bc50e6238b5b67+gzip+gzip" vary Accept-Encoding,Host x-cache HIT, HIT content-type application/javascript; charset=utf-8 p3p CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" x-tw-cdn FT cache-control no-cache accept-ranges bytes content-length 15375 x-served-by cache-iad-kjyo7100081-IAD, cache-vie6362-VIE
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	13 KB 5 KB	159ms 41ms	Script application/x-javascript	2a02:26f0:3500:16::215:149b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f56ccb2db87aacedd9415232e40f80bff9939703df2f9c3f9ec8a092e545349f Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 10 Jan 2023 17:22:56 GMT x-cdn AKAM vary Accept-Encoding content-type application/x-javascript;charset=utf-8 cache-control max-age=16972 accept-ranges bytes content-length 4777
GET H2	200	bat.js Show response bat.bing.com/	38 KB 12 KB	179ms 61ms	Script application/javascript	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 1d26490f083b209ef29e08d092649725edf15ac2b33ad62fdeaafd37f7d79d6f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Thu, 02 Feb 2023 14:26:54 GMT last-modified Mon, 23 Jan 2023 19:59:24 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: 14F31D9408EF43F8855EBA77CE099375 Ref B: FRA31EDGE0611 Ref C: 2023-02-02T14:26:54Z etag "076bc30652fd91:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 11552
GET H2	200	cse.js Show response cse.google.com/	10 KB 4 KB	111ms 109ms	Script text/javascript	2a00:1450:400d:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:803::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software gws / Resource Hash 8be69c283b98a38689accd345924a2bf9faa9719a61d029083fd96439438555b Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding br p3p CP="This is not a P3P policy! See g.co/p3phelp for more info." cross-origin-resource-policy cross-origin content-disposition attachment; filename="f.txt" alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3477 x-xss-protection 0 accept-ch Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64 server gws x-frame-options SAMEORIGIN report-to {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} content-type text/javascript; charset=UTF-8 cache-control private permissions-policy unload=() origin-trial AqRrpS1jM/HOs1rGR0CnXerKEP/QFz7qj9ApDSZqAO+0U+KcT/h/lxA6akW4ar0kT0V1bw5MD4t8O7L7OFwM5gUAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY3ODIzMzU5OX0= cross-origin-opener-policy-report-only same-origin-allow-popups; report-to="gws" expires Thu, 02 Feb 2023 14:26:54 GMT
GET H/1.1	200 OK	ktxevents.v1.js Show response trackit.ktxlytics.io/	98 KB 98 KB	159ms 46ms	Script application/javascript	65.9.86.105 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://trackit.ktxlytics.io/ktxevents.v1.js Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 65.9.86.105 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-86-105.ams1.r.cloudfront.net Software AmazonS3 / Resource Hash 5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Wed, 01 Feb 2023 17:29:02 GMT x-amz-version-id 8nobErucU.TGbL_HVc3JJOzAiDrdj9pU Via 1.1 a31e887359e681523a84a0d401a4fe7c.cloudfront.net (CloudFront) Last-Modified Wed, 23 Oct 2019 19:11:31 GMT Server AmazonS3 X-Amz-Cf-Pop AMS1-C1 Age 75472 ETag "5350ce54b7969cfe1e9a0314b25964b6" X-Cache Hit from cloudfront Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 99889 X-Amz-Cf-Id AhCNxfMryzVl1azhiqLE-PgoQDIQQ0KLpH9wmSbFC91JQVIo56Olmg==
GET H/1.1	200 OK	bounce secure.adnxs.com/ Redirect Chain https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=1059589707 https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D1059589707	43 B 1 KB	43ms 43ms	Image image/gif	37.252.171.21 ASN-APPNEX
General Check archive.org Show headers Download Go to Show image Full URL https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D1059589707 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol HTTP/1.1 Server 37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US), Reverse DNS 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net Software nginx/1.21.3 / Resource Hash 4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef Security Headers Name Value X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Pragma no-cache Date Thu, 02 Feb 2023 14:26:54 GMT AN-X-Request-Uuid 2967c20b-7607-4cb4-9cdd-1129ffd009ee Server nginx/1.21.3 Accept-CH Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Content-Type image/gif P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Access-Control-Allow-Origin * Cache-Control no-store, no-cache, private Access-Control-Allow-Credentials true Connection keep-alive X-Proxy-Origin 80.255.7.106; 80.255.7.106; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com Content-Length 43 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT Redirect headers Pragma no-cache Date Thu, 02 Feb 2023 14:26:54 GMT AN-X-Request-Uuid f3ff97ba-cf7d-4ccc-ac98-1e675c9e0322 Server nginx/1.21.3 Accept-CH Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness Content-Type text/html; charset=utf-8 P3P policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Location https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D1059589707 Cache-Control no-store, no-cache, private Connection keep-alive X-Proxy-Origin 80.255.7.106; 80.255.7.106; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com Content-Length 0 X-XSS-Protection 0 Expires Sat, 15 Nov 2008 16:00:00 GMT
GET H2	200	/ insight.adsrvr.org/track/pxl/	70 B 261 B	191ms 63ms	Image image/gif	15.197.193.217 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=1993306777 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 15.197.193.217 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a12b7a488abeaa9e4.awsglobalaccelerator.com Software / Resource Hash 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers content-type image/gif pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT cache-control private,no-cache, must-revalidate x-aspnet-version 4.0.30319 p3p CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
GET H3	200	all.js Show response connect.facebook.net/en_GB/	308 KB 86 KB	86ms 43ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_GB/all.js?hash=b8e49767f9e6bd30db4dca5832e26c63 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_GB/all.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash ad4d540ec3c588156e2979d281358a2d2c2d01ea37588b8bc3a67193afc919b8 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration Origin https://www.varonis.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff date Thu, 02 Feb 2023 14:26:54 GMT content-md5 bBGBwfUPO6Ul6evtCTQKfQ== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 88311 x-fb-rlafr 0 x-fb-debug mee4qvlLT1fIfdAIfDF3iAOtLLomLPTv8F6UA3x50NV6sgx3PpxPRt7812ULYcbpCGfhP4m2nha5IQ9BxCBN3Q== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-content-md5 c9c34fbe4d7a4d3a6c9b01b36b6df8bc cross-origin-opener-policy same-origin-allow-popups etag "de1df055317257a72edd8a93d9e5e900" vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=31536000,stale-while-revalidate=3600,immutable x-frame-options DENY timing-allow-origin * priority u=3,i expires Fri, 02 Feb 2024 11:42:00 GMT
GET H2	200	179650485736885 Show response connect.facebook.net/signals/config/	377 KB 108 KB	59ms 36ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/179650485736885?v=2.9.95&r=stable Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 193afc91dfbeca2856063a6cb83bf0e2f6e371933d5671cc4145ab15d837cd1e Security Headers Name Value Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers content-security-policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 02 Feb 2023 14:26:54 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 110264 x-fb-rlafr 0 x-xss-protection 0 pragma public x-fb-debug otbQmgGS0aETS5quBtUcuJ2Ci1BYQeDWPTMILbFIOfwJHBX25eUb0VjHzC4vbUTYEmneajsgpknflP8VwIrvPQ== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" x-fb-trip-id 686109401 cross-origin-opener-policy same-origin-allow-popups vary Accept-Encoding report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 priority u=3,i expires Sat, 01 Jan 2000 00:00:00 GMT
GET H/1.1	200 OK	widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response platform.twitter.com/widgets/ Frame 1746	320 KB 104 KB	47ms 40ms	Document text/html	2606:2800:234:46c:e8b:1e2f:2bd:694 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.varonis.com Requested by Host: platform.twitter.com URL: https://platform.twitter.com/widgets.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6795) / Resource Hash 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Access-Control-Allow-Methods GET Access-Control-Allow-Origin * Age 751414 Cache-Control public, max-age=315360000 Content-Encoding gzip Content-Length 105435 Content-Type text/html; charset=utf-8 Date Thu, 02 Feb 2023 14:26:54 GMT Etag "95e1b50b0c179aefb47b5b211bb347b5+gzip" Last-Modified Tue, 24 Jan 2023 21:41:13 GMT P3P CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT" Server ECS (frb/6795) Server-Timing x-cache;desc= HIT,x-tw-cdn;desc=VZ Vary Accept-Encoding X-Cache HIT x-tw-cdn VZ
GET H2	200	widget Show response www.varonis.com/_hcms/livechat/	294 B 1 KB	244ms 240ms	XHR application/json	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/_hcms/livechat/widget?portalId=142972&conversations-embed=static-1.12020&mobile=false&messagesUtk=0ff9168deae644d18df9c766ce37aa8f&traceId=0ff9168deae644d18df9c766ce37aa8f Requested by Host: js.usemessages.com URL: https://js.usemessages.com/conversations-embed.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash b0bc6ab0429aba031f99821f6ade232f11c1b3cc6d344d4a0213599c6aa2d3db Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 X-HubSpot-Messages-Uri https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=31536000 content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-cdn Imperva x-hubspot-correlation-id 0df5b237-c048-4457-ac8b-d4fafc5b2dd1 x-iinfo 14-144994166-144994183 PNYN RT(1675348012771 1012) q(0 0 0 -1) r(2 2) U2 x-hs-https-only worker alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 server cloudflare x-trace 2BC0EC648C46B6BAA7971FAC8ADB8C12A4A028320A000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD content-type application/json;charset=utf-8 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IBjCKE1iUz2Cg8mmNVtoOGu%2BmxiyOlIs9cmp04NJWCSK4Ejao6zwiddZZgoT5oHM7VLbXagfwv3M68UhFYsDTAtvkmKhD7SMMBTkNG4zSRj7DD82QjE0CjKYHlrnd90bFA%3D%3D"}],"group":"cf-nel","max_age":604800} cache-control no-cache, no-store, no-transform, must-revalidate, max-age=0 access-control-allow-credentials false cf-ray 79339ac08810bb4a-FRA access-control-allow-headers Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
GET H2	200	cse_element__en.js Show response www.google.com/cse/static/element/6cb65d33d738e8fe/	304 KB 101 KB	60ms 59ms	Script text/javascript	2a00:1450:400d:80c::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/cse/static/element/6cb65d33d738e8fe/cse_element__en.js?usqp=CAM%3D Requested by Host: cse.google.com URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6d0bd2559fe211ed2277e68b320a39b65e98834fd5c9e86df6c941c36b5bb24a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Wed, 01 Feb 2023 00:41:17 GMT content-encoding gzip x-content-type-options nosniff age 135937 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 103749 x-xss-protection 0 last-modified Tue, 24 Jan 2023 19:47:03 GMT server sffe vary Accept-Encoding report-to {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]} content-type text/javascript cache-control public, max-age=31536000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="prose-team" expires Thu, 01 Feb 2024 00:41:17 GMT
GET H2	200	default.css www.google.com/cse/static/style/look/v4/	4 KB 1 KB	58ms 57ms	Stylesheet text/css	2a00:1450:400d:80c::2004 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/cse/static/style/look/v4/default.css Requested by Host: cse.google.com URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 13:54:35 GMT content-encoding gzip x-content-type-options nosniff age 1939 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1345 x-xss-protection 0 last-modified Wed, 17 Jun 2020 00:00:00 GMT server sffe vary Accept-Encoding report-to {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]} content-type text/css cache-control public, max-age=3000 accept-ranges bytes cross-origin-opener-policy-report-only same-origin; report-to="prose-team" expires Thu, 02 Feb 2023 14:44:35 GMT
POST H2	202	event Show response plausible.io/api/	2 B 476 B	529ms 258ms	XHR text/plain	2400:52e0:1a00::894:1 BUNNYCDN
General Check archive.org Show headers Download Go to Full URL https://plausible.io/api/event Requested by Host: plausible.io URL: https://plausible.io/js/plausible.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2400:52e0:1a00::894:1 , Slovenia, ASN200325 (BUNNYCDN, SI), Reverse DNS Software BunnyCDN-IL1-894 / Resource Hash 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type text/plain Response headers date Thu, 02 Feb 2023 14:26:54 GMT cdn-edgestorageid 894 cdn-cachedat 02/02/2023 14:26:54 cdn-pullzone 682664 application 10.0.0.8 content-length 2 x-request-id F0AIJJGcY7fpdb8KuZyJ server BunnyCDN-IL1-894 cdn-proxyver 1.03 cdn-requestpullcode 202 content-type text/plain; charset=utf-8 access-control-allow-origin * cdn-uid 153cb5b1-399a-48ef-b5bf-098c03770254 cache-control must-revalidate, max-age=0, private access-control-allow-credentials true permissions-policy interest-cohort=() cdn-requestid ae27730593408053cc57a6f9b9265092 cdn-requestcountrycode DE cdn-requestpullsuccess True
GET H2	204	has-permission Show response app.hubspot.com/content-tools-menu/api/v1/tools-menu/	0 746 B	358ms 264ms	Script text/plain	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=142972&callback=jsonpHandler Requested by Host: www.varonis.com URL: https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.143/js/index.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC x-hs-worker-debug-mode false server cloudflare x-hubspot-correlation-id 10fa20a2-8fe9-4e4e-a708-10ea7369602a x-trace 2BE45BF5B0DD780D9167ECD974ED4F6417FE3AE836000000000000000000 vary origin, Accept-Encoding access-control-allow-methods GET report-to {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]} cache-control max-age=0 access-control-allow-credentials true cf-ray 79339ac38dae9972-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 reporting-endpoints default="https://exceptions.hubspot.com/csp/reports?cfRay=79339ac38dae9972&resource=unknown"
GET H2	200	settings Show response syndication.twitter.com/ Frame 1746	919 B 649 B	300ms 211ms	Fetch application/json	104.244.42.8 TWITTER
General Check archive.org Show headers Download Go to Full URL https://syndication.twitter.com/settings?session_id=9b9d8135b8cd392d98b2eedcf73f7ec3366649af Requested by Host: platform.twitter.com URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.varonis.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.8 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ee80cf3b15ea6f7dd08ba1b6bbb065994092b94415845536e0db3476ea80fad4 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://platform.twitter.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-response-time 169 date Thu, 02 Feb 2023 14:26:53 GMT content-encoding gzip strict-transport-security max-age=631138519 last-modified Thu, 02 Feb 2023 14:26:54 GMT server tsa_o vary Origin content-type application/json; charset=utf-8 access-control-allow-origin https://platform.twitter.com x-transaction-id dd4f368e8816432f cache-control must-revalidate, max-age=600 access-control-allow-credentials true perf 7626143928 x-connection-hash 640ffc7ce72155176024799206e1339ea56859eb0ae687ae665672f4b7b07843 content-length 326
POST H2	204	view Show response js.hs-banner.com/cookie-banner-public/v1/activity/	0 137 B	163ms 162ms	XHR text/plain	2606:4700:4400::ac40:9a55 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/cookie-banner-public/v1/activity/view Requested by Host: js.hs-banner.com URL: https://js.hs-banner.com/142972.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type application/json Response headers date Thu, 02 Feb 2023 14:26:54 GMT cf-cache-status DYNAMIC server cloudflare x-hubspot-correlation-id 5aa32b6c-cf65-4582-be91-9c0687e4a75c x-trace 2B3CDB3C211FB3515833A98D112C836BA9A8DC9283000000000000000000 access-control-max-age 604800 access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.varonis.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing vary origin access-control-allow-credentials true timing-allow-origin * access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id cf-ray 79339ac43cbd2c22-FRA
OPTIONS H2	200	view js.hs-banner.com/cookie-banner-public/v1/activity/ Frame	0 0	494ms 412ms	Preflight application/octet-stream	2606:4700:4400::ac40:9a55 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.hs-banner.com/cookie-banner-public/v1/activity/view Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.varonis.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id access-control-allow-methods GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD access-control-allow-origin https://www.varonis.com access-control-expose-headers x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing access-control-max-age 604800 cf-cache-status DYNAMIC cf-ray 79339ac199f32c22-FRA content-length 0 content-type application/octet-stream date Thu, 02 Feb 2023 14:26:54 GMT server cloudflare timing-allow-origin * vary origin
POST H2	200	collect Show response www.google-analytics.com/j/	4 B 209 B	47ms 46ms	XHR text/plain	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j99&a=140375923&t=pageview&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&ul=en-us&de=UTF-8&dt=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1253392706&gjid=1580528441&cid=1386086747.1675348014&tid=UA-2019109-1&_gid=1661337373.1675348014&_r=1&_slc=1&gtm=2wg1u0KMGCX7V&z=878776466 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.varonis.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	async-ads.js Show response cse.google.com/adsense/search/	140 KB 51 KB	113ms 112ms	Script text/javascript	2a00:1450:400d:803::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://cse.google.com/adsense/search/async-ads.js Requested by Host: www.google.com URL: https://www.google.com/cse/static/element/6cb65d33d738e8fe/cse_element__en.js?usqp=CAI%3D Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:400d:803::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 6c4ac386319341c7ea12c25b2b6a792a676164dcf0297aeac66564cca203b34c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding gzip x-content-type-options nosniff content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="ads-afs-ui" etag "16345307704952310926" vary Accept-Encoding report-to {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} content-type text/javascript; charset=UTF-8 cache-control private, max-age=3600 accept-ranges bytes expires Thu, 02 Feb 2023 14:26:54 GMT
GET H2	204	generate_204 clients1.google.com/	0 117 B	220ms 52ms	Image text/plain	2a00:1450:400d:808::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://clients1.google.com/generate_204 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400d:808::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
GET H2	200	/ www.facebook.com/tr/	0 185 B	151ms 42ms	Image text/plain	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=179650485736885&ev=PageView&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&rl=&if=false&ts=1675348014286&sw=1600&sh=1200&v=2.9.95&r=stable&ec=0&o=30&fbp=fb.1.1675348014285.159998934&it=1675348014086&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains date Thu, 02 Feb 2023 14:26:54 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 349 B	149ms 50ms	XHR text/plain	2a00:1450:400c:c0c::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-2019109-1&cid=1386086747.1675348014&jid=1253392706&gjid=1580528441&_gid=1661337373.1675348014&_u=YEBAAEAAAAAAACAAI~&z=621494627 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload date Thu, 02 Feb 2023 14:26:54 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.varonis.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	/ www.google.com/pagead/1p-user-list/1015553108/	42 B 64 B	79ms 78ms	Image image/gif	2a00:1450:400d:80c::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/pagead/1p-user-list/1015553108/?random=1675348013983&cv=11&fst=1675346400000&bg=ffffff&guid=ON&async=1&gtm=2wg1u0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tiba=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&fmt=3&is_vtc=1&random=2041863759&rmt_tld=0&ipr=y Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ www.google.de/pagead/1p-user-list/1015553108/	42 B 455 B	141ms 51ms	Image image/gif	2a00:1450:4001:82b::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/pagead/1p-user-list/1015553108/?random=1675348013983&cv=11&fst=1675346400000&bg=ffffff&guid=ON&async=1&gtm=2wg1u0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tiba=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&fmt=3&is_vtc=1&random=2041863759&rmt_tld=1&ipr=y Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value Content-Security-Policy script-src 'none'; object-src 'none' X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT content-security-policy script-src 'none'; object-src 'none' x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	rp.gif alb.reddit.com/	42 B 157 B	254ms 155ms	Image image/gif	151.101.193.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1675348014328&id=t2_4ofecxl5&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&uuid=674bb772-8de9-48f8-bc8c-2bfb1c86dc15&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_65e23bc4 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.193.140 , United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT via 1.1 varnish server Varnish content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H/1.1	200 OK	validateCookie segments.company-target.com/ Redirect Chain https://match.prod.bidr.io/cookie-sync/demandbase https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 https://segments.company-target.com/log?vendor=choca&user_id=AAIxYk7Ht5AAACEScfZVEw https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAIxYk7Ht5AAACEScfZVEw&verifyHash=2108bef7597245b8efbdd487a76d9628670dd0f5	26 B 409 B	121ms 121ms	Image image/gif	13.227.219.110 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAIxYk7Ht5AAACEScfZVEw&verifyHash=2108bef7597245b8efbdd487a76d9628670dd0f5 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol HTTP/1.1 Server 13.227.219.110 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-110.ams54.r.cloudfront.net Software / Resource Hash 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Thu, 02 Feb 2023 14:26:56 GMT Via 1.1 a668b79ea8c4f6f5d611c57b44351ff0.cloudfront.net (CloudFront) X-Amz-Cf-Pop AMS54-C1 Transfer-Encoding chunked X-Cache Miss from cloudfront Content-Type image/gif Vary Origin Connection keep-alive trace-id a937ec6f771de8be X-Amz-Cf-Id wPVYhX_mqu0eGqiD2Dt0ja5zncEAg8P3eCML2fxBBUAQ27VpebSzIg== Redirect headers Date Thu, 02 Feb 2023 14:26:55 GMT Via 1.1 a668b79ea8c4f6f5d611c57b44351ff0.cloudfront.net (CloudFront) X-Amz-Cf-Pop AMS54-C1 Vary Origin X-Cache Miss from cloudfront Location /validateCookie?vendor=choca&user_id=AAIxYk7Ht5AAACEScfZVEw&verifyHash=2108bef7597245b8efbdd487a76d9628670dd0f5 Connection keep-alive trace-id 38d0dd0e9f027966 Content-Length 0 X-Amz-Cf-Id TjggnqoRPExItl9QyMxoAtN6T27Lg1NARxhdc4LsCfTrgHh-DqDkXQ==
GET H2	451	464526.gif id.rlcdn.com/	0 98 B	241ms 40ms	Image text/plain	35.244.174.68 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://id.rlcdn.com/464526.gif Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 68.174.244.35.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT via 1.1 google alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0
POST H2	200	ip.json Show response api.company-target.com/api/v2/	447 B 933 B	190ms 74ms	XHR application/json	13.227.219.127 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&page_title=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365 Requested by Host: tag.demandbase.com URL: https://tag.demandbase.com/LB4pGhMk.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.227.219.127 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-227-219-127.ams54.r.cloudfront.net Software nginx / Resource Hash 2ba4a6b1ebfb80728d3b65bfa635d53207ea54977db48861f4b81cec562f8458 Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Thu, 02 Feb 2023 14:26:54 GMT identification-source CENTRAL content-encoding gzip via 1.1 6c22fb0e883db3123ae98d8d72cdaf76.cloudfront.net (CloudFront) x-amz-cf-pop AMS54-C1 x-cache Miss from cloudfront request-id fefc047a-12cc-47ac-8381-049a681ae655 pragma no-cache server nginx access-control-max-age 7200 access-control-allow-methods GET, POST, OPTIONS content-type application/json;charset=utf-8 access-control-allow-origin https://www.varonis.com access-control-expose-headers cache-control no-cache, no-store, max-age=0, must-revalidate access-control-allow-credentials true vary Accept-Encoding, Origin api-version v2 access-control-allow-headers DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type x-amz-cf-id 2vdi1bzUdiZYpKY755DpVPLNdNKfyB5fDY2ZCiK0aGnqrzGiMVQSBw== expires Wed, 01 Feb 2023 14:26:54 GMT
GET H2	200	r Show response scout.salesloft.com/	41 B 403 B	382ms 118ms	XHR application/json	52.23.25.67 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTQ3NX0.iI-HhwOQ2R9nR36t6D2kwo7l09ByrLMU2A7_XHc4Ar0 Requested by Host: scout-cdn.salesloft.com URL: https://scout-cdn.salesloft.com/sl.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.23.25.67 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-23-25-67.compute-1.amazonaws.com Software / Resource Hash e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains access-control-allow-methods GET content-type application/json; charset=utf-8 access-control-allow-origin https://www.varonis.com access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true content-length 41 x-request-id 7639ffa9aaeb58bbde762bee5bb22389
GET H3	200	ga-audiences www.google.com/ads/	42 B 63 B	91ms 89ms	Image image/gif	2a00:1450:400d:80c::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2019109-1&cid=1386086747.1675348014&jid=1253392706&_u=YEBAAEAAAAAAACAAI~&z=512510411 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:400d:80c::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	64ms 64ms	Image image/gif	2a00:1450:4001:82b::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-2019109-1&cid=1386086747.1675348014&jid=1253392706&_u=YEBAAEAAAAAAACAAI~&z=512510411 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/23300,4766249/domain/varonis.com/	36 B 375 B	187ms 51ms	XHR application/json	2600:9000:2304:6c00:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/23300,4766249/domain/varonis.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2304:6c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 12:45:38 GMT content-encoding gzip via 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront) x-amz-cf-pop VIE50-P1 age 6076 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=6961 x-amz-cf-id x86AS9q9iiCdUlBjxYaUgXNqhvDgwAnsE8jiN3czQ1cW5GpYQze08A==
GET H2	200	token Show response cdn.linkedin.oribi.io/partner/23300,4766249/domain/varonis.com/	36 B 376 B	186ms 51ms	XHR application/json	2600:9000:2304:6c00:2:53b2:240:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.linkedin.oribi.io/partner/23300,4766249/domain/varonis.com/token Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2304:6c00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89 Request headers Accept * Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 12:45:38 GMT content-encoding gzip via 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront) x-amz-cf-pop VIE50-P1 age 6076 vary accept-encoding x-cache Hit from cloudfront content-type application/json access-control-allow-origin * cache-control public, max-age=6961 x-amz-cf-id WkL8I2nlb0BaXQrY1HybVH1Y79zl1aBZJLDfui4eAUqZ9y3kthRieQ==
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1675348014511&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2 https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D23300%252C4766249%26time%3D1675348014511%26url%3Dhttps%253A%252F%252Fwww.varonis.... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1675348014511&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&liSync=true https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1675348014511&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&liSync=true&e_ipv6=AQKdU1...	0 266 B	259ms 139ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1675348014511&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&liSync=true&e_ipv6=AQKdU1G2hrvIzgAAAYYShfjwRRcNIAGkWcwyQ8bPwl4HKuMelrkcywsfUlbV3b4R4MjxoHo Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 71C45528D4E140ED906AC8852D7291FB Ref B: DUS30EDGE0808 Ref C: 2023-02-02T14:26:55Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAXzuFtYf02oECVkNNJ6IQ== Redirect headers date Thu, 02 Feb 2023 14:26:55 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 9BECE2D7571C4B11A2939EE1303E3EE8 Ref B: DUS30EDGE0813 Ref C: 2023-02-02T14:26:55Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1675348014511&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&liSync=true&e_ipv6=AQKdU1G2hrvIzgAAAYYShfjwRRcNIAGkWcwyQ8bPwl4HKuMelrkcywsfUlbV3b4R4MjxoHo x-li-proto http/2 content-length 0 x-li-uuid AAXzuFtUP+w+GGFAHv/vJg==
GET H2	200	adsct t.co/1/i/	43 B 377 B	298ms 209ms	Image image/gif	104.244.42.133 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=5611865c-fc88-4527-887a-d73b38789bd5&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=213bca2d-e105-479f-9f6f-abb59ff52b8c&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.133 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=0 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-response-time 169 date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=0 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 5cf22e6cbb56be3d cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 7d82d85fe44a5d1cc2873868ce7a7458eea70fe9f7f195b1dc9e400c70746ef3 content-length 43
GET H2	200	adsct analytics.twitter.com/1/i/	43 B 726 B	391ms 209ms	Image image/gif	104.244.42.195 TWITTER
General Check archive.org Show headers Download Go to Show image Full URL https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=5611865c-fc88-4527-887a-d73b38789bd5&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=213bca2d-e105-479f-9f6f-abb59ff52b8c&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.244.42.195 , United States, ASN13414 (TWITTER, US), Reverse DNS Software tsa_o / Resource Hash ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957 Security Headers Name Value Strict-Transport-Security max-age=631138519 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers x-response-time 173 date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=631138519 server tsa_o content-type image/gif;charset=utf-8 x-transaction-id 2b538b3450eb1213 cache-control no-cache, no-store, max-age=0 perf 7626143928 x-connection-hash 16f14fc68db8ebe28f50b616ed758c39d871f10be54d96f75154bc0b7bbf3fca content-length 43
GET H2	204	148008183.js Show response bat.bing.com/p/action/	0 118 B	149ms 148ms	Script text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/148008183.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Thu, 02 Feb 2023 14:26:54 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: E2E61E3B098542AE9D9F51D52C67C77F Ref B: FRA31EDGE0611 Ref C: 2023-02-02T14:26:54Z x-cache CONFIG_NOCACHE
GET H2	204	0 bat.bing.com/action/	0 287 B	65ms 65ms	Image text/plain	2620:1ec:c11::200 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=148008183&tm=gtm002&Ver=2&mid=23ab98f6-0bb2-4b85-8b85-fc478d9a2c00&sid=a4526130a30511ed9ee4c3d2fd404726&vid=a4526340a30511ed9239099f6cf83356&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&p=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&r=&lt=1111&evt=pageLoad&sv=1&rn=955707 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 02 Feb 2023 14:26:54 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: C5F822B43E464CC790DF0E55B4B66AEE Ref B: FRA31EDGE0611 Ref C: 2023-02-02T14:26:54Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	collect www.google-analytics.com/	35 B 55 B	40ms 40ms	Image image/gif	2a00:1450:4001:828::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j99&a=140375923&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&ul=en-us&de=UTF-8&dt=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHBAAEABAAAAACAAI~&jid=&gjid=&cid=1386086747.1675348014&tid=UA-2019109-1&_gid=1661337373.1675348014&gtm=2wg1u0KMGCX7V&cd10=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=Bot&cd18=(Non-Company%20Visitor)&z=1825815858 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Thu, 02 Feb 2023 02:05:56 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 44458 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
POST H2	200	tp2 Show response c2.ktxlytics.io/com.snowplowanalytics.snowplow/	2 B 336 B	268ms 119ms	XHR text/plain	3.92.241.157 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2 Requested by Host: trackit.ktxlytics.io URL: https://trackit.ktxlytics.io/ktxevents.v1.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.92.241.157 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-92-241-157.compute-1.amazonaws.com Software nginx / Resource Hash 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-Type application/json; charset=UTF-8 Response headers access-control-allow-origin https://www.varonis.com date Thu, 02 Feb 2023 14:26:55 GMT access-control-allow-credentials true content-type text/plain; charset=UTF-8 server nginx content-length 2 p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
GET H2	200	v1 c2.ktxlytics.io/com.snowplowanalytics.iglu/ Redirect Chain https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=2853213917094208548 https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=2853213917094208548&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs	43 B 387 B	118ms 118ms	Image image/gif	3.92.241.157 AMAZON-AES
General Check archive.org Show headers Download Go to Show image Full URL https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=2853213917094208548&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Server 3.92.241.157 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-92-241-157.compute-1.amazonaws.com Software nginx / Resource Hash caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:55 GMT server nginx p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" access-control-allow-origin * content-type image/gif cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true content-length 43 Redirect headers date Thu, 02 Feb 2023 14:26:55 GMT server nginx p3p policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA" location https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=2853213917094208548&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs access-control-allow-origin * cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true content-length 0
OPTIONS H2	200	tp2 c2.ktxlytics.io/com.snowplowanalytics.snowplow/ Frame	0 0	415ms 110ms	Preflight	3.92.241.157 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 3.92.241.157 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-3-92-241-157.compute-1.amazonaws.com Software nginx / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://www.varonis.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Content-Type, SP-Anonymous access-control-allow-origin https://www.varonis.com access-control-max-age 600 content-length 0 date Thu, 02 Feb 2023 14:26:55 GMT server nginx
GET H2	200	ipv cdn.bizible.com/m/	43 B 304 B	117ms 116ms	Image image/gif	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=880e5f0c50b545aaf6d7c472633356fb&_biz_s=8ed7d5&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&_biz_t=1675348014661&_biz_i=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&_biz_n=0&rnd=184479&cdn_o=a&_biz_z=1675348014662 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1D07) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT last-modified Sun, 29 Jan 2023 13:19:12 GMT server ECS (nyb/1D07) age 349662 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type Image/GIF cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	u cdn.bizibly.com/	43 B 204 B	115ms 115ms	Image image/gif	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=880e5f0c50b545aaf6d7c472633356fb&_biz_s=8ed7d5&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&_biz_t=1675348014673&_biz_i=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&rnd=449905&cdn_o=a&_biz_z=1675348014673 Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1D33) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers pragma no-cache date Thu, 02 Feb 2023 14:26:54 GMT last-modified Sun, 29 Jan 2023 20:10:05 GMT server ECS (nyb/1D33) age 325009 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type Image/GIF cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H/1.1	200 OK	sa.css tags.srv.stackadapt.com/	65 B 292 B	121ms 121ms	Stylesheet text/css	34.196.141.135 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.css Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.196.141.135 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-141-135.compute-1.amazonaws.com Software / Resource Hash def16fb18754f7b2f33add4bd995dbca1327c0b646d9fe5100b3f1ff75dbdac1 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Thu, 02 Feb 2023 14:26:54 GMT Cache-Control only-if-cached, no-transform, private, max-age=7776000 Connection keep-alive Content-Length 65 Content-Type text/css
GET H/1.1	200 OK	sa.jpeg Show response tags.srv.stackadapt.com/	0 881 B	497ms 126ms	Fetch image/jpeg	34.196.141.135 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.jpeg Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.196.141.135 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-141-135.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Thu, 02 Feb 2023 14:26:55 GMT Cache-Control only-if-cached, no-transform, private, max-age=7776000 Connection keep-alive Content-Length 651 Content-Type image/jpeg
GET H/1.1	200 OK	sa.jpeg Show response tags.srv.stackadapt.com/	0 881 B	494ms 123ms	Fetch image/jpeg	34.196.141.135 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/sa.jpeg Requested by Host: tags.srv.stackadapt.com URL: https://tags.srv.stackadapt.com/events.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.196.141.135 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-141-135.compute-1.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Thu, 02 Feb 2023 14:26:55 GMT Cache-Control only-if-cached, no-transform, private, max-age=7776000 Connection keep-alive Content-Length 651 Content-Type image/jpeg
POST H2	200	/ Show response www.facebook.com/tr/ Frame 9E8A	0 49 B	62ms 42ms	Document text/plain	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://www.facebook.com/tr/ Requested by Host: www.varonis.com URL: https://www.varonis.com/blog/power-automate-data-exfiltration Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Content-Type application/x-www-form-urlencoded Origin https://www.varonis.com Referer https://www.varonis.com/blog/power-automate-data-exfiltration Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers access-control-allow-credentials true access-control-allow-origin https://www.varonis.com alt-svc h3=":443"; ma=86400 content-length 0 content-type text/plain cross-origin-resource-policy cross-origin date Thu, 02 Feb 2023 14:26:54 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains
GET H2	200	xdc.js Show response cdn.bizible.com/	116 B 526 B	183ms 167ms	Script text/javascript	152.199.2.76 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=880e5f0c50b545aaf6d7c472633356fb&_biz_h=-1906410348&cdn_o=a&jsVer=4.22.11.28 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.199.2.76 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (nyb/1D31) / Resource Hash d6381fb2a2e2278a0df33686779a301bf8aa4f5f7b421e108582140b4a093a50 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT content-encoding gzip server ECS (nyb/1D31) etag CED0866E vary Accept-Encoding p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 content-length 219
GET H2	200	i Show response scout.salesloft.com/	48 B 510 B	127ms 118ms	XHR application/json	52.23.25.67 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://scout.salesloft.com/i Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 52.23.25.67 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-23-25-67.compute-1.amazonaws.com Software / Resource Hash 95d8bece25ccf91f483c0eb82dd837ac17a3c0f1631e33e4c871753be9d71166 Security Headers Name Value Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:54 GMT strict-transport-security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains access-control-allow-methods GET content-type application/json; charset=utf-8 access-control-allow-origin https://www.varonis.com access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true content-length 48 x-request-id 1d650c0b2aa9e4fd01cda84108cbc734
GET H/1.1	200 OK	saq_pxl Show response tags.srv.stackadapt.com/	116 B 420 B	120ms 117ms	XHR text/plain	34.196.141.135 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/saq_pxl?uid=_9vH_OIoGoaDi4-zdBz9Vg&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&t=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&tip=irz24MwTh4sgdOBCVSPQ_l7p7iw2GziIE7nfQR4-uMo&host=https://www.varonis.com&sa-user-id-v2=s%253AnQTr7Y3ESV5t13A-abnSH1D_B2o.P2ObWOSWZgRGxky9ArixUx03QiFRtf6fSYhRv2qhn0U&sa-user-id=s%253A0-9d04ebed-8dc4-495e-6dd7-703e69b9d21f.2Rykwp0OFL%252B1hg%252FfhYly2HJSvaSCI0sApM%252BeGgHEuyM Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.196.141.135 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-141-135.compute-1.amazonaws.com Software / Resource Hash 8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Thu, 02 Feb 2023 14:26:55 GMT Access-Control-Allow-Methods GET Content-Type text/plain; charset=utf-8 Access-Control-Allow-Origin https://www.varonis.com Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers * Content-Length 116
GET H/1.1	200 OK	saq_pxl Show response tags.srv.stackadapt.com/	138 B 442 B	237ms 117ms	XHR text/plain	34.196.141.135 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://tags.srv.stackadapt.com/saq_pxl?uid=7DZRzfkZdpma72wkdfbzjA&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&t=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&tip=irz24MwTh4sgdOBCVSPQ_l7p7iw2GziIE7nfQR4-uMo&host=https://www.varonis.com&sa-user-id-v2=s%253AnQTr7Y3ESV5t13A-abnSH1D_B2o.P2ObWOSWZgRGxky9ArixUx03QiFRtf6fSYhRv2qhn0U&sa-user-id=s%253A0-9d04ebed-8dc4-495e-6dd7-703e69b9d21f.2Rykwp0OFL%252B1hg%252FfhYly2HJSvaSCI0sApM%252BeGgHEuyM Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.196.141.135 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-196-141-135.compute-1.amazonaws.com Software / Resource Hash 4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67 Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Thu, 02 Feb 2023 14:26:55 GMT Access-Control-Allow-Methods GET Content-Type text/plain; charset=utf-8 Access-Control-Allow-Origin https://www.varonis.com Access-Control-Allow-Credentials true Connection keep-alive Access-Control-Allow-Headers * Content-Length 138
GET H2	200	__ptq.gif track.hubspot.com/	45 B 525 B	157ms 156ms	Image image/gif	2606:4700::6813:9b53 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1858685340&v=1.1&a=142972&pi=65326053274&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&cpi=65326053274&cgi=740355147&lpi=65326053274&lvi=65326053274&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&t=Using+Power+Automate+for+Covert+Data+Exfiltration+in+Microsoft+365&cts=1675348016177&vi=64c55d4f534c9cf4b7a998f090e853d7&nc=true&ce=false&pt=1&cc=0 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers accept-language de-DE,de;q=0.9 Referer https://www.varonis.com/blog/power-automate-data-exfiltration User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers date Thu, 02 Feb 2023 14:26:56 GMT strict-transport-security max-age=31536000; includeSubDomains; preload cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-hubspot-correlation-id dd59ab62-481e-4944-a494-754a11c4ab24 p3p CP="NOI CUR ADM OUR NOR STA NID" alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 45 server cloudflare vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zv4SyTDKKSqarxD%2FpVlntbTy5jHreu25SkRHNRjq%2Bgf81nF9GhkaXYYhnHKNVbN0N1%2FGNSzFeExQax9sMt7TTHRBcPY4RW23OIxPGSyP5I99FORSg2RsLthNuLqtFr0xh6cMM40wjZjU%2FANQ0AE8"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control no-cache, no-store, no-transform access-control-allow-credentials false cf-ray 79339acd49ef9972-FRA x-robots-tag none
POST H2	200	perf Show response www.varonis.com/_hcms/	2 B 589 B	185ms 185ms	XHR text/plain	45.60.154.169 INCAPSULA
General Check archive.org Show headers Download Go to Full URL https://www.varonis.com/_hcms/perf Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 45.60.154.169 , United States, ASN19551 (INCAPSULA, US), Reverse DNS Software cloudflare / Resource Hash 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Referer https://www.varonis.com/blog/power-automate-data-exfiltration accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Content-type application/json Response headers date Thu, 02 Feb 2023 14:26:59 GMT strict-transport-security max-age=31536000 content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} x-cdn Imperva x-hubspot-correlation-id e41c3696-8a7f-4223-a943-a3a9b8d64ec3 x-iinfo 14-144994166-144994183 PNYN RT(1675348012771 6046) q(0 0 0 -1) r(1 1) U6 x-hs-https-only worker alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 server cloudflare x-trace 2BC6468C549ED12ADBF9AA9705F33FC656FF854AAD000000000000000000 vary origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjMP2QPMniU8gZJ9JABDsaGK%2BjWX0CkOS6OBF5F58RDoiRsJze3fbw1thIvnQAumbwFwQ6jfupLwMpjPWDOjxoB%2FXAPxGtFrN14lvgWINvMAky4YVMpFyLhN85uf0bQLTQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=utf-8 access-control-allow-credentials false cf-ray 79339adfff20bb4a-FRA x-robots-tag none