www.securonix.com Open in urlscan Pro
2606:4700:3108::ac42:2b19 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infe...
Submission: On September 01 via api (September 1st 2022, 3:25:38 pm UTC) from DE — Scanned from DE

Summary HTTP 175 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 35 IPs in 5 countries across 25 domains to perform 175 HTTP transactions. The main IP is 2606:4700:3108::ac42:2b19, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.securonix.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 28th 2022. Valid for: a year.

This is the only time www.securonix.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
46	2606:4700:310... 2606:4700:3108::ac42:2b19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a02:26f0:350... 2a02:26f0:3500:16::215:14a0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:400e:800::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
4	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.17.70.206 104.17.70.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	23.205.237.4 23.205.237.4	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.232.44.166 3.232.44.166	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
2	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
1	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 8	2600:9000:225... 2600:9000:225e:c00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
8	96.16.137.162 96.16.137.162	16625 (AKAMAI-AS) (AKAMAI-AS)
62	18.66.112.55 18.66.112.55	16509 (AMAZON-02) (AMAZON-02)
1	185.89.211.132 185.89.211.132	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	54.72.196.78 54.72.196.78	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:27::... 2620:1ec:27::cafe:1759	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	20.120.65.166 20.120.65.166	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.247.241.14 162.247.241.14	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
4	54.147.21.139 54.147.21.139	14618 (AMAZON-AES) (AMAZON-AES)
2	50.16.7.188 50.16.7.188	14618 (AMAZON-AES) (AMAZON-AES)
175	35

46 2606:4700:3108::ac42:2b19 (United States)

ASN13335 (CLOUDFLARENET, US)

www.securonix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:3500:16::215:14a0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:800::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.70.206 (None, )

ASN13335 (CLOUDFLARENET, US)

pages.securonix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.205.237.4 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-237-4.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.232.44.166 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-44-166.compute-1.amazonaws.com

lltrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

179-djp-142.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:225e:c00:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 96.16.137.162 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-137-162.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

62 18.66.112.55 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-55.fra56.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.89.211.132 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.72.196.78 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-196-78.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:27::cafe:1759 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.120.65.166 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

l.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.241.14 (United States)

ASN23467 (NEWRELIC-AS-1, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.147.21.139 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-21-139.compute-1.amazonaws.com

metrics.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.16.7.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-7-188.compute-1.amazonaws.com

bootstrap.api.drift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
62	driftt.com js.driftt.com — Cisco Umbrella Rank: 4932	725 KB
47	securonix.com www.securonix.com pages.securonix.com	2 MB
9	adroll.com 2 redirects s.adroll.com — Cisco Umbrella Rank: 2348 d.adroll.com — Cisco Umbrella Rank: 1428	80 KB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 6490 c.6sc.co — Cisco Umbrella Rank: 9723 b.6sc.co — Cisco Umbrella Rank: 4574	13 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 527 l.clarity.ms — Cisco Umbrella Rank: 5269 c.clarity.ms — Cisco Umbrella Rank: 955	26 KB
6	drift.com metrics.api.drift.com — Cisco Umbrella Rank: 5445 bootstrap.api.drift.com — Cisco Umbrella Rank: 5729	456 B
6	typekit.net use.typekit.net — Cisco Umbrella Rank: 443 p.typekit.net — Cisco Umbrella Rank: 581	93 KB
4	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 370 www.linkedin.com — Cisco Umbrella Rank: 586 px4.ads.linkedin.com — Cisco Umbrella Rank: 6068	3 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 354 c.bing.com — Cisco Umbrella Rank: 213	13 KB
4	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3967	60 KB
3	google.de www.google.de — Cisco Umbrella Rank: 6487	672 B
3	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 85 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44	2 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 6141 www.google.com — Cisco Umbrella Rank: 2	1004 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 66	148 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 2677	6 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 43 ajax.googleapis.com — Cisco Umbrella Rank: 279	32 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 227	621 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 318	14 KB
1	adnxs.com secure.adnxs.com — Cisco Umbrella Rank: 435	697 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 754	3 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 132	16 KB
1	mktoresp.com 179-djp-142.mktoresp.com	318 B
1	gstatic.com fonts.gstatic.com	47 KB
1	lltrck.com lltrck.com — Cisco Umbrella Rank: 30417
175	25

	Domain	Requested by
62	js.driftt.com	www.securonix.com js.driftt.com
46	www.securonix.com	www.securonix.com
8	s.adroll.com	2 redirects www.googletagmanager.com www.securonix.com s.adroll.com
6	b.6sc.co	www.securonix.com
5	use.typekit.net	www.securonix.com use.typekit.net
4	metrics.api.drift.com	js.driftt.com
4	static.addtoany.com	www.securonix.com static.addtoany.com
3	l.clarity.ms	www.clarity.ms
3	www.google.de	www.securonix.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.securonix.com
2	bootstrap.api.drift.com	js.driftt.com
2	c.clarity.ms	1 redirects
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	www.google.com	www.securonix.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	px.ads.linkedin.com	2 redirects
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.securonix.com www.googletagmanager.com
2	munchkin.marketo.net	www.securonix.com munchkin.marketo.net
1	bam.nr-data.net	js-agent.newrelic.com
1	c.bing.com	1 redirects
1	js-agent.newrelic.com	www.securonix.com
1	d.adroll.com	s.adroll.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.securonix.com
1	www.linkedin.com	1 redirects
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	j.6sc.co	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
1	179-djp-142.mktoresp.com	munchkin.marketo.net
1	fonts.gstatic.com	fonts.googleapis.com
1	lltrck.com	www.securonix.com
1	p.typekit.net	use.typekit.net
1	pages.securonix.com	www.securonix.com
1	ajax.googleapis.com	www.securonix.com
1	fonts.googleapis.com	www.securonix.com
175	39

This site contains links to these domains. Also see Links.

Domain
securonix.com
securonix.force.com
www.addtoany.com
www.nasa.gov
www.zdnet.com
www.proofpoint.com
zeltser.com
docs.microsoft.com
in.linkedin.com
www.instagram.com
twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-28` - `2023-05-28`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2022-03-07` - `2023-04-07`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
pages.securonix.com Cloudflare Inc ECC CA-3	`2022-05-03` - `2023-05-03`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
lltrck.com Go Daddy Secure Certificate Authority - G2	`2022-07-25` - `2023-08-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-30` - `2022-11-30`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-06-10` - `2022-12-10`	6 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
s.adroll.com Amazon	`2022-07-03` - `2023-08-01`	a year	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
drift.com Amazon	`2022-08-24` - `2023-09-21`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-08-15` - `2022-11-07`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2022-08-10` - `2023-09-08`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-07-10` - `2023-08-11`	a year	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-01-10` - `2023-02-10`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Frame ID: 03E682FAE2B3AF8FB31266F1F50A5222
Requests: 108 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.23.html
Frame ID: 33C9CE6A6792D56E0A9B71A507317AC4
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
Frame ID: 47C39215D9609E6013C65760B22B701C
Requests: 32 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
Frame ID: C5D6E9FFF7AF9CDCE58C9BFC9F107860
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Securonix Threat Labs Security Advisory: New Golang Attack Campaign GO#WEBBFUSCATOR Leverages Office Macros and James Webb Images to Infect Systems - Securonix

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AddToAny (Widgets) Expand

Overall confidence: 100%
Detected patterns

addtoany\.com/menu/page\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Select2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

select2(?:\.min|\.full)?\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

175
Requests

98 %
HTTPS

54 %
IPv6

25
Domains

39
Subdomains

35
IPs

5
Countries

2883 kB
Transfer

6537 kB
Size

33
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://securonix.com/resources/
Title: Resources by Topic

Search URL Search Domain Scan URL

URL: https://securonix.com/partners/
Title: Partners

Search URL Search Domain Scan URL

URL: https://securonix.com/partners/securonix-fusion/
Title: Technology Alliance

Search URL Search Domain Scan URL

URL: https://securonix.force.com/
Title: Partner Portal Login

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/share#url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&title=Securonix%20Threat%20Labs%20Security%20Advisory%3A%C2%A0New%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems
Title: Share

Search URL Search Domain Scan URL

URL: https://www.nasa.gov/image-feature/goddard/2022/nasa-s-webb-delivers-deepest-infrared-image-of-universe-yet
Title: deep field image

Search URL Search Domain Scan URL

URL: https://www.zdnet.com/article/go-malware-is-now-common-having-been-adopted-by-both-apts-and-e-crime-groups/
Title: rise gaining popularity

Search URL Search Domain Scan URL

URL: https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader
Title: Mustang Panda

Search URL Search Domain Scan URL

URL: https://zeltser.com/c2-dns-tunneling/
Title: DNSCAT2

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide
Title: Microsoft’s recommendations

Search URL Search Domain Scan URL

URL: https://in.linkedin.com/company/securonix

Search URL Search Domain Scan URL

URL: https://www.instagram.com/securonix/

Search URL Search Domain Scan URL

URL: https://twitter.com/Securonix

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Securonix/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCN3f7HTfuAlbbfy3RCQcd8w

Search URL Search Domain Scan URL

URL: https://securonix.com/contact-us/
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 74

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1662045933336&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D61924%26time%3D1662045933336%26url%3Dhttps%253A%252F%252Fwww.securonix.com%252Fblog%252Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%252F%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1662045933336&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1662045933336&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&liSync=true&e_ipv6=AQL_GLIf5YRc6QAAAYL5qFDGuG2zyROy6tHDbq8TzyGXo8YkoOqzXXq7fiiRtke1

Request Chain 78

https://s.adroll.com/j/exp/VJKZ2AZ6BRDQFPNHOW6CAP/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 79

https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 99

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=2FAC78509F454009990CBBEB0DCCFED9&RedC=c.clarity.ms&MXFR=12657B5C99DD66F01905694E9DDD684B HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=2FAC78509F454009990CBBEB0DCCFED9&MUID=1C32982C78B162B22CF78A3E791D63A4

175 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/ 119 KB
25 KB 111ms
75ms Document
text/html 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70feedeaddf39777b9cd59729d5a595f7b1e63c2b9a588dde118dd52e7816c1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 456
cache-control: public, max-age=600
cf-cache-status: DYNAMIC
cf-ray: 743f04e8284e5be5-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 01 Sep 2022 15:25:32 GMT
link: <https://www.securonix.com/wp-json/>; rel="https://api.w.org/" <https://www.securonix.com/wp-json/wp/v2/blog/15910>; rel="alternate"; type="application/json" <https://www.securonix.com/?p=15910>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=65C8TMwpyoYhpx2eTasT90WO%2FiCt4a7F1wJOEb0ZHL2NVd%2F3e26ZmZfOP2qx0%2Fq2%2FeBkK%2FJKdVwJmMjtSo9ygMossVW82sSnbx%2ByBMS%2Bi3PUMFaO87HMRF0%2BbSmv3%2Bu3nHJxDMBLNIHNrvkxtppZ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31622400
traceparent: 00-9ccdc24f6b564656b80605ec5e2e4c65-668893bf55c5af4c-00
vary: Accept-Encoding, Cookie, Cookie
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-cloud-trace-context: 9ccdc24f6b564656b80605ec5e2e4c65/7388317638688354124;o=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-67rzv
x-served-by: cache-chi-klot8100115-CHI, cache-fra19145-FRA
x-styx-req-id: 4178487b-2a09-11ed-a2ef-0a988cf2a7af
x-timer: S1662045933.872321,VS0,VE9
x-xss-protection: 1; mode=block

GET
H2 200 pjm0fus.css
use.typekit.net/ 28 KB
3 KB 44ms
9ms Stylesheet
text/css 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/pjm0fus.css

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

8f9e80f2512a9b40a734ff2d4e6a25f31cd87260e5a89b913ac61f5fa52f2291

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
server: nginx
date: Thu, 01 Sep 2022 15:25:32 GMT
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2381

GET
H2 200 css2
fonts.googleapis.com/ 18 KB
1 KB 74ms
27ms Stylesheet
text/css 2a00:1450:400e:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Work+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:800::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0c32078838463fe8175345deab44bf7659faf054f9e51b066b866b66ee1eabbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Sep 2022 15:25:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 01 Sep 2022 15:25:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Sep 2022 15:25:32 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 34ms
8ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1095
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Sep 2023 15:07:17 GMT

GET
H2 200 jquery.powertip.min.css
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/ 2 KB
983 B 21ms
19ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/jquery.powertip.min.css?ver=1.2.0

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

814189be4de21d42597f62ffcc0ee1d28b6326d795bbad2e922952cad4dabab1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1503768
x-pantheon-styx-hostname: styx-fe2-b-84754b68cd-cn5nv
x-cache: MISS, MISS
x-cloud-trace-context: 1fc9dbd112ab4378af0c784a7ba546e7/16844374047110892458;o=0
content-encoding: br
x-served-by: cache-mdw17332-MDW, cache-yyz4549-YYZ
last-modified: Fri, 24 Jun 2022 19:29:21 GMT
server: cloudflare
traceparent: 00-1fc9dbd112ab4378af0c784a7ba546e7-e9c33cf355da8baa-00
x-timer: S1656098984.853049,VS0,VE75
etag: W/"62b61091-70d"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YaXfeQ5Bld2DqCbXiiqX4DwHN9SDXwvOyfzhmwjV44%2B1oh8%2FWmeMMex5VBx3EjTeIJzHLx4p9Ms%2FfRnVaaaEcr5P6ybJWQe6hZpudvqLwTb4LJRkkRRxKCgYCssRELAullWC3s9ZaaQyuV%2BdiIpU"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: fffe43cf-f3f3-11ec-b988-ae55a18e80f8
expires: Sun, 25 Jun 2023 19:29:43 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a8f45be5-FRA
x-cache-hits: 0, 0

GET
H2 200 maps_points.css
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/ 5 KB
2 KB 29ms
27ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/css/maps_points.css?ver=1.2.2

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e2d296664123aed1106464a611ef20234a6eed68d82ed5b1afd66660b185c59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1503768
cf-polished: origSize=6896
x-pantheon-styx-hostname: styx-fe2-b-84754b68cd-f5rvt
x-cache: MISS, MISS
x-cloud-trace-context: 6dcc5d66d3304674b43005aaa69e84eb/8701192773422443399;o=0
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17339-MDW, cache-yyz4537-YYZ
last-modified: Fri, 24 Jun 2022 19:29:27 GMT
server: cloudflare
traceparent: 00-6dcc5d66d3304674b43005aaa69e84eb-78c0d8b9fe0a6b87-00
x-timer: S1656098984.889865,VS0,VE40
etag: W/"62b61097-1af0"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1MtFMx8U0bpRmmdK3fLH42LWt35iwGL2jOWElb370ougaZvKe%2Fh3nz7PBmmAT8Vazgt57y%2FPD80Bf7khTxYrul4BdKepw1cDlr0ml4c5foklr3s1OEhVZ9BLchqBkgwoXdbLVdsgu%2BsqkKqPncSG"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: fffe3307-f3f3-11ec-b06a-56a89519685d
expires: Sun, 25 Jun 2023 19:29:43 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a8f65be5-FRA
x-cache-hits: 0, 0

GET
H2 200 style.css
www.securonix.com/wp-content/themes/securonix/assets/css/ 406 KB
67 KB 40ms
38ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/css/style.css?ver=1662027700

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e628ca1e0a961f5ab964cf92ac6e47e1f7a6eb1432cf55c5b0d7b2b9b191aaeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13299
cf-polished: origSize=419694
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-v4d6f
x-cache: MISS, MISS
x-cloud-trace-context: cfd60d432ef7472dbc8a1452d7f616f8/12830713768404831397;o=0
cf-bgj: minify
content-encoding: br
x-served-by: cache-chi-klot8100052-CHI, cache-yyz4564-YYZ
last-modified: Thu, 01 Sep 2022 10:21:40 GMT
server: cloudflare
traceparent: 00-cfd60d432ef7472dbc8a1452d7f616f8-b20fda313c7bcca5-00
x-timer: S1662027708.139297,VS0,VE59
etag: W/"631087b4-6676e"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EGLV6Q%2FVoC5U%2FW7V8ehpzcx8FAjPJpqdLF37P7swKD016kDSzyFqKsTbLb9Cw3irJIXMo8kmw0US5IOL%2FTCimKdvm7BDiq9htKTkzyqvB%2Fbsj3eC%2Ff8yBXbE3DRqCI4v%2BifIXhP6PPCT6EUWhou1"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: e3058482-29df-11ed-8e40-c2f61cc77bd3
expires: Sat, 02 Sep 2023 10:21:48 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a8f85be5-FRA
x-cache-hits: 0, 0

GET
H2 200 stylesheet.css
www.securonix.com/wp-content/themes/securonix/assets/css/fonts/ 2 KB
812 B 25ms
23ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/css/fonts/stylesheet.css?ver=1662027700

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbb6162a3febf0d96b3372dd4f325d2ecd9b9c4e2c6d23e2c2b4eeeb3d7ccdb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13299
cf-polished: origSize=2058
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-d2tqg
x-cache: MISS, MISS
x-cloud-trace-context: b7a5838f7d894bc8979c2504b3e5978b/10323972105975654040;o=0
cf-bgj: minify
content-encoding: br
x-served-by: cache-chi-kigq8000042-CHI, cache-yyz4564-YYZ
last-modified: Wed, 31 Aug 2022 00:39:00 GMT
server: cloudflare
traceparent: 00-b7a5838f7d894bc8979c2504b3e5978b-8f461dee7fb86698-00
x-timer: S1662027709.519102,VS0,VE34
etag: W/"630eada4-80a"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FbUA9Dory15TSSF9k%2B%2F16p1aQq2Xr4dE%2BRV3VOhEfcSHbaE6GR69l5e8rBSU4iMkZLGy0nkf1k5ljLhYLAn0OYUVMGrubVfumjvC5%2B6ItlPG4u4AUIp2t%2Ftary02YiTlUx8HGeaKIZtx56rVHtcN"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: e33f7e40-29df-11ed-90a7-5261655bde4c
expires: Sat, 02 Sep 2023 10:21:48 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a8f95be5-FRA
x-cache-hits: 0, 0

GET
H2 200 addtoany.min.css
www.securonix.com/wp-content/plugins/add-to-any/ 1 KB
999 B 31ms
30ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.16

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2906916
x-pantheon-styx-hostname: styx-fe2-a-854c9bcdfb-5k4wl
x-cache: MISS, HIT
x-cloud-trace-context: 0a1a342050e6425c949dda718b2c1783/3483481223176672818;o=0
content-encoding: br
x-served-by: cache-mdw17355-MDW, cache-mia11366-MIA
last-modified: Mon, 14 Mar 2022 06:21:29 GMT
server: cloudflare
traceparent: 00-0a1a342050e6425c949dda718b2c1783-3057cfb759305632-00
x-timer: S1647266953.507217,VS0,VE1
etag: W/"622edee9-5ef"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aW8dGJ0TU6B6vQUXdU1%2F2OaGv3nLzxEDdKQsMHra422P%2F98bTM%2BJSDthm1BWFhyr5KLe7I2g6lu%2F1bF798pFlNMyjfGZhNf7wCH2K0UV3voGtMTc5G3OPT2dexat0fzzeDZ1A9x%2FrI%2Fxt77lc7LR"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 13a3b0a6-a3a0-11ec-934f-4a8c89ef3871
expires: Wed, 15 Mar 2023 14:07:26 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a8fa5be5-FRA
x-cache-hits: 0, 1

GET
H2 200 ubermenu.min.css
www.securonix.com/wp-content/plugins/ubermenu/pro/assets/css/ 66 KB
10 KB 47ms
45ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/ubermenu/pro/assets/css/ubermenu.min.css?ver=3.7.4

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7ba7e664816f88dde2f3f9b789e427087a5deb8986f708dd02bcfe1c0d8ff55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1945395
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-w46j9
x-cache: MISS, MISS
x-cloud-trace-context: cf1c6847ea354d198729efaa56c637b3/1527776692737494891;o=0
content-encoding: br
x-served-by: cache-chi-klot8100076-CHI, cache-yyz4546-YYZ
last-modified: Thu, 28 Jul 2022 01:38:08 GMT
server: cloudflare
traceparent: 00-cf1c6847ea354d198729efaa56c637b3-1533c0cebabd4f6b-00
x-timer: S1659124019.931051,VS0,VE35
etag: W/"62e1e880-1062c"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uxD5VrwqGIbFSzRFKgKAEg2VECeJbv2OcVUGORMiKORl%2FAX32O5iafJlQTZc36jUInaRek2oeRn1JlpXAPWsE5O6t7OrsqduVd0pFj56HnqlGi3aZFXDAU8bCw8722xj7mgL3fD73xG4g3Kc%2BBtR"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 3561a76a-0f77-11ed-9a1c-baad6db64fcd
expires: Sun, 30 Jul 2023 19:46:58 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a9015be5-FRA
x-cache-hits: 0, 0

GET
H2 200 all.min.css
www.securonix.com/wp-content/plugins/ubermenu/assets/fontawesome/css/ 57 KB
13 KB 30ms
29ms Stylesheet
text/css 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/ubermenu/assets/fontawesome/css/all.min.css?ver=6.0

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5945094
x-pantheon-styx-hostname: styx-fe2-a-55bc5f95bf-8swfd
x-cache: MISS, MISS
x-cloud-trace-context: 53b396d95b5e4c8bb889103994277a7a/3913133278735013008;o=0
content-encoding: br
x-served-by: cache-mdw17341-MDW, cache-yyz4533-YYZ
last-modified: Fri, 24 Jun 2022 19:29:22 GMT
server: cloudflare
traceparent: 00-53b396d95b5e4c8bb889103994277a7a-364e3dfbfdc29490-00
x-timer: S1656098985.986054,VS0,VE37
etag: W/"62b61092-e4d2"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TUUrYeGxaH4tNok68BJpcm4uvStrXMmTYg4WiJrE6qbKvkCJmqBec%2BzVegq2EsVBIqksr9c96sjHXmvNmVwRAwBMPoE4qpLuA5Czpg9wts%2BW7%2FziwsxqoLjLazoCpEh%2BBQxPx34yKsor1%2B0cJGYp"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-styx-req-id: 00a4d1af-f3f4-11ec-9084-2e7d2c36736d
expires: Sun, 25 Jun 2023 19:29:45 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a9025be5-FRA
x-cache-hits: 0, 0

GET
H2 200 jquery.min.js Show response
www.securonix.com/wp-includes/js/jquery/ 87 KB
32 KB 37ms
36ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 359663
x-pantheon-styx-hostname: styx-fe2-b-f66bf767-tmrbw
x-cache: MISS, MISS
x-cloud-trace-context: c02c1903a57448faac0df0a36e15c378/17634045541647385291;o=0
content-encoding: br
x-served-by: cache-mdw17359-MDW, cache-mia11321-MIA
last-modified: Mon, 14 Mar 2022 06:21:30 GMT
server: cloudflare
traceparent: 00-c02c1903a57448faac0df0a36e15c378-f4b8b6fdaef402cb-00
x-timer: S1647266946.211287,VS0,VE59
etag: W/"622edeea-15db1"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2PWtTB6QTrOSRFXivcnoyoCGoZ45VdX9f7GOLVZjJd8KSqI0Z6C4XRFbbPep8sdw00dGKmv9YbKwFmYkPLxX%2FpfQnJrB3GwQsRo5DJbhb6mfys%2FGoNQiilMjBJl8Jipr8V1kYtyd%2FCstRTECn7f4"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 4f4f5d32-a3a0-11ec-b140-f600ebb86140
expires: Wed, 15 Mar 2023 14:09:06 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a9035be5-FRA
x-cache-hits: 0, 0

GET
H2 200 jquery-migrate.min.js Show response
www.securonix.com/wp-includes/js/jquery/ 11 KB
5 KB 32ms
31ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5805287
x-pantheon-styx-hostname: styx-fe2-a-854c9bcdfb-znszp
x-cache: MISS, HIT
x-cloud-trace-context: 3480a2d99adc4eeba7b7305e2061002d/7537799772502167954;o=0
content-encoding: br
x-served-by: cache-mdw17380-MDW, cache-mia11379-MIA
last-modified: Sat, 26 Feb 2022 13:37:10 GMT
server: cloudflare
traceparent: 00-3480a2d99adc4eeba7b7305e2061002d-689ba4f4c4031192-00
x-timer: S1647266953.506302,VS0,VE1
etag: W/"621a2d06-2bd8"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bY5Lh8nUov4%2BEVshYoLGkLOIxecKqjBDkgSfkWdp1zMFikETPyQZoOSo%2B9uZEf%2FX2MFafz%2BqmABIQW9BlgDgmiys9iSMxeYJ32Q46nhLEnvx9SaGdfS152pV60C%2BJD4JmcAz9rrcnTl0K%2BpJXQqT"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: e757a719-97f3-11ec-89ec-6e2ddf56e5b4
expires: Tue, 28 Feb 2023 17:37:15 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a9045be5-FRA
x-cache-hits: 0, 2

GET
H2 200 language-cookie.js Show response
www.securonix.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/ 185 B
783 B 29ms
28ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/sitepress-multilingual-cms/res/js/cookies/language-cookie.js?ver=4.5.8

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e830cef6395dcf3b3640b9b67986a48eb98d994e87405c75a0f1846a2a9ad996

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3647861
cf-polished: origSize=226
x-pantheon-styx-hostname: styx-fe2-b-84754b68cd-lf6p6
x-cache: MISS, MISS
x-cloud-trace-context: 029ddc17e34c4fb9a7722856e832de6e/3926716062234311421;o=0
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17380-MDW, cache-yyz4559-YYZ
last-modified: Fri, 24 Jun 2022 19:29:22 GMT
server: cloudflare
traceparent: 00-029ddc17e34c4fb9a7722856e832de6e-367e7f74374bfafd-00
x-timer: S1656098985.004643,VS0,VE36
etag: W/"62b61092-e2"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2BRbLuj%2BhmCtLKOgdo%2FMwCHF3nYI0XpzxXhHWhqVH%2FFIxe1nZ%2BTWo%2FiFzTw5CLEAwsKzEVH5hf4s6wcw%2BgC2HApGLaa9sQ6YD8tCe8Q3MfpOhMeei3tgLescLrlXMJsLIVRXlkgAHrbFDXk5Zfob"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 00a7af90-f3f4-11ec-a23f-6e0fc938c1ce
expires: Sun, 25 Jun 2023 19:29:45 GMT
cache-control: max-age=31622400
cf-ray: 743f04e8a9055be5-FRA
x-cache-hits: 0, 0

GET
H2 200 page.js Show response
static.addtoany.com/menu/ 3 KB
2 KB 52ms
17ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/page.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84ab83a5ddc3b0d7f10f7d165e3e334de42ad254a1a84ab89b7cfba1e3b131b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: e2s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 135199
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 07 Aug 2022 01:47:09 GMT
server: cloudflare
etag: W/"abe-5e59ce0951c4a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=172800
cf-ray: 743f04e9bf6f9156-FRA
cf-bgj: minify

GET
H2 200 addtoany.min.js Show response
www.securonix.com/wp-content/plugins/add-to-any/ 129 B
645 B 88ms
81ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/add-to-any/addtoany.min.js?ver=1.1

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1503766
x-pantheon-styx-hostname: styx-fe2-a-854c9bcdfb-25db4
x-cache: MISS, HIT
x-cloud-trace-context: bb17753ed8934486a230941c93f40446/3862097090151295144;o=0
content-encoding: br
x-served-by: cache-mdw17348-MDW, cache-mia11354-MIA
last-modified: Mon, 14 Mar 2022 06:21:29 GMT
server: cloudflare
traceparent: 00-bb17753ed8934486a230941c93f40446-3598ecd75a89a8a8-00
x-timer: S1647266959.194374,VS0,VE1
etag: W/"622edee9-81"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ewClney7nfOBo1X7zpItJBTjp9WuHhATKGKHGpnPAWIr2fizpcoga92JzK0rcwqywwfFnVa1cepPtK0g2yxWBZji38Fx2i4FEvow6nyoIgXHmO0SHP3qS1OLCYUXdFTBmVaBihyChM2OeTmL9CzH"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 13692af4-a3a0-11ec-9ef3-8a10d23a32ca
expires: Wed, 15 Mar 2023 14:07:25 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a265be5-FRA
x-cache-hits: 0, 1

GET
H2 200 Next-Gen-SIEM.png
www.securonix.com/wp-content/uploads/2021/09/ 4 KB
4 KB 39ms
33ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/09/Next-Gen-SIEM.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c6f02c53af41bf4eab71b1f6f5a6fc7e6e85ae684726c8a94c333d9149a578

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4612762
cf-polished: origFmt=png, origSize=13464
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Next-Gen-SIEM.webp"
cf-bgj: imgq:85,h2pri
content-length: 3912
x-served-by: cache-mdw17377-MDW, cache-yyz4558-YYZ
expires: Fri, 07 Jul 2023 22:03:31 GMT
last-modified: Fri, 03 Dec 2021 17:18:42 GMT
server: cloudflare
traceparent: 00-778a5c208b1d4ec884d5cf1a3e04bb39-409348fc16f12951-00
x-timer: S1657145012.620794,VS0,VE176
etag: "61aa5172-3498"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kzk0ou5jwy1WcMpndxbYf%2FlTf%2BIvx7fErHAtWOp9HvCjHeGtu50da%2B1sQwCGsc8AEXYtcMylbObiHeOgYxl%2FiqngbqUdfrh5WNfUG5OyvukUDvByJ%2FJtnM31xNHcTA57hpAectGwcQ5S3yFnED2%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 791a744a-fd77-11ec-ab53-eec8d8bd40a6
x-cloud-trace-context: 778a5c208b1d4ec884d5cf1a3e04bb39/4653143087557716305;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a275be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-55bc5f95bf-dswzw

GET
H2 200 UEBA.png
www.securonix.com/wp-content/uploads/2021/09/ 3 KB
3 KB 29ms
23ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/09/UEBA.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b3b71c71974d1254250a2c3f5fc59fb228a49e7d3a9a9cf0d7e3dfd111cdf39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3398286
cf-polished: origFmt=png, origSize=9039
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-disposition: inline; filename="UEBA.webp"
cf-bgj: imgq:85,h2pri
content-length: 2778
x-served-by: cache-mdw17344-MDW, cache-yyz4547-YYZ
expires: Tue, 04 Jul 2023 12:27:34 GMT
last-modified: Fri, 03 Dec 2021 17:18:42 GMT
server: cloudflare
traceparent: 00-99b5eeb1ecab420c8e7e7038676a6bb1-0e0ea2509aaa273d-00
x-timer: S1657128363.039789,VS0,VE11
etag: "61aa5172-234f"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=swwkVjlYePTQFw%2Fr%2Fr8c9G0WEmW9lgtN%2F9OfX4Niwac7N0SeEx0M9%2B%2B8%2BJwPqfohXyqG5kKyGRNCTlJlNG%2Bc9oflSv1G35azzGQqEKK%2FttupCsv6U6KwUNT12DQy%2Bmk6lWKPZeCs%2FfoUrEIcMTIU"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 83e226fe-facb-11ec-a3aa-aa9fa1b8e13d
x-cloud-trace-context: 99b5eeb1ecab420c8e7e7038676a6bb1/1012925433280866109;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a295be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-55bc5f95bf-fwl5f

GET
H2 200 Open-XDR.png
www.securonix.com/wp-content/uploads/2021/09/ 6 KB
6 KB 27ms
21ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/09/Open-XDR.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72a2177b6bc91437be1155d80ed03bdc6c87661f0816cd0805b43011bcc86894

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 674946
cf-polished: origFmt=png, origSize=17156
x-cache: HIT, MISS
x-cache-hits: 1, 0
content-disposition: inline; filename="Open-XDR.webp"
cf-bgj: imgq:85,h2pri
content-length: 5892
x-served-by: cache-chi-klot8100123-CHI, cache-yyz4551-YYZ
expires: Thu, 13 Jul 2023 12:11:12 GMT
last-modified: Fri, 03 Dec 2021 17:18:42 GMT
server: cloudflare
traceparent: 00-69e0d67ba0fd4723aa19ec1dee6a9d2d-afa8e16d0fb45702-00
x-timer: S1659560723.626743,VS0,VE17
etag: "61aa5172-4304"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BVu4riugGa9pNh3sxFi7Fom34LBtKtU7ZZAAD8S686xQLC1VGrc3aPxyfK1mnoF5KBx5jPHB8RJYG%2BxZgc%2FVyu7HdUK9H5tryVG9x%2Bea6vBQmBHEWWQziZZddIQNz0GvVRYNfBTT%2FGNFy9aedt%2F9"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: b859bd19-01db-11ed-bb67-b6f3af40f25a
x-cloud-trace-context: 69e0d67ba0fd4723aa19ec1dee6a9d2d/12657614611255940866;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a2a5be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-84754b68cd-w6mjh

GET
H2 200 snowflake_plus_securonix2.png
www.securonix.com/wp-content/uploads/2021/12/ 6 KB
6 KB 35ms
29ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/12/snowflake_plus_securonix2.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc1371df7c8bb882a40a23f525d33dffe96caa52b99f709834a74761aee168d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3398286
cf-polished: origFmt=png, origSize=18076
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="snowflake_plus_securonix2.webp"
cf-bgj: imgq:85,h2pri
content-length: 5896
x-served-by: cache-mdw17327-MDW, cache-mia11326-MIA
expires: Fri, 09 Jun 2023 20:32:53 GMT
last-modified: Fri, 03 Dec 2021 17:18:42 GMT
server: cloudflare
traceparent: 00-7ec9fd8ae7b244f8bae90f7d0c7bf089-b920b080b3e2cb2b-00
x-timer: S1654720374.668593,VS0,VE253
etag: "61aa5172-469c"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D3bO5DpJ5RId3VQFgu1YNx7F73nO0ip8dstYYR%2F1YnurdSNBPOWziYEt2lHmMUe5%2FIIerKs8M%2F9x4iS3qDVebtFOtIgd0YC95z3iPbQrevdWvjDipv%2F1BzlEDiOf1XfbQJB1ByDihhlr5Kkfhl5%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 2c450f68-e76a-11ec-9fe9-b2c42b5a441c
x-cloud-trace-context: 7ec9fd8ae7b244f8bae90f7d0c7bf089/13339856163091696427;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a2b5be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c84d4fcb-sfz8z

GET
H2 200 icon_byoc_240x240.png
www.securonix.com/wp-content/uploads/2022/04/ 2 KB
2 KB 41ms
36ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/04/icon_byoc_240x240.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41ffe9422818faa1f1a0723e9e18982b31b1fe71e13615102dc43a004f3bcc51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 359663
cf-polished: origFmt=png, origSize=3834
x-cache: HIT, MISS
x-cache-hits: 1, 0
content-disposition: inline; filename="icon_byoc_240x240.webp"
cf-bgj: imgq:85,h2pri
content-length: 1622
x-served-by: cache-chi-klot8100116-CHI, cache-yyz4536-YYZ
expires: Sun, 06 Aug 2023 12:44:48 GMT
last-modified: Wed, 13 Apr 2022 16:35:00 GMT
server: cloudflare
traceparent: 00-738207ffae3f449cbcea116d8a12e4f6-a106d3ad3eab8511-00
x-timer: S1661281637.120277,VS0,VE18
etag: "6256fbb4-efa"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bx7IYNC3RsTXYtdIHsZ7lDKqmmJWxxNQUNENLUF%2B%2Fcj4P9GFkQvqdpaPFktOm3XtgeajLahS53RncfEteZ1dkd8V1bzax9HNVU1rjr2DepBMSdq8XgrxXb2tDy8j7VCfHjsAO4ygwwwrgk5cnBx7"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 64343f78-14bc-11ed-9096-4e2eed24bba1
x-cloud-trace-context: 738207ffae3f449cbcea116d8a12e4f6/11603194231000892689;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a2d5be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-kj9xl

GET
H2 200 Golang0.png
www.securonix.com/wp-content/uploads/2022/08/ 124 KB
125 KB 39ms
34ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang0.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ca9d8cbfe9c3a6118e3fdbdf356e2772836c45d8c8402eeb68498dfb6c438cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=198774
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang0.webp"
cf-bgj: imgq:85,h2pri
content-length: 127324
x-served-by: cache-chi-kigq8000063-CHI, cache-yyz4580-YYZ
expires: Wed, 30 Aug 2023 21:39:01 GMT
last-modified: Mon, 29 Aug 2022 21:38:49 GMT
server: cloudflare
traceparent: 00-a3929ac3cd0448afa3eb227e1675480b-c32ff98bac7ec167-00
x-timer: S1661809141.191695,VS0,VE305
etag: "630d31e9-30876"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2FXtzRJnzFpMGE1wrH2rQ%2FhGqa8R2nEUY3rHQ0LSF07JoufR1lbFvrFxg82j2llF0VBf3TZ361UID5s9%2BRVGhc3kE2SNsYdGKe9uSZb0%2FucaaMvdYg%2FA2QJ1Wwx3DyZjX7PHDSqik87j2NDjw5Hi"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: fef75b6d-27e2-11ed-9cb9-5a83f4138f0e
x-cloud-trace-context: a3929ac3cd0448afa3eb227e1675480b/14064734539591106919;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a305be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-zd2xb

GET
H2 200 Golang1.png
www.securonix.com/wp-content/uploads/2022/08/ 185 KB
186 KB 31ms
26ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang1.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4982c043d136b44ffd3b29577370647c1b87d481090eb0632222e5902e4cd8e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=295136
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang1.webp"
cf-bgj: imgq:85,h2pri
content-length: 189910
x-served-by: cache-chi-kigq8000097-CHI, cache-yyz4561-YYZ
expires: Wed, 30 Aug 2023 21:39:45 GMT
last-modified: Mon, 29 Aug 2022 21:39:24 GMT
server: cloudflare
traceparent: 00-6a5e8f2fc9314742b6a9be797c4a266e-35972600cc339416-00
x-timer: S1661809185.358784,VS0,VE105
etag: "630d320c-480e0"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFZRAyuZlgvLnAnPUoFs%2FaMXBD99vufW1WuWBAmvQ0a3csNut7JHyhL%2FpUK9gMJfMo26mx1FjgU%2FCkeYl%2BtIc%2B5HO%2FGSO3ADIydtlU0Qxn6%2FIhRF5s6VVn6Ur%2BiLX4iootwNgtQkokk8%2FcyaABu1"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 194ab4a4-27e3-11ed-bb0d-a2ac047d033a
x-cloud-trace-context: 6a5e8f2fc9314742b6a9be797c4a266e/3861596990361277462;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a325be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-79np8

GET
H2 200 Golang2.png
www.securonix.com/wp-content/uploads/2022/08/ 77 KB
77 KB 38ms
33ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang2.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1b940e0f3e56645260eb1a8477620213dc239da9fe88c23e8f5eaead8f97e44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=113055
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang2.webp"
cf-bgj: imgq:85,h2pri
content-length: 78364
x-served-by: cache-chi-kigq8000094-CHI, cache-yyz4535-YYZ
expires: Wed, 30 Aug 2023 21:40:24 GMT
last-modified: Mon, 29 Aug 2022 21:40:12 GMT
server: cloudflare
traceparent: 00-e9660a48c9c240dea02bd43712ea31a3-6f3d4ea2f3d9cc08-00
x-timer: S1661809224.103234,VS0,VE160
etag: "630d323c-1b99f"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Ee5HeK71JuX28dR%2BkuSjWSLT5xDhYNNwE0tKyOw8KUuER1jLE1pJp%2B9TzVdCc4TzaGz3RnSIBUQdQMA1%2BaeoAHju8%2FoB63z%2F3Pn4%2Fov4hKJdbG9fulQO7%2B%2Bv5zo5vrbN7z5BSj%2ByP%2BtVWC8MSGk"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 3062f69b-27e3-11ed-928c-0a988cf2a7af
x-cloud-trace-context: e9660a48c9c240dea02bd43712ea31a3/8015649373572156424;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a335be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-67rzv

GET
H2 200 Golang3.png
www.securonix.com/wp-content/uploads/2022/08/ 83 KB
84 KB 66ms
61ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang3.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5037b0e817c4f08c1dc6bf38fa3e6611f8fc3fc3646b79c069a78270101c4a02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=126790
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang3.webp"
cf-bgj: imgq:85,h2pri
content-length: 85410
x-served-by: cache-chi-klot8100113-CHI, cache-yyz4561-YYZ
expires: Wed, 30 Aug 2023 21:40:56 GMT
last-modified: Mon, 29 Aug 2022 21:40:45 GMT
server: cloudflare
traceparent: 00-0619aebc0e3d4136a9a0043f1c7adafe-913ceb397effabfb-00
x-timer: S1661809256.275359,VS0,VE195
etag: "630d325d-1ef46"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aN9WnmT4Esi%2BuHnCRAbYu2v80ghwp%2BQ4UrUVqEjQJ9EheeZMfj4G8yg9MQjbIYccRYKhOiDHAhgl2adAGxvHuxuIsCbBriQq9lPqWJZyn9%2BnUTeXukR%2FqnyK7vlMwvMnNW1YfCeA0Qp93Q0okVTy"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 438fd3c3-27e3-11ed-9e2d-027000cc9b64
x-cloud-trace-context: 0619aebc0e3d4136a9a0043f1c7adafe/10465498266278538235;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a345be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-lqhqp

GET
H2 200 Golang4.png
www.securonix.com/wp-content/uploads/2022/08/ 75 KB
76 KB 70ms
66ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang4.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96d6f4baf65d80e00b55cef3e5c8ba182ec64304b29859f098caf787d88405ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=117289
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang4.webp"
cf-bgj: imgq:85,h2pri
content-length: 77256
x-served-by: cache-chi-kigq8000069-CHI, cache-yyz4565-YYZ
expires: Wed, 30 Aug 2023 21:41:33 GMT
last-modified: Mon, 29 Aug 2022 21:41:22 GMT
server: cloudflare
traceparent: 00-97f260f4d14d444093e03c7247c1a6a8-3760a49af3a815c9-00
x-timer: S1661809294.675923,VS0,VE191
etag: "630d3282-1ca29"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UCzg49%2FffkokA58UOZelkXy2ZotpYnuijq7oqSMa56QAd5qGs%2FT4LPF5SZc3jyMXAPFMQJeFp9lpnWxw7J%2FiXy%2Buu2qsnHO6IABFdU5amgc0mT%2BEFgOf9FHnRNw8lQtEvbEAk0xQxpRC5fXkDrJc"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 59dad213-27e3-11ed-bb0d-a2ac047d033a
x-cloud-trace-context: 97f260f4d14d444093e03c7247c1a6a8/3990370255270057417;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a355be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-79np8

GET
H2 200 Golang5.png
www.securonix.com/wp-content/uploads/2022/08/ 124 KB
125 KB 74ms
69ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang5.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ca9d8cbfe9c3a6118e3fdbdf356e2772836c45d8c8402eeb68498dfb6c438cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=198774
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang5.webp"
cf-bgj: imgq:85,h2pri
content-length: 127324
x-served-by: cache-chi-kigq8000142-CHI, cache-yyz4551-YYZ
expires: Wed, 30 Aug 2023 21:42:07 GMT
last-modified: Mon, 29 Aug 2022 21:41:57 GMT
server: cloudflare
traceparent: 00-7b44d3c4b0dc4ec488f59f7f2bf68506-414b53f66aa112c1-00
x-timer: S1661809327.988311,VS0,VE175
etag: "630d32a5-30876"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q7dznIUEOxJZL5XXFdTbEqUsiTIpDm2hdwSIPSk4EbzVoRBSb9dUlfMPWyRHGhokS7mjQgzbQjrzslwflVdkV242PgBk%2FgCdZz%2B3IFAftI4VKEphLedhH6Mko0mejvpdWWeVvSKjVkYW%2BcyQuHwc"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 6db5e2ea-27e3-11ed-90a7-5261655bde4c
x-cloud-trace-context: 7b44d3c4b0dc4ec488f59f7f2bf68506/4704946553534616257;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a385be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-d2tqg

GET
H2 200 Golang6.png
www.securonix.com/wp-content/uploads/2022/08/ 37 KB
38 KB 68ms
63ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang6.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7e66776606a4057cb80e698b60f92e298786496bfb6e3caf506abf0a058db50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=56718
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang6.webp"
cf-bgj: imgq:85,h2pri
content-length: 37792
x-served-by: cache-chi-klot8100033-CHI, cache-yyz4522-YYZ
expires: Wed, 30 Aug 2023 21:42:34 GMT
last-modified: Mon, 29 Aug 2022 21:42:23 GMT
server: cloudflare
traceparent: 00-6f5c6c71e24c4504baff9d817502fa01-a07edcb0401ae456-00
x-timer: S1661809354.017612,VS0,VE178
etag: "630d32bf-dd8e"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wk7%2FUehRpZrvTSMBviwYgI9SOGdZq72QBOpUwfuhnZy4SByKf5VAmdGzT1OFIcjyOMwjn8yos4TEu93ZPFOhV6mqub%2BodpRpBExPNwd5990Xam586PS4P8%2BbR6v848h79IAVxJn%2FG2DrD1R0ZxZX"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 7dd216fb-27e3-11ed-ab8f-ca1942f2dcd4
x-cloud-trace-context: 6f5c6c71e24c4504baff9d817502fa01/11564923542681871446;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a395be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-4klrs

GET
H2 200 Golang7.png
www.securonix.com/wp-content/uploads/2022/08/ 96 KB
96 KB 35ms
30ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang7.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9238095f73e45d738bd780ad54050c981590042570eb974b29b4eb17aa270d20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=140308
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang7.webp"
cf-bgj: imgq:85,h2pri
content-length: 97874
x-served-by: cache-chi-klot8100072-CHI, cache-yyz4544-YYZ
expires: Wed, 30 Aug 2023 21:43:14 GMT
last-modified: Mon, 29 Aug 2022 21:43:00 GMT
server: cloudflare
traceparent: 00-5dabceef0aa04ecea75e74632aada911-d386fb8557bd926b-00
x-timer: S1661809395.559890,VS0,VE143
etag: "630d32e4-22414"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KK79UH1fG54j%2B3WhdfWGPL%2BSiL205X%2F6VkMjw9cm08ykAXI5wiA6upxf37r5yOi5P%2F86rcnI7wALakl7kT%2BTv1PfbDwr3noDh0zbpj586cJ4%2BvzO26qfBPMxlC3S7QBGGoZ9FR6eueQ3lWoqiYCG"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 95fc7dbe-27e3-11ed-9e2d-027000cc9b64
x-cloud-trace-context: 5dabceef0aa04ecea75e74632aada911/15242146539003286123;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a3b5be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-lqhqp

GET
H2 200 Golang8.png
www.securonix.com/wp-content/uploads/2022/08/ 71 KB
72 KB 61ms
57ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang8.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

822d9f63010492e9e3ef4764f0747a97a5e75aa4d6e6010ad6d858c6728c44fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=107188
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang8.webp"
cf-bgj: imgq:85,h2pri
content-length: 72902
x-served-by: cache-chi-kigq8000086-CHI, cache-yyz4522-YYZ
expires: Wed, 30 Aug 2023 21:45:03 GMT
last-modified: Mon, 29 Aug 2022 21:44:53 GMT
server: cloudflare
traceparent: 00-b22ebbceee4f4cada3dfe607e322c36f-b09a0861b4dd7782-00
x-timer: S1661809503.461338,VS0,VE127
etag: "630d3355-1a2b4"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MhNIW5fpQqehBY0ArKO%2BYH3Xx6GJ9GiCbSgc%2BwiN8UfnmUY3NeikJgZy7f6NYLXI5DVDpKSFVboPnkuLUtJcamm9hfgAgurm15v9feXmf7%2F2fbbabTLn4czIgiL%2BTCDb1enNAgGbme%2FLsH1JP3%2B1"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: d6e56725-27e3-11ed-bb0d-a2ac047d033a
x-cloud-trace-context: b22ebbceee4f4cada3dfe607e322c36f/12725492912828020610;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a3f5be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-79np8

GET
H2 200 Golang9.png
www.securonix.com/wp-content/uploads/2022/08/ 179 KB
180 KB 75ms
71ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang9.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20804ff5ee452d138617f9efdc826981160f9040dafcdd1fb7c9978ab999d54c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=263536
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang9.webp"
cf-bgj: imgq:85,h2pri
content-length: 183624
x-served-by: cache-chi-klot8100037-CHI, cache-yyz4520-YYZ
expires: Wed, 30 Aug 2023 21:45:41 GMT
last-modified: Mon, 29 Aug 2022 21:45:32 GMT
server: cloudflare
traceparent: 00-868d9245f0da4063b3685ebb16b80995-033bd7f35db4c89e-00
x-timer: S1661809541.474363,VS0,VE208
etag: "630d337c-40570"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kcAErI5N87kU05ajY064r5ce7Uy0nKSmE%2FNfkHo5%2F9w6ejS72RJkN1lqkDIGK%2BP4T8p3UeUIhY4lQoZpQW5yODkrqR9Bt0PXCeQmypOhNGCATN8BclM1FKddlf4B3WeOuBsBmrDV02vURcNBULW4"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: ed8dcb06-27e3-11ed-98f0-2a65d2481a20
x-cloud-trace-context: 868d9245f0da4063b3685ebb16b80995/233017245988866206;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a405be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-mqk9c

GET
H2 200 Golang10.png
www.securonix.com/wp-content/uploads/2022/08/ 77 KB
77 KB 39ms
35ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/Golang10.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3cab90ff5e90baef068351689b53ae8b3a03762f8e8d52460a729de7ed4fa43d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131999
cf-polished: origFmt=png, origSize=113477
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="Golang10.webp"
cf-bgj: imgq:85,h2pri
content-length: 78388
x-served-by: cache-chi-kigq8000098-CHI, cache-yyz4536-YYZ
expires: Wed, 30 Aug 2023 21:47:46 GMT
last-modified: Mon, 29 Aug 2022 21:47:35 GMT
server: cloudflare
traceparent: 00-6bb694fa822c4ee98ab02899f1bad6af-0d46e2771d5662cb-00
x-timer: S1661809667.668432,VS0,VE189
etag: "630d33f7-1bb45"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FE%2FDAwziAoV%2BRptUTr0rjfj5smZKi%2FipPfsq91ETmYZ5uIbzRHbwpje2NmiognGLLuU2tGMvUTuSuvs5xu1QTdz2szvGeKYEWpyX%2BsS4Es4WJdq8aHC56DqXlS1Wr3AGibrpKQuW9xLUQMWCJGzr"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 382cda2c-27e4-11ed-98f0-2a65d2481a20
x-cloud-trace-context: 6bb694fa822c4ee98ab02899f1bad6af/956700972083995339;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a425be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-mqk9c

GET
H2 200 cyentia_thumbnail.png
www.securonix.com/wp-content/uploads/2022/08/ 15 KB
16 KB 38ms
34ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/08/cyentia_thumbnail.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

892653ffaf678d6b6a7767c6e9036034c22fdb455d8b10b72f04750110a9b2a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 61385
cf-polished: origFmt=png, origSize=30152
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="cyentia_thumbnail.webp"
cf-bgj: imgq:85,h2pri
content-length: 15716
x-served-by: cache-chi-klot8100131-CHI, cache-yyz4555-YYZ
expires: Sun, 27 Aug 2023 21:50:24 GMT
last-modified: Fri, 26 Aug 2022 21:50:20 GMT
server: cloudflare
traceparent: 00-f6a29bd556d345999a49841f0eb1cb97-9a383e88376c829d-00
x-timer: S1661550625.723675,VS0,VE154
etag: "6309401c-75c8"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dZxiQ5ZeoIYpkZHtNfQxTP83gWmLOPB4XYpo4VzLHRHEuSp17Lf1kWLkzEgVbPe4fp0A2GeKApbXvVv9gm%2BrS%2B8Q%2B7bzrKjTuzVh3eXAHuBzoMp%2F4YdepoD4etMxHOU3%2FUoH1vfSOfnoq0yB6JFy"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 172afbb7-2589-11ed-9557-0e9152a8036a
x-cloud-trace-context: f6a29bd556d345999a49841f0eb1cb97/11112700835303031453;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e98a475be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-p8z25

GET
H2 200 forms2.min.js Show response
pages.securonix.com/js/forms2/js/ 208 KB
69 KB 90ms
22ms Script
application/x-javascript 104.17.70.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pages.securonix.com/js/forms2/js/forms2.min.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.70.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3fb9332b030dc33a418be1bcd7282c9052c287fb923bd36295cb3d01db9a861

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Sat, 27 Aug 2022 03:44:38 GMT
server: cloudflare
age: 541
etag: "20375b-33e56-5e730d98efc60"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 743f04e98c5e9bee-FRA
expires: Thu, 01 Sep 2022 19:25:33 GMT

GET
H2 200 jquery.powertip.min.js Show response
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 11 KB
5 KB 20ms
20ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/jquery.powertip.min.js?ver=1.2.0

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80b41604ed76eb37787a40ba315a3af3a5c83b3bce68e39037deb9202582abc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5945094
x-pantheon-styx-hostname: styx-fe2-b-84754b68cd-dmzlh
x-cache: MISS, MISS
x-cloud-trace-context: f33e81b4fc09475ab970ed7569f5d815/6989733991764859018;o=0
content-encoding: br
x-served-by: cache-mdw17383-MDW, cache-yyz4520-YYZ
last-modified: Fri, 24 Jun 2022 19:29:23 GMT
server: cloudflare
traceparent: 00-f33e81b4fc09475ab970ed7569f5d815-61008608459e188a-00
x-timer: S1656098985.089816,VS0,VE38
etag: W/"62b61093-2ae5"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D4gytHWBSh3VtkttPmQxDfAYA33Sjf568U3Kw48aCV18oGtInkH0OsfdXZJyf3%2Bsi%2BpvLvRSomW3JYJ4NHFMmfsqtqtAKSBUpMH0RTi8wS76gVsJ%2FKqUlkexHaDKkAukCHm2HXxVGHvDdFkznpwX"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 00b4b8d3-f3f4-11ec-aa78-f20187ecda92
expires: Sun, 25 Jun 2023 19:29:45 GMT
cache-control: max-age=31622400
cf-ray: 743f04e9298a5be5-FRA
x-cache-hits: 0, 0

GET
H2 200 maps_points.js Show response
www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/ 504 B
913 B 26ms
20ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/devvn-image-hotspot/frontend/js/maps_points.js?ver=1.2.2

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb698b4af30a506bea5e24025b0f742db88461e40a7f9f2f24293ad810bdf842

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5945095
cf-polished: origSize=606
x-pantheon-styx-hostname: styx-fe2-a-55bc5f95bf-l5hft
x-cache: MISS, MISS
x-cloud-trace-context: 31d5f3b1691d479ba5e5e760719fb983/5485586898781916879;o=0
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17359-MDW, cache-yyz4557-YYZ
last-modified: Fri, 24 Jun 2022 19:29:27 GMT
server: cloudflare
traceparent: 00-31d5f3b1691d479ba5e5e760719fb983-4c20b838766ececf-00
x-timer: S1656098985.086356,VS0,VE36
etag: W/"62b61097-25e"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ymM%2FV4b%2Fa4MGnTfjb8hbgiGMtNt8Rco8bnWI45pntpABAmj9gv7IFOY%2BHzowcogdI78CAbchkGH%2Fw3Lq89GE4kaNwrkymSOb3rR%2BXaVS3Mc68ghK%2FXFxaMTqJChhLzk7xDcvDvDt2rSptjEeiLrw"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 00b420ee-f3f4-11ec-90e5-3a5a9e46a417
expires: Sun, 25 Jun 2023 19:29:45 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a115be5-FRA
x-cache-hits: 0, 0

GET
H2 200 modernizr.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/vendor/ 16 KB
6 KB 72ms
64ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/vendor/modernizr.js?ver=1662027701

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f060e210fa92b0bce82108a417cbf3f4f0ded2dc69a8b293db44da9f4b24c23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13299
cf-polished: origSize=50144
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-d2tqg
x-cache: MISS, MISS
x-cloud-trace-context: 497c91411c544e6a857b16849436ffe7/959003360871739080;o=0
cf-bgj: minify
content-encoding: br
x-served-by: cache-chi-kigq8000063-CHI, cache-yyz4537-YYZ
last-modified: Thu, 01 Sep 2022 10:21:41 GMT
server: cloudflare
traceparent: 00-497c91411c544e6a857b16849436ffe7-0d4f1079c72a6ec8-00
x-timer: S1662027709.175775,VS0,VE45
etag: W/"631087b5-c3e0"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRoNI7YUN74lTELiLprBXI5A%2B5w1cVIdx%2BuX3GRgvq4nNea%2FV1J3PdRCwJB5w1xoie%2Fsvyer%2BAUilrRsemvtTeAv4hzaDPEgH%2BL5sZlS0VBE4W0MmSx9xR9%2FuNHpzCqREA9EbCRhAFsOLL5FuE%2BF"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: e3a3c415-29df-11ed-90a7-5261655bde4c
expires: Sat, 02 Sep 2023 10:21:49 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a185be5-FRA
x-cache-hits: 0, 0

GET
H2 200 wow.min.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/vendor/ 8 KB
3 KB 37ms
30ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/vendor/wow.min.js?ver=1662027701

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7852a22b72ead62cfc4a1b1ca32874b3e222f232a991a6d1432313572f534135

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16380
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-v4d6f
x-cache: MISS, MISS
x-cloud-trace-context: 5dba9dd1a52c44ff917bfdb18d72c1cf/3639898341807653510;o=0
content-encoding: br
x-served-by: cache-chi-klot8100064-CHI, cache-yyz4537-YYZ
last-modified: Thu, 01 Sep 2022 10:21:41 GMT
server: cloudflare
traceparent: 00-5dba9dd1a52c44ff917bfdb18d72c1cf-32838441c1fa8286-00
x-timer: S1662027709.179361,VS0,VE30
etag: W/"631087b5-1fdb"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fg5HHGzK1tlX2Rcowf1C5VQ%2BoJ18x%2FLj%2BuW%2BmyQzDeAIFVe9e0QDdY6mk0CJyB9NJzDP1VtyyM4DDpMr9cYE%2ByetmFd7csbjrSz78y2nvmIKxQNcmGv2JvZBO9dJfmCAstN5%2BxH%2ByTBO3ojEgH2G"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: e3a3d853-29df-11ed-8e40-c2f61cc77bd3
expires: Sat, 02 Sep 2023 10:21:49 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a1a5be5-FRA
x-cache-hits: 0, 0

GET
H2 200 select2.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/vendor/ 100 KB
24 KB 42ms
34ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/vendor/select2.js?ver=1662027701

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba711f4ae1f09fd05735a7b8ec5e0d70d271cf09212431fa192deaed9a324360

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13299
cf-polished: origSize=155132
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-67rzv
x-cache: MISS, MISS
x-cloud-trace-context: 26706670d3c74dcc99ae6d17eaa6590d/7045299267930854855;o=0
cf-bgj: minify
content-encoding: br
x-served-by: cache-chi-kigq8000119-CHI, cache-yyz4522-YYZ
last-modified: Wed, 31 Aug 2022 00:39:00 GMT
server: cloudflare
traceparent: 00-26706670d3c74dcc99ae6d17eaa6590d-61c5ee5b495695c7-00
x-timer: S1662027709.179830,VS0,VE35
etag: W/"630eada4-25dfc"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yzqlv1B%2BEjzZ3gNaF1uggZYEPZcOu6fWsNKFA2Mdm1sgxe1fEw8OkdV673FKSt9JhLKPqBus0afV2qRLuzmvIFQrk8qavQWZ2v9REFSLI7%2BNIz%2FuL6XOTB6kGUZHTJpZsQTttNB3SWi6Z6HGz%2BSB"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: e3a3f8b4-29df-11ed-a2ef-0a988cf2a7af
expires: Sat, 02 Sep 2023 10:21:49 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a1c5be5-FRA
x-cache-hits: 0, 0

GET
H2 200 slick.min.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/vendor/ 36 KB
10 KB 32ms
25ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/vendor/slick.min.js?ver=1662027701

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22529609ad54b33ee1695008d3daa6e35f133849c49ee00d7e9bc02eb0dd9a56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13299
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-zd2xb
x-cache: MISS, MISS
x-cloud-trace-context: 11d6ce5fda4d4af1a30d89a4928465a4/12877195633989943377;o=0
content-encoding: br
x-served-by: cache-chi-klot8100044-CHI, cache-yyz4536-YYZ
last-modified: Tue, 30 Aug 2022 11:23:13 GMT
server: cloudflare
traceparent: 00-11d6ce5fda4d4af1a30d89a4928465a4-b2b4fd33eb2e8051-00
x-timer: S1662027709.186874,VS0,VE33
etag: W/"630df321-9040"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yg8dqyyXbMI683NcTBHSwrfzL48tgEMuUC8WqZNBzl86NE0uKqWGoVeFfCrqOLJKij%2Bl6xQLoURLysulyYWo0wmN3dYzieQcbngh1zAoRGMnIBrkD%2FiMydPhf3ihDOzbaFIavTgY8PRhqpTzQY2Q"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: e3a4fba8-29df-11ed-a0c5-5a83f4138f0e
expires: Sat, 02 Sep 2023 10:21:49 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a1d5be5-FRA
x-cache-hits: 0, 0

GET
H2 200 scripts.min.js Show response
www.securonix.com/wp-content/themes/securonix/assets/js/ 171 KB
45 KB 41ms
34ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/js/scripts.min.js?ver=1662027701

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

001220cb68c21db98c0a3dcc0163715cbfd14fbfb0901e4fbf113f7f694bf715

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 16110
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-4klrs
x-cache: MISS, MISS
x-cloud-trace-context: 91fe09d62fd346a88a32e4b1942b7d54/11882591316274909867;o=0
content-encoding: br
x-served-by: cache-chi-klot8100111-CHI, cache-yyz4538-YYZ
last-modified: Wed, 31 Aug 2022 00:39:00 GMT
server: cloudflare
traceparent: 00-91fe09d62fd346a88a32e4b1942b7d54-a4e771d871b512ab-00
x-timer: S1662027709.179174,VS0,VE63
etag: W/"630eada4-2ab6c"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B0n3KMhwmc%2BIpCmaY%2BX%2BzE6cRW%2FWlfBqgUP3liLTl2CYJMdH40fRSC032Uipegyex7iRGc9zvpTTv%2BiBc7QaL3mP9OazfzxZlHa23WZ92houoGGXgo3QCVP%2FHGEppkh8hCheoPSGH%2BW2GJHIUGRI"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: e3a53c15-29df-11ed-ab8f-ca1942f2dcd4
expires: Sat, 02 Sep 2023 10:21:49 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a1e5be5-FRA
x-cache-hits: 0, 0

GET
H2 200 new-tab.js Show response
www.securonix.com/wp-content/plugins/page-links-to/dist/ 24 KB
9 KB 41ms
35ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5805288
x-pantheon-styx-hostname: styx-fe2-b-f66bf767-lwlpw
x-cache: MISS, HIT
x-cloud-trace-context: 875e529de77340519bbca7d4b4ddcfd9/3674315311852274156;o=0
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17356-MDW, cache-mia11360-MIA
last-modified: Mon, 14 Mar 2022 10:09:08 GMT
server: cloudflare
traceparent: 00-875e529de77340519bbca7d4b4ddcfd9-32fdca4f0bbbc1ec-00
x-timer: S1647266953.179155,VS0,VE0
etag: W/"622f1444-609e"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2e7NmD9mqXY4ITL37YySO8juTTgdC7A5%2F9QijN5ZfjqMJ%2BS9%2FsZF%2FutUKd%2FXKEvYH7NkHBkdmsCY3QSZrdO7HEz%2Bxycr%2BXOsEbiuTnNt8IhiKCHw8vwY9q0Th979J%2B46sW3x4FNk9NMBGrJSqla"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 173726dd-a3a0-11ec-838b-0e58a11f3eb3
expires: Wed, 15 Mar 2023 14:07:32 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a215be5-FRA
x-cache-hits: 0, 1

GET
H2 200 ubermenu.min.js Show response
www.securonix.com/wp-content/plugins/ubermenu/assets/js/ 38 KB
10 KB 78ms
72ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/ubermenu/assets/js/ubermenu.min.js?ver=3.7.4

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58415d97eb0b5745ccfa6e5e2f996581ec39f6c4af80627d3dd3c06bc5977ca6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5805288
x-pantheon-styx-hostname: styx-fe2-a-854c9bcdfb-956mp
x-cache: MISS, HIT
x-cloud-trace-context: f6f2272e3ffa458dadc927c35f657a11/11015836530998270541;o=0
content-encoding: br
x-served-by: cache-mdw17337-MDW, cache-mia11377-MIA
last-modified: Mon, 14 Mar 2022 10:09:08 GMT
server: cloudflare
traceparent: 00-f6f2272e3ffa458dadc927c35f657a11-98e01cf5e5ec5a4d-00
x-timer: S1647266954.544128,VS0,VE1
etag: W/"622f1444-9750"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L0tObMUS9Zq5S%2BTmLqKLgs3O47yq%2Be1kGeNTdNjMrTF6Glf841e5wx%2Bb29qJuB3H00feI7OLu3Yo%2FFhNga4oDy21m9Y1Y4Adp5c6bC2uJDMPXQczxQNQ9osci65Ey2ngLHoFTR3yTupt%2B%2B6It%2BL%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 17370884-a3a0-11ec-8683-6e19aa217a0b
expires: Wed, 15 Mar 2023 14:07:32 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a225be5-FRA
x-cache-hits: 0, 1

GET
H2 200 smush-lazy-load.min.js Show response
www.securonix.com/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 43ms
36ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.10.2

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b30169a38c7ecd17eefc119177c0c61337b17a8f1abfd337ac37284d1a04a65b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 756964
x-pantheon-styx-hostname: styx-fe2-a-55bc5f95bf-fwl5f
x-cache: MISS, MISS
x-cloud-trace-context: 988266a9b5734581805ab4c6742dd2bb/15898705084557879830;o=0
content-encoding: br
x-served-by: cache-mdw17345-MDW, cache-yyz4550-YYZ
last-modified: Fri, 24 Jun 2022 19:29:29 GMT
server: cloudflare
traceparent: 00-988266a9b5734581805ab4c6742dd2bb-dca38c0a19c4ea16-00
x-timer: S1656098985.096927,VS0,VE30
etag: W/"62b61099-1eee"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WsI%2B0IFCjYgf5X0f%2FwqoDrWUFCjunZgqG67RrB%2FUjLuIyOr%2BydpcPJXIf3Cx2EWySI3Zievo6cUpaC5ZhfyQ07TU7Ruz%2Bo%2BQhYTsA6%2BRpYRO%2F52rAEnpgusGE7RXZdSrQnCPpfA3ED1th4o27jAJ"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 00b5ba2c-f3f4-11ec-be33-aa9fa1b8e13d
expires: Sun, 25 Jun 2023 19:29:45 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a245be5-FRA
x-cache-hits: 0, 0

GET
H2 200 p.css
p.typekit.net/ 5 B
195 B 38ms
7ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=pjm0fus&ht=tk&f=26034.26052.26053.26054.26055.26056.26057.26058.26059.26060.26061.26062.26063.26064.26065.26067.26068.26069.25998.25999.26000.26001.26016.26017.26018.26019.26036.26037.26046.26047.26070.26071.26072.26073.26074.26075.26076.26077.26078.26079.26080.26081.26082.26083.26086.26087&a=92827302&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

unused62: 8096267
date: Thu, 01 Sep 2022 15:25:32 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 28ms
8ms Script
application/x-javascript 23.205.237.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.237.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-237-4.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: fe62ffc3dd7627c8b0d34b70fe45c7b14dd38c89c66cca13b2e4c71360e42e91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 15:25:33 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Aug 2022 21:55:11 GMT
Server: AkamaiNetStorage
ETag: "652cf747f68f64e15276c347eb3aef37:1661464511.126488"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 740

GET
H2 403 lt-v3.js
lltrck.com/scripts/ 0
0 330ms
106ms Script
text/html 3.232.44.166
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lltrck.com/scripts/lt-v3.js?llid=23883
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.232.44.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-232-44-166.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

GET
H2 200 wp-emoji-release.min.js Show response
www.securonix.com/wp-includes/js/ 18 KB
5 KB 58ms
55ms Script
application/x-javascript 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-includes/js/wp-emoji-release.min.js?ver=6.0

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 619658
x-pantheon-styx-hostname: styx-fe2-b-84754b68cd-6dvxj
x-cache: MISS, MISS
x-cloud-trace-context: ede44152ab014b8f833e1b26a66a2e63/16132901004913833966;o=0
content-encoding: br
x-served-by: cache-mdw17334-MDW, cache-yyz4561-YYZ
last-modified: Fri, 24 Jun 2022 19:29:30 GMT
server: cloudflare
traceparent: 00-ede44152ab014b8f833e1b26a66a2e63-dfe393fcfa6e77ee-00
x-timer: S1656098987.525757,VS0,VE35
etag: W/"62b6109a-48b9"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTQyLqhIdoNrl9%2FZqj8iM1yqRUEo2KQ0NX8Ayy9OmLlbB%2FEQhxDHNVeQYJNXk%2FnKWJk%2Fudl7x2JgfoogPt4bShyK0lh%2BqLc9uAJk2nDUxe1HPM7TqTCuTfBMyEoC06xckDRrItwKRzr%2BOcLrYZcD"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
x-styx-req-id: 018fc8e5-f3f4-11ec-8330-7620a7f18c81
expires: Sun, 25 Jun 2023 19:29:46 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a495be5-FRA
x-cache-hits: 0, 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 214 KB
76 KB 54ms
23ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5434fd9068146a682f25a9d92e08f9fba70d18145d1b1aa6f8dc0aee3b23bca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77680
x-xss-protection: 0
last-modified: Thu, 01 Sep 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 01 Sep 2022 15:25:33 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 l
use.typekit.net/af/46da36/00000000000000003b9acaf6/27/ 26 KB
26 KB 37ms
9ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/46da36/00000000000000003b9acaf6/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 464b561ee00c86db1cddb80f2c9d6febbc2c1aa95f422fa73a4fb8ef7d5d5028

Request headers

Referer: https://use.typekit.net/pjm0fus.css
Origin: https://www.securonix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
server: nginx
etag: "de29fb2e3e401b15877c6b3a0953702fe7fa1105"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26812

GET
H2 200 icomoon.ttf
www.securonix.com/wp-content/themes/securonix/assets/fonts/icons/ 5 KB
5 KB 34ms
34ms Font
application/x-font-ttf 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/fonts/icons/icomoon.ttf?folamw

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/wp-content/themes/securonix/assets/css/style.css?ver=1662027700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d1cf1412729a6ebf14ef0c798f0b9c9dc0ecee9e06e912859e4c53380fb33b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

Referer: https://www.securonix.com/wp-content/themes/securonix/assets/css/style.css?ver=1662027700
Origin: https://www.securonix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 359663
x-pantheon-styx-hostname: styx-fe2-a-854c9bcdfb-bpvhj
x-cache: HIT, HIT
x-cloud-trace-context: bb6e159f7c6b47758968fdcdd3ceaaf7/8882308668033421089;o=0
strict-transport-security: max-age=31622400
x-served-by: cache-mdw17368-MDW, cache-mia11371-MIA
last-modified: Thu, 24 Feb 2022 07:08:00 GMT
server: cloudflare
traceparent: 00-bb6e159f7c6b47758968fdcdd3ceaaf7-7b444cac4f814f21-00
x-timer: S1647266947.509312,VS0,VE2
etag: W/"62172ed0-1358"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aIhHua5QwUxFIlJzLw4vFnJ1IJnNAL%2Fcuwfgl4qy5vSFxnqoCLfBkCGFtfB1rIO7reKZUr0m56uV0jv2rPe6XyGC236oeDYrX6pOhHXNGmWrzGIq2fQ9dpNZxN%2BNuQ6YdBSd5ROeV4oeCTlCAB%2Ff"}],"group":"cf-nel","max_age":604800}
content-type: application/x-font-ttf
access-control-allow-origin: *
expires: Sat, 25 Feb 2023 18:01:15 GMT
cache-control: max-age=31622400
cf-ray: 743f04e98a4b5be5-FRA
x-styx-req-id: c21d40aa-959b-11ec-9733-eac088d2c617
x-cache-hits: 1, 1

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v18/ 47 KB
47 KB 37ms
10ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Work+Sans:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.securonix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 30 Aug 2022 19:25:30 GMT
x-content-type-options: nosniff
age: 158403
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47728
x-xss-protection: 0
last-modified: Tue, 23 Aug 2022 17:55:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 30 Aug 2023 19:25:30 GMT

GET
H2 200 l
use.typekit.net/af/027dd4/00000000000000003b9acafa/27/ 18 KB
19 KB 31ms
11ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/027dd4/00000000000000003b9acafa/27/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: deb1aa1c2af7a0f084b58e34c78545593305a87b23f9f6e099849c1ace0c9dd6

Request headers

Referer: https://use.typekit.net/pjm0fus.css
Origin: https://www.securonix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
server: nginx
etag: "de3ec5612df14c88441e596fbc2c46580ea46ed7"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18912

GET
H2 200 l
use.typekit.net/af/829fc1/00000000000000003b9acaf8/27/ 19 KB
19 KB 23ms
10ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/829fc1/00000000000000003b9acaf8/27/l?subset_id=2&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 841ec96a41283cf23db2d69fe67d9beee3e9b222bccfe81ecf6edefc78e92151

Request headers

Referer: https://use.typekit.net/pjm0fus.css
Origin: https://www.securonix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
server: nginx
etag: "7fe86a8b0e0aad464390eb5e39aa627a47e9886d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 18988

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 9ms
9ms Script
application/x-javascript 23.205.237.4
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.237.4 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-237-4.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 15:25:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4677
Expires: Sat, 10 Dec 2022 15:25:33 GMT

GET
H2 200 hero-coverage-advisory-okta-breach-1440x227-1.png
www.securonix.com/wp-content/uploads/2022/03/ 4 KB
4 KB 22ms
22ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2022/03/hero-coverage-advisory-okta-breach-1440x227-1.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44eefafcf28bcb6cd3b0645864bdd8ef36f06a5d2390f3cec1b3b026f0ece9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 131998
cf-polished: origFmt=png, origSize=10916
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-disposition: inline; filename="hero-coverage-advisory-okta-breach-1440x227-1.webp"
cf-bgj: imgq:85,h2pri
content-length: 3586
x-served-by: cache-chi-kigq8000138-CHI, cache-yyz4578-YYZ
expires: Sat, 12 Aug 2023 02:12:31 GMT
last-modified: Tue, 22 Mar 2022 22:48:01 GMT
server: cloudflare
traceparent: 00-1241afe0dc4d43f69ad4d8962f265261-5e59467825e79e4b-00
x-timer: S1661445862.892159,VS0,VE2
etag: "623a5221-2aa4"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JbDt0RMkSFeOVx6iYzuhW6U0B4j2WReb2hKiwtkiifeiCLS7GA8USiFrDSm8fWn5jpUGZeNkODfso0vKGC6V6yXIzanmmk2gDZ6gFR%2F1ZVwxyoJF%2Bdfq7QJ8NlVGC6v3j42VhgGYTpV5%2BZzujZ8c"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 0e45067e-191b-11ed-83dd-3e07c068d5f2
x-cloud-trace-context: 1241afe0dc4d43f69ad4d8962f265261/6798542594338430539;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e9ea975be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-vhz8w

GET
H2 200 inline-promo-shape.png
www.securonix.com/wp-content/themes/securonix/assets/images/ 5 KB
5 KB 20ms
19ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/themes/securonix/assets/images/inline-promo-shape.png

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e423ac1ac4da8d9d40da38fd2e532138980aa88315bdef2de61c807d304a8e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 61380
cf-polished: origFmt=png, origSize=17831
x-cache: MISS, HIT
x-cache-hits: 0, 1
content-disposition: inline; filename="inline-promo-shape.webp"
cf-bgj: imgq:85,h2pri
content-length: 4890
x-served-by: cache-chi-kigq8000154-CHI, cache-yyz4552-YYZ
expires: Thu, 10 Aug 2023 18:27:40 GMT
last-modified: Sun, 07 Aug 2022 12:24:47 GMT
server: cloudflare
traceparent: 00-ef6c6b8ae3b94872a73c7d2d7ec52955-15b3c41a7bf2d6aa-00
x-timer: S1661981349.419487,VS0,VE2
etag: "62efaf0f-45a7"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i1FFpuHCtCf7LwGo05Sik7yJjajL9lxRgtUbxwe53DnWYNXikQxixfX7T1TzbAG7z9mgFP1G4xFjG7sgbMZCqYg1te17a0nwRNQF37XV6xya6l%2FbubaGwqX2YACeftUSRWbklbrgPytTSMZaZdsM"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: f3e24d83-1810-11ed-96bb-76ca148accbc
x-cloud-trace-context: ef6c6b8ae3b94872a73c7d2d7ec52955/1563809113655400106;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04e9ea9f5be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-b5kxj

GET
H2 200 l
use.typekit.net/af/6d4bb2/00000000000000003b9acafc/27/ 26 KB
26 KB 16ms
15ms Font
application/font-woff2 2a02:26f0:3500:16::215:14a0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6d4bb2/00000000000000003b9acafc/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/pjm0fus.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:14a0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: da03f140d305f2abdf496bdd3fad9cfed87a237cf09f6a2edcec58bc5a1f044d

Request headers

Referer: https://use.typekit.net/pjm0fus.css
Origin: https://www.securonix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
server: nginx
etag: "7d4a321fb4284bed9856c33aee6c065aba0855a7"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26392

GET
H2 200 securonix-blue.svg
www.securonix.com/wp-content/uploads/2021/07/ 4 KB
2 KB 19ms
19ms Image
image/svg+xml 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/07/securonix-blue.svg

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a484da0ec050bccd6034a00ee39c4919c49ca749d0510f934a9ff5a07251a6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 359662
x-pantheon-styx-hostname: styx-fe2-a-55bc5f95bf-rxzww
x-cache: HIT, HIT
x-cloud-trace-context: eebbb8b778394589acb0145ea24254e5/5297840918628582836;o=0
strict-transport-security: max-age=31622400
content-encoding: br
x-served-by: cache-chi-klot8100131-CHI, cache-yyz4578-YYZ
last-modified: Fri, 03 Dec 2021 17:18:42 GMT
server: cloudflare
traceparent: 00-eebbb8b778394589acb0145ea24254e5-4985b63f0f62c5b4-00
x-timer: S1661294590.292301,VS0,VE3
etag: W/"61aa5172-f3a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZXeIhpjq2Wf9y%2Fuan7mLV1Mi%2BWingbX51NrTaz6Ujm9GshshluQP%2BdVhPEv%2BUI47WSq%2BtjqZgk5Jmly2%2BTusebOWF35ZJ1U13zqLPMlfk%2BBrgAx56vCrrXkZhSD8HBL4bojSm7TD%2BYvLvUWKc%2Fj"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
access-control-allow-origin: *
expires: Thu, 13 Jul 2023 12:11:13 GMT
cache-control: max-age=31622400
cf-ray: 743f04eaab655be5-FRA
x-styx-req-id: b8e9be0a-01db-11ed-8068-ba6502481db2
x-cache-hits: 1, 1

GET
H3 200 core.be1d8798.js Show response
static.addtoany.com/menu/modules/ 70 KB
25 KB 35ms
22ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/modules/core.be1d8798.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f08ca65f013a2179c5c78003ce4cc47978c2b8d6d2d9f6521d3b64411ecc68de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securonix.com/
Origin: https://www.securonix.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: e4s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 287492
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sun, 07 Aug 2022 01:47:07 GMT
server: cloudflare
etag: W/"118b8-5e59ce082dc6a"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 743f04eabe5a9b7d-FRA
cf-bgj: minify

GET
H2 200 icons.30.svg.js Show response
static.addtoany.com/menu/svg/ 77 KB
33 KB 20ms
19ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.30.svg.js

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
via: e3s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 18950215
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 10 Nov 2021 01:49:04 GMT
server: cloudflare
etag: W/"132a9-5d0656e4a26b3"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 743f04eaa8ff9156-FRA
cf-bgj: minify

POST
H/1.1 200
OK visitWebPage
179-djp-142.mktoresp.com/webevents/ 2 B
318 B 443ms
94ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://179-djp-142.mktoresp.com/webevents/visitWebPage?_mchNc=1662045933226&_mchCn=&_mchId=179-DJP-142&_mchTk=_mch-securonix.com-1662045933225-43216&_mchHo=www.securonix.com&_mchPo=&_mchRu=%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 15:25:33 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: d732b5d4-7885-4bd3-a37e-fd54c0792992

GET
H3 200 sm.23.html Show response
static.addtoany.com/menu/ Frame 33C9 741 B
754 B 32ms
31ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.23.html

Requested by

Host: static.addtoany.com
URL: https://static.addtoany.com/menu/page.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1234218
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=315360000, immutable
cf-cache-status: HIT
cf-ray: 743f04eacc82904c-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 01 Sep 2022 15:25:33 GMT
etag: W/"2e5-5cc9e128a4c38"
last-modified: Wed, 22 Sep 2021 23:42:51 GMT
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: e4s
x-content-type-options: nosniff

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 201 KB
72 KB 43ms
25ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

713e7e24f3bf8c7b706c0d24b249287eb70165b0288152093d67ebede3e11259

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 73612
x-xss-protection: 0
expires: Thu, 01 Sep 2022 15:25:33 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 32ms
8ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1413
date: Thu, 01 Sep 2022 15:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 01 Sep 2022 17:02:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 41 KB
16 KB 123ms
85ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

f6200e00f9bcf9a324c8c1a046c6bc624ebcaf1379faf13e4d76ae56ea0d1a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15690
x-xss-protection: 0
server: cafe
etag: 13194339052015637803
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 01 Sep 2022 15:25:33 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 56ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 17:32:37 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5CE7DBA127BA4761BAF0AE090F614713 Ref B: FRA31EDGE0112 Ref C: 2022-09-01T15:25:33Z
etag: "80a8697a8a2d81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Thu, 01 Sep 2022 15:25:32 GMT
accept-ranges: bytes
content-length: 11367

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 47ms
8ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 20:23:36 GMT
x-cdn: AKAM
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=16246
accept-ranges: bytes
content-length: 3063

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 53 KB
17 KB 63ms
9ms Script
text/javascript 2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9181a03603cfaf01c933ac067555d138f639b0690298048063c443e6752c310e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

X-Amz-Version-Id: _.fWzOgNBKywYayFIv_LGuPbUJBSF7So
Content-Encoding: gzip
Etag: W/"8c6ba7a787d20ac5a07294ecb85ab053"
Age: 1846
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
Last-Modified: Wed, 17 Aug 2022 18:56:53 GMT
Server: AmazonS3
Date: Thu, 01 Sep 2022 14:54:47 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: r89yUYJSnHlGLybIjEmzwZ70OepclBRnggbyWhMQAXk9s8L2sLq5sQ==

GET
H2 200 6si.min.js Show response
j.6sc.co/ 30 KB
10 KB 34ms
9ms Script
application/javascript 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N56FZ8X

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

b71f76186117ab510aca8eb8208815da837acdd4b29e171c9897993175c28878

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Aug 2022 22:26:40 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "630402a0-786e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 9594
expires: Thu, 01 Sep 2022 15:25:33 GMT

GET
H2 200 r32rm8p2zmht.js Show response
js.driftt.com/include/1662046200000/ 211 KB
60 KB 177ms
142ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1662046200000/r32rm8p2zmht.js

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

58fb907b1dae335e344d5701d74c333a4a4792f9c7a83789e02f02089d199168

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: gzip
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 31 Aug 2022 18:23:54 GMT
server: nginx
etag: W/"bc71b7869279b01fc51fdc51af940b5e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: U0sriocF4WN07Hm2ZGmHfXq6eJt2Gqm6
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 20EsdbP3fCGP_I_Enh_cJjtXDfvyhw-_mPVNKmc1SUXn03U25kA4vg==

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
697 B 51ms
14ms XHR
application/json 185.89.211.132
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.132 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 01 Sep 2022 15:25:33 GMT
X-Proxy-Origin: 81.95.5.42; 81.95.5.42; 961.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8341b42c-f639-4acc-8811-879d9db2207f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.securonix.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
204 B 8ms
7ms XHR
text/html 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a96-16-137-162.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.securonix.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 31ms
15ms XHR
text/plain 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=956269313&t=pageview&_s=1&dl=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&ul=en-us&de=UTF-8&dt=Securonix%20Threat%20Labs%20Security%20Advisory%3A%C2%A0New%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=2056948699&gjid=1272236051&cid=465718739.1662045933&tid=UA-12895815-1&_gid=597304219.1662045933&_r=1&gtm=2wg8t0N56FZ8X&z=1435171449

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securonix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1662045933336&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D61924%26time%3D1662045933336%26url%3Dhttps%253A%252F%252Fwww.securonix.com%252Fbl...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1662045933336&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1662045933336&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-web...

0
265 B

181ms
155ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1662045933336&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&liSync=true&e_ipv6=AQL_GLIf5YRc6QAAAYL5qFDGuG2zyROy6tHDbq8TzyGXo8YkoOqzXXq7fiiRtke1
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 6DC6D76A63094ED6AFF87D68B4133367 Ref B: FRAEDGE1320 Ref C: 2022-09-01T15:25:33Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXnnzl+fTiFcs/AFokbBA==
x-li-fabric: prod-ltx1

Redirect headers

date: Thu, 01 Sep 2022 15:25:33 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: BD76AFFF8ACD4E929F286E2EFC20991C Ref B: FRAEDGE1121 Ref C: 2022-09-01T15:25:33Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=61924&time=1662045933336&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&liSync=true&e_ipv6=AQL_GLIf5YRc6QAAAYL5qFDGuG2zyROy6tHDbq8TzyGXo8YkoOqzXXq7fiiRtke1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXnnzl7X3EbJFOVTMZlUw==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
349 B 39ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-JPYDLXGD3Q&gtm=2oe8t0&_p=956269313&_gaz=1&cid=465718739.1662045933&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1662045933&sct=1&seg=0&dl=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&dt=Securonix%20Threat%20Labs%20Security%20Advisory%3A%C2%A0New%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 60ms
20ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-JPYDLXGD3Q&cid=465718739.1662045933&gtm=2oe8t0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JPYDLXGD3Q&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 70ms
46ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-JPYDLXGD3Q&cid=465718739.1662045933&gtm=2oe8t0&aip=1&z=2117255746

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/VJKZ2AZ6BRDQFPNHOW6CAP/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

11ms
8ms

Script
application/javascript

2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Protocol: HTTP/1.1
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

X-Amz-Version-Id: 54CR.I9BC9Znk_eUBi_4NwuScKvxGyTv
Via: 1.1 6b25d4ce9efa3f2699980e1915129606.cloudfront.net (CloudFront)
Etag: "5816cced8568d223aa09d889f300692b"
Age: 76886
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 28
Last-Modified: Thu, 04 Aug 2022 20:10:45 GMT
Server: AmazonS3
Date: Wed, 31 Aug 2022 18:04:07 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: g5vmcjkLgY7ExPUAMBQRWkQGaqcgMR695JGHNRDEUEyLQdinXgYw2A==

Redirect headers

Date: Thu, 01 Sep 2022 10:52:15 GMT
Via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
Age: 16397
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: RhKh5-ejzYLX6o4XBVOo-pXov_dVaMVyxwUkQdxSNjCU4hiDgwJpVw==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
756 B

9ms
9ms

Script
application/javascript

2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Protocol: HTTP/1.1
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 48704
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Date: Thu, 01 Sep 2022 04:44:26 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: WWFM3G1RjU3kFfSl8EUIOG_7VgszE2rKutJ6pvGyOgtLe0oCqDPYrQ==

Redirect headers

Date: Thu, 01 Sep 2022 10:52:16 GMT
Via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
Age: 16397
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: b3Eq6EKsmg9v9341r7SjeI-3B422AVFs9NZtRDenQY69V-X8Qpja9g==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/ 4 KB
3 KB 21ms
8ms Script
text/javascript 2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/VJKZ2AZ6BRDQFPNHOW6CAP/4OKRMX7MDFHPZJ45XTA2IN/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

X-Amz-Version-Id: 5JnQmMI548.RSg.s590GwaPtcoSCXO_b
Content-Encoding: gzip
Etag: W/"33ed216ef4569e95a97e55fb39d91d38"
Age: 2872
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 77517a7f5d9094d359ba5186c3bda1e6.cloudfront.net (CloudFront)
Last-Modified: Wed, 31 Aug 2022 11:35:02 GMT
Server: AmazonS3
Date: Thu, 01 Sep 2022 14:37:42 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: RwGYszqE7MRYpbSXpQrDXBPKktgg4ecSM140pO73sG37FrayY5Uyvw==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
444 B 50ms
19ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-12895815-1&cid=465718739.1662045933&jid=2056948699&gjid=1272236051&_gid=597304219.1662045933&_u=YEBAAEAAAAAAAC~&z=2090401947

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.securonix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 01 Sep 2022 15:25:33 GMT
content-type: text/plain
access-control-allow-origin: https://www.securonix.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 27010718.js Show response
bat.bing.com/p/action/ 1 KB
863 B 155ms
155ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/27010718.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

134c3842a07e834d961c98923d97523d1dc8a06ede956172ddc949f626ed47b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 399784C9A8ED44A5A2B8FFD83515D9D5 Ref B: FRA31EDGE0112 Ref C: 2022-09-01T15:25:33Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
date: Thu, 01 Sep 2022 15:25:32 GMT
content-length: 667

GET
H2 204 0
bat.bing.com/action/ 0
176 B 31ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=27010718&tm=gtm002&Ver=2&mid=d4cc57ab-2122-4c0a-bb75-68e25a5aa76d&sid=5218ac402a0a11eda7f103fe01c8c72d&vid=5218a6702a0a11ed9acea5b8f0e36412&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Securonix%20Threat%20Labs%20Security%20Advisory%3A%C2%A0New%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix&p=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&r=&lt=465&evt=pageLoad&sv=1&rn=690971

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D83EB0A96D4C42D4A00F5C47AF1298DB Ref B: FRA31EDGE0112 Ref C: 2022-09-01T15:25:33Z
date: Thu, 01 Sep 2022 15:25:32 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 185ms
184ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=797ae762-6d2e-4563-86d2-f97fb7ede92e&session=cbd0ed6f-d2bf-45a5-84d8-acb056767ef4&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A33%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Securonix%20Threat%20Labs%20Security%20Advisory%3A%26nbsp%3BNew%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&pageViewId=55f6eeb5-88fb-4aee-8863-c9b099d80714&an_uid=0

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1004449086/ 3 KB
2 KB 49ms
26ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1004449086/?random=1662045933386&cv=9&fst=1662045933386&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg8t0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&tiba=Securonix%20Threat%20Labs%20Security%20Advisory%3A%C2%A0New%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix&auid=1340952507.1662045933&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91237b0683343578e5a79f207e010b301013b68f33f75167553bc35f8611cc5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1186
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 67ms
43ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-12895815-1&cid=465718739.1662045933&jid=2056948699&_u=YEBAAEAAAAAAAC~&z=128329058

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 44ms
44ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-12895815-1&cid=465718739.1662045933&jid=2056948699&_u=YEBAAEAAAAAAAC~&z=128329058

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1004449086/ 42 B
548 B 23ms
21ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1004449086/?random=1662045933386&cv=9&fst=1662044400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg8t0&sendb=1&frm=0&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&tiba=Securonix%20Threat%20Labs%20Security%20Advisory%3A%C2%A0New%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix&async=1&fmt=3&is_vtc=1&random=610889857&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/1004449086/ 42 B
64 B 40ms
22ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1004449086/?random=1662045933386&cv=9&fst=1662044400000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg8t0&sendb=1&frm=0&url=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&tiba=Securonix%20Threat%20Labs%20Security%20Advisory%3A%C2%A0New%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix&async=1&fmt=3&is_vtc=1&random=610889857&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 VJKZ2AZ6BRDQFPNHOW6CAP Show response
d.adroll.com/consent/check/ 452 B
545 B 127ms
34ms Script
application/javascript 54.72.196.78
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/VJKZ2AZ6BRDQFPNHOW6CAP?arrfrr=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&_s=8dbd848ffe93e899136f6e6cef56e4fb&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.196.78 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-196-78.eu-west-1.compute.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 8d5ff2a1d9f900e4bf1305f6d3af56a666d7afcb9809bb957e1d89f5d1d5c788

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
server: nginx/1.20.0
content-length: 452
content-type: application/javascript

GET
H2 200 27010718 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 145ms
104ms Script
application/x-javascript 2620:1ec:27::cafe:1759
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/27010718
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/27010718.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1759 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 8bb17588588e451bb21fd562f0509ea828c4033480d8d9266e75cebb64a5e61a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:32 GMT
x-powered-by: ASP.NET
x-azure-ref: 07c4QYwAAAAB8fxgPpJl3R53+dokm9NAWRlJBMzFFREdFMDMwNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
content-length: 1542
expires: -1

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 410 KB
55 KB 10ms
9ms Script
application/javascript 2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 91144fbcc0e3f609b021e362ec29d2a9b58f15e840f229eb99ea2c04d927882b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

X-Amz-Version-Id: 44sIT20LqRj70wQHqyIoOw7etYYdjkbK
Content-Encoding: gzip
Etag: W/"0a7d0ea8d7d31b07e925fe340acf431b"
Age: 268
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
Last-Modified: Wed, 04 May 2022 19:41:48 GMT
Server: AmazonS3
Date: Thu, 01 Sep 2022 15:21:05 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: UGpCVTvsOiO2b9lggjnxVotwSoESNvVk3Us1pzDqyMUj6bpFki68jA==

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 9ms
9ms Image
image/png 2600:9000:225e:c00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:c00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Age: 62087
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Date: Thu, 01 Sep 2022 02:37:26 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: FRA60-P4
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: OItN-j4Kwljc4njcRuk9vkNoqgPbuOm93jIRwwLA38gFg_Bptl9aWg==

GET
H2 200 clarity.js Show response
www.clarity.ms/eus-e/s/0.6.39/ 53 KB
23 KB 96ms
94ms Script
application/javascript 2620:1ec:27::cafe:1759
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus-e/s/0.6.39/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/27010718
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1759 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: f083096f236cb98c87af2abc70707aef6a74bb105074919b0bdc3aeec6964c1d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:33 GMT
content-encoding: br
etag: "1d8baf6c78cf4a1"
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
x-powered-by: ASP.NET
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
x-azure-ref: 07c4QYwAAAAB/dbJ680M9Rb0YXLcRlZPNRlJBMzFFREdFMDMwNwA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
accept-ranges: bytes
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

POST
H2 204 collect Show response
l.clarity.ms/ 0
177 B 470ms
277ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.39/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.securonix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-origin: https://www.securonix.com
date: Thu, 01 Sep 2022 15:25:34 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 core Show response
js.driftt.com/ Frame 47C3 2 KB
1 KB 37ms
37ms Document
text/html 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1662046200000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

031d80ef7e88e01ae16a5e2e59ce168bc31fec81be6aa8ac388d7213d37c3da5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 01 Sep 2022 15:25:34 GMT
etag: W/"fee11af2184d7af2cbe07132a525513a"
last-modified: Wed, 31 Aug 2022 18:23:27 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
x-amz-cf-id: LYpMei1aOQeZmRWfhMDytZWitXBv_DzYwkJtVy9v9XbtOCETSglNVQ==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: Y5Qc9YCv9HnUtWRsyFhahbsVqQ0FTNR4
x-cache: Hit from cloudfront

GET
H2 200 chat Show response
js.driftt.com/core/ Frame C5D6 2 KB
1 KB 220ms
220ms Document
text/html 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1662046200000/r32rm8p2zmht.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

031d80ef7e88e01ae16a5e2e59ce168bc31fec81be6aa8ac388d7213d37c3da5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.securonix.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 01 Sep 2022 15:25:34 GMT
etag: W/"fee11af2184d7af2cbe07132a525513a"
last-modified: Wed, 31 Aug 2022 18:23:27 GMT
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
x-amz-cf-id: AKGS5QQpJn3Y4mAuKL9vuhq-ICzdcKI6FpfppKEhUgFm-FGL3rWC7A==
x-amz-cf-pop: FRA56-P5
x-amz-server-side-encryption: AES256
x-amz-version-id: Y5Qc9YCv9HnUtWRsyFhahbsVqQ0FTNR4
x-cache: Hit from cloudfront

GET
H2 200 nr-1216.min.js Show response
js-agent.newrelic.com/ 38 KB
14 KB 31ms
7ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1216.min.js
Requested by: Host: www.securonix.com
URL: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

x-amz-version-id: mHHzJIqOizHibcYt0xqAszRr0gQRiNYy
content-encoding: gzip
etag: "9f533d8cd24b2c5e3b4dc886ecbd43e8"
x-amz-request-id: QS55VTZ5KYBT01RF
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 14391
x-amz-id-2: LqMYMQa4YU1cIYkATbA3xCSvsTD2lndpXc+K9jTcrBu4zKcsnQNt7LnOCIo6x7yoHpJFT7uuVmQ=
x-served-by: cache-hhn4065-HHN
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1662045934.089649,VS0,VE0
date: Thu, 01 Sep 2022 15:25:34 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 13761

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=2FAC78509F454009990CBBEB0DCCFED9&RedC=c.clarity.ms&MXFR=12657B5C99DD66F01905694E9DDD684B
https://c.clarity.ms/c.gif?CtsSyncId=2FAC78509F454009990CBBEB0DCCFED9&MUID=1C32982C78B162B22CF78A3E791D63A4

42 B
368 B

28ms
28ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=2FAC78509F454009990CBBEB0DCCFED9&MUID=1C32982C78B162B22CF78A3E791D63A4
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
last-modified: Wed, 17 Aug 2022 23:56:46 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "de363c295b2d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 01 Sep 2022 15:25:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2FA4525772E446E18677A6D3F794070E Ref B: FRA31EDGE0112 Ref C: 2022-09-01T15:25:34Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=2FAC78509F454009990CBBEB0DCCFED9&MUID=1C32982C78B162B22CF78A3E791D63A4
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 runtime~main.bef95df7.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 6 KB
3 KB 8ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

32626949417e1e5f0a910740e6d8dce52bc42f2808aa774007c13d70947b0b0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 18:23:26 GMT
content-encoding: gzip
age: 75728
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 31 Aug 2022 18:10:12 GMT
server: nginx
etag: W/"e086f8acd2530042828444b37a1d77f9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 5Bb2GA_q6cpdGdsbvIylHuOc7jJBWoOg
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gnya7vRfLQYMHriIR-w9IpESnzgeRGGXHQ41dgbZ6ipix2BrSKYTZQ==

GET
H2 200 8.611ead2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 35 KB
13 KB 9ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.611ead2e.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 19:59:49 GMT
content-encoding: gzip
age: 7241145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 09 Jun 2022 14:58:14 GMT
server: nginx
etag: W/"6aa29962f34a8e117268142c7cc1cc3d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _RZ1GDjUm5KuW3ooz6jLFMyJffaKXq96
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: xbQM-A0_KczyfEjWfwgrP1k-d1vdv-Y-4ScIIfOHe5lKDK4j6gk5Bg==

GET
H2 200 main~493df0b3.ac3a9470.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 7 KB
3 KB 9ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.ac3a9470.chunk.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

cc08221e904788853f9dbae9e845e8c88e947de904dcd007c0da0c4d18acd1de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 03 Jul 2022 23:15:04 GMT
content-encoding: gzip
age: 5155830
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:58 GMT
server: nginx
etag: W/"ab6db2ea528099e4b4bcafc90b1f14a6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: hiapbHKSV4DShQCB29I8q9ZEQ_orBvh8
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: lM5KThrbQKuiA1vth8wACUMVeQUVg0nXl3HBikUgJwo-1PwqXHGUoA==

GET
H/1.1 200
OK NRJS-e6ece394b0ed1b033c0 Show response
bam.nr-data.net/1/ 49 B
621 B 285ms
258ms Script
text/javascript 162.247.241.14
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/NRJS-e6ece394b0ed1b033c0?a=989077289&v=1216.487a282&to=ZwNaNkBSWkAHVUZRCV5JeQFGWltdSUVbVgFcAxUAXlxT&rst=1322&ck=1&ref=https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/&ap=993&be=144&fe=1284&dc=458&perf=%7B%22timing%22:%7B%22of%22:1662045932779,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:11,%22c%22:11,%22s%22:18,%22ce%22:36,%22rq%22:36,%22rp%22:111,%22rpe%22:113,%22dl%22:115,%22di%22:457,%22ds%22:458,%22de%22:465,%22dc%22:1265,%22l%22:1284,%22le%22:1286%7D,%22navigation%22:%7B%7D%7D&fp=274&fcp=274&at=S0RZQAhISU4%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1216.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

Date: Thu, 01 Sep 2022 15:25:34 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 743f04f05bea906c-FRA

GET
H2 200 47.f4a0cab7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 47 KB
14 KB 10ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/47.f4a0cab7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

dd7e25fe1547c7102760792d7b920ed5a289aa0224014594f856b5ab396dc0d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 02:17:00 GMT
content-encoding: gzip
age: 5144914
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"58eb1e017120f28c6eea4aa3402a2042"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: jctMzIJIR8pxylIIOPc..ieVIdEvFzh3
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: y-rWEtDIMCjg4dXjLfb-s1JE5MqmoYJLv4yhSbPTUUVBrt0mKswZEg==

GET
H2 200 22.fd21eb42.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 44 KB
13 KB 11ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.fd21eb42.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

78c1118165ba1620bd91cc6f96c1cd99fa9469a9382f73f313c8e556d0fdaa9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 03 Jul 2022 23:15:05 GMT
content-encoding: gzip
age: 5155829
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"cbf1bca421271b2567e00a478296192b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: rhriNS8WygjGEv2GTbSa16tsLJlBsIO5
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: He_TGRv8CPetTt9pmimZGKlme9xHBypI_wVVNbQ25xUfGZ-xO6YoQQ==

GET
H2 200 39.0cc86423.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 25 KB
8 KB 12ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/39.0cc86423.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

9df0c15923f76778de529c7e5131028841cb6891ca460d779c92e499005ee0d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 05:13:08 GMT
content-encoding: gzip
age: 3665546
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 20 Jul 2022 16:44:36 GMT
server: nginx
etag: W/"3cbfbd7bb911f7cfc3b4394f334cdb67"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: oKmg4FrWOfQibH6GiwTJD5mzxlfV.GJ_
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 1KNQKj_oEhL3Mt-GKkLR0V7LzxX5qXEPvNrsVsUE1FuYrfo3qcM-Jw==

GET
H2 200 18.c13b3a33.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 16 KB
5 KB 12ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.c13b3a33.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

e3205178d8f4b21ab5dc10a089939e49dd276dea7b5047ef2b494ffea3b93b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 01:05:58 GMT
content-encoding: gzip
age: 4976376
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"2e0e21fb7fd3dd146cc688e39d01d42e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: pxNOQ93Ry3SgjvjCpTdQZ2Sx3uMbDhCG
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HA38YUN8zhHTeJ3oVKcS8vg1o-wLCEWPAZNsZUc-MTydL8a1MvJtbw==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 74 KB
23 KB 13ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 11:53:35 GMT
content-encoding: gzip
age: 4937519
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: DvU1VknvadEMM0li2kjSs2rGEgsC.2zC
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Bh38aLLwBvabkwsbriUFJXJjg1akMjz07yo_iqwgvFePDVwMlKWjRA==

GET
H2 200 25.8f107198.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 59 KB
19 KB 13ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.8f107198.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:26:46 GMT
content-encoding: gzip
age: 5731128
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 17 Jun 2022 14:39:27 GMT
server: nginx
etag: W/"e2511c69e5bdc03467952abaccdb5383"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: eI68DKvvjxiDbX_K1dX4xe2PNV6BS0F2
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: X93AWE_cKarVH5JGVCr5qS21m2SnE88A5B4CXIVTmk30TIfAecvPYA==

GET
H2 200 13.3e86f1f6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 91 KB
28 KB 15ms
12ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:26:46 GMT
content-encoding: gzip
age: 5731128
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 17 Jun 2022 14:39:26 GMT
server: nginx
etag: W/"fdee1a560ca08e3d3702e14d8f1f0b82"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 2rH9Vw5zwyFjPSSMs.YwDeMiE5sBqg4r
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kcgxco4BTxJ1zbuoz-1N1_G5t09DGdAKqRO2IWOZMDCSlr6y994q3A==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 23 KB
7 KB 15ms
13ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 03 Jul 2022 23:15:06 GMT
content-encoding: gzip
age: 5155828
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:55 GMT
server: nginx
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 7WrloWWSc22pVf.7ICrUs7406unnhgom
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: bi8uMyxLy6HVLdotK_7Gyo0iLNtIEJu6tnynWWI_JoFCQjg0Xniy2w==

GET
H2 200 16.fde6fa28.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 62 KB
20 KB 16ms
13ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.fde6fa28.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 03:22:54 GMT
content-encoding: gzip
age: 3672160
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 20 Jul 2022 16:44:35 GMT
server: nginx
etag: W/"90795af8c950a50300cf801b300db7ab"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Czs8PHX517U6kDfcy5c9LsKW5uxut099
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: gORl_aFV79YPykJ8TlbZ8rpbhwmdq9vY8vE5uRRk66Dk5IjEMhNxxw==

GET
H2 200 45.772158c8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 105 KB
34 KB 17ms
15ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/45.772158c8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

af7690b10b2e4c40106b8e8ac69c9287176615a9913004666af12c98251d6ec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 06:43:42 GMT
content-encoding: gzip
age: 6943312
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 10 Jun 2022 19:03:31 GMT
server: nginx
etag: W/"e683acc1d1d7a31204545c14f2e45dfc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: aEgB7rZxvs_rhrc47mnGdmzprDAsXGNL
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YQArsCSQxNfWKGP39ldyioSIPgZu7PFt8KeFLcC2UtM5E6S56dLsiQ==

GET
H2 200 37.9da17c94.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 12 KB
4 KB 19ms
16ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.9da17c94.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

46959f0ff8db28a2e76b7bcd57953ead9ec578260c21cad5c5354a46f7890cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 19:59:50 GMT
content-encoding: gzip
age: 7241144
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 09 Jun 2022 14:58:14 GMT
server: nginx
etag: W/"e5c98ad7a7e70a1957477e33db39149c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .1KvOWwhKDvJVSWzg49IMEkznsWNUcpl
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: X7AofWTYcjTBzscbpl-nP0OaM6lX7fMp4qX53PzThxBWMfBr_DqGUQ==

GET
H2 200 28.ed383893.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 12 KB
5 KB 19ms
17ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.ed383893.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

8843d0dae7daa6e3bdf06e07ffb65e5b5240268203496f5946dcdda9cc0c290d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 08:05:31 GMT
content-encoding: gzip
age: 4432803
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 11 Jul 2022 14:16:17 GMT
server: nginx
etag: W/"910117b3f0a0501f693606963bfe4daf"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: AvxSunSgeBTQzaCE.4f6vvhlOyihsj6Q
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Q2KXaRRE1yT86Ngaar5chiXX8OK-bNGgyZVzZVEKaHOKka9_TSSz-g==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 17 KB
7 KB 19ms
17ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 22 Jul 2022 00:55:28 GMT
content-encoding: gzip
age: 3594606
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 20 Jul 2022 16:44:35 GMT
server: nginx
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: f.0PmvFwFO6wHvpJ0r6JG1gTthOACCRK
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AggN18Zyx-lN0k2fZfiAhP_gCQmjes1kR4ztKTml4UpHDZhLx-9y3w==

GET
H2 200 9.f50eb0b3.chunk.css
js.driftt.com/core/assets/css/ Frame 47C3 13 KB
3 KB 20ms
18ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.f50eb0b3.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

d65de87105aa9fe774e1fb4322529cd2ad2718e7387afb70e51b870cbf23b571

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:13 GMT
server: nginx
etag: W/"e6efd75f849f72222df348ff402e8026"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: cfUNfNdGGDHKWON2NXR5AFmNvq8uIDRB
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: _T49q7cMinFbSgArDD1FnzOgwWBfwsaHY3ci31I4iEyMK0E_h1UORw==

GET
H2 200 9.535a3a94.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 70 KB
22 KB 20ms
19ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.535a3a94.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

59a73ec19a6bedd8415c972674adc1f24a9b785ebbe28b6b49b571c02ba227f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:17 GMT
server: nginx
etag: W/"073dafbb4b9bd1b881e6475386b712ee"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: oCovUdRwAlg.GGR_hVxwJrKIYj.O.YqJ
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: VZH4g72FO2-aHbecIshHFREEWWN9oVHn3XSyXpYLbdZiWeVaqqzIAA==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame 47C3 24 B
665 B 20ms
19ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 19:59:49 GMT
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
age: 7241145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Thu, 09 Jun 2022 14:58:11 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: ykspFRt4QsihJmMduj_fPY2DMuvVpMeo
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: W4YznbbdY3vMdAc2IcA2Ay3jJfrCs8LrLrK5604Fv7Xs1FSsLA4mug==

GET
H2 200 17.6ccd0f69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 77 KB
20 KB 21ms
20ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.6ccd0f69.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

ab6f19b1c8929b99d3725f9d7688325dfaa743613fd72cd4dc67ef0ceb50d34b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"a581fbb27874f93f15c3fe3784f2391a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: A6__olwCDz1FD.1X9WiQXDg59ZPZqaUK
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: oIagflGhG7htA_lihC75J_3a6htDuJmh-g4g8gDay5oGPQNCy-02ow==

GET
H2 200 24.6872e542.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 48 KB
13 KB 21ms
21ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.6872e542.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

f78f03c76e2d4bc33181242fa874eb1864fd893a0220c67c3c921173ccebaa5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"d5fca8bbc4fcf7b492843bcb9a12189b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: myoo_FG2jXaPzinerG5A.TSm8zp.AVWF
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 0IQXP39FUJ7NW4K_870mLqma10zf3HuuGaMigC7LOUWf_Gc7xhdBFg==

GET
H2 200 15.470f07ed.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 40 KB
13 KB 22ms
22ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.470f07ed.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b18d121835cf2154f365b4d22c28ee2158878fa79c3f550b603994b75947cd1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 18:23:26 GMT
content-encoding: gzip
age: 75728
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
server: nginx
etag: W/"7928b8a053044dac0930a819c7f6cac0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: FkcIx6pwGge5IA4Bglyp6FQ8lfWD.1Bl
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 3lezORU0f8k8iwlmJYQtLV76fcr4zqpqctHr8t481Meawj56u1oc9A==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 9 KB
3 KB 9ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 11:53:35 GMT
content-encoding: gzip
age: 4937519
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:55 GMT
server: nginx
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Zbe9jo4421ve4vYfPKeczcyM50i9DDWS
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dSvAIssQSKiflRVqEF75UELyf2VDvoYvLPjMM2u2lIkjO4_8szcIWw==

GET
H2 200 26.2d4cdbd1.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 34 KB
10 KB 11ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/26.2d4cdbd1.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

71e905aff9bad1d3b5a783336fcdd013cc97beb8985e4cd2cf7d195925a48211

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 18:23:27 GMT
content-encoding: gzip
age: 75727
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
server: nginx
etag: W/"c55d27c90bd5affbf7c7047151ac3b6a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: siv4sYmLp3BEOV5kWKjSS9V7tHMZAkGl
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Ekfv9DX8yp4CDCxxkiQbSelLjl_TVdBtLsOkxOYV4WxAWc8GA-Cm9A==

GET
H2 200 27.9bf46b67.chunk.css
js.driftt.com/core/assets/css/ Frame 47C3 8 KB
2 KB 10ms
9ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/27.9bf46b67.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 12 Aug 2022 18:08:02 GMT
content-encoding: gzip
age: 1718252
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 12 Aug 2022 17:25:54 GMT
server: nginx
etag: W/"4f21faf2ba450e5fcdf7eda90813e185"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: OwtYu1UfCDk9O65HArj6B6mV7fLBXaFN
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jABROkjHngb6R7RPHrwq_iyVp76nun_76g5PIwmIb_VezLzChtKnrA==

GET
H2 200 27.59c53bf0.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 13 KB
5 KB 11ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/27.59c53bf0.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

8bafd70b875a4328d6ac081d194f9662da21024454676cf166858d14116df322

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 18:23:27 GMT
content-encoding: gzip
age: 75727
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
server: nginx
etag: W/"8a9a57d9c18d146019a9a91f3fa26db1"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: GqYhAS8BbCVDI5aFKkQ5l2M8CdcQR368
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: HvODONbB-EadDbLqZQFC7XFd0IP3Fr52d_ijwQlvvODv7ei4FX7tpQ==

GET
H2 200 19.c695453b.chunk.css
js.driftt.com/core/assets/css/ Frame 47C3 365 B
1010 B 10ms
9ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/19.c695453b.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 03 Jul 2022 23:15:07 GMT
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
age: 5155827
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 365
last-modified: Fri, 01 Jul 2022 20:20:53 GMT
server: nginx
etag: "06b2963b029c0824382815165bfea73e"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _GKDVm7cwHRbprAEZ8WoHMzXEQGGTOt2
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BmZ5sBWyHOCpxZGzvPrEi3dDtpApHeTj_CaFFIb2Qimq1xAQZJnB9A==

GET
H2 200 19.c6476f9e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame 47C3 88 KB
25 KB 11ms
11ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/19.c6476f9e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

14a3921ddf5cdc373e9bbd88590bd4ed17cf65a4d5fb14169486227f6bd3e41c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core?embedId=r32rm8p2zmht&region=US&forceShow=false&skipCampaigns=false&sessionId=20bf8671-f66e-4299-bfa8-0822776d576e&sessionStarted=1662045934.046&campaignRefreshToken=4429bc28-d488-4807-b7c9-6cecb42e05ee&hideController=false&pageLoadStartTime=1662045932892&mode=CHAT&driftEnableLog=false&secureIframe=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"577a5b4c4d4e15fe510f6e9d62882f27"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: iwfAR0XWOD35qtGdWcZt_c4r2xii5fG_
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: AnD4ZekpBZXPEDDY1SbPPdDgITwyo58_ij3b2CovFX7M74zVrRkHZg==

GET
H2 200 runtime~main.bef95df7.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 6 KB
3 KB 8ms
7ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

32626949417e1e5f0a910740e6d8dce52bc42f2808aa774007c13d70947b0b0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 18:23:26 GMT
content-encoding: gzip
age: 75728
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 31 Aug 2022 18:10:12 GMT
server: nginx
etag: W/"e086f8acd2530042828444b37a1d77f9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 5Bb2GA_q6cpdGdsbvIylHuOc7jJBWoOg
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: q2OvIcxMW-tAsSXMiczoW3L5g1ASzsbnDV_cXsZor4dU0kQ3m_5Unw==

GET
H2 200 8.611ead2e.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 35 KB
13 KB 8ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/8.611ead2e.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 19:59:49 GMT
content-encoding: gzip
age: 7241145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 09 Jun 2022 14:58:14 GMT
server: nginx
etag: W/"6aa29962f34a8e117268142c7cc1cc3d"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _RZ1GDjUm5KuW3ooz6jLFMyJffaKXq96
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XQwKDeasuXq8mjqQj-x0w5qE8UH4At1M2p2Nv7awWSe8dlipuEEZ9A==

GET
H2 200 main~493df0b3.ac3a9470.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 7 KB
3 KB 9ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/main~493df0b3.ac3a9470.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

cc08221e904788853f9dbae9e845e8c88e947de904dcd007c0da0c4d18acd1de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
Origin: https://js.driftt.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 03 Jul 2022 23:15:04 GMT
content-encoding: gzip
age: 5155830
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:58 GMT
server: nginx
etag: W/"ab6db2ea528099e4b4bcafc90b1f14a6"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: hiapbHKSV4DShQCB29I8q9ZEQ_orBvh8
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: rQWN9FxfNAx9Ugvt5V7SgFGLDehx-5VVZdofXyetq2jKcxQDqPm6Dw==

GET
H2 200 47.f4a0cab7.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 47 KB
14 KB 11ms
7ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/47.f4a0cab7.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

dd7e25fe1547c7102760792d7b920ed5a289aa0224014594f856b5ab396dc0d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 04 Jul 2022 02:17:00 GMT
content-encoding: gzip
age: 5144914
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"58eb1e017120f28c6eea4aa3402a2042"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: jctMzIJIR8pxylIIOPc..ieVIdEvFzh3
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: o9s8JrSvLXK5jJibBaTOm_Ja7f8kVoVRtBfpqf9o8dOe3v4aOW25Qw==

GET
H2 200 22.fd21eb42.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 44 KB
13 KB 12ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/22.fd21eb42.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

78c1118165ba1620bd91cc6f96c1cd99fa9469a9382f73f313c8e556d0fdaa9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 03 Jul 2022 23:15:05 GMT
content-encoding: gzip
age: 5155829
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"cbf1bca421271b2567e00a478296192b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: rhriNS8WygjGEv2GTbSa16tsLJlBsIO5
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5claIyLr438VCI0ZiwyqQdBUOMT5SbFdr_RNakwzJTf5ZjLuzfsKaQ==

GET
H2 200 39.0cc86423.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 25 KB
8 KB 12ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/39.0cc86423.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

9df0c15923f76778de529c7e5131028841cb6891ca460d779c92e499005ee0d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 05:13:08 GMT
content-encoding: gzip
age: 3665546
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 20 Jul 2022 16:44:36 GMT
server: nginx
etag: W/"3cbfbd7bb911f7cfc3b4394f334cdb67"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: oKmg4FrWOfQibH6GiwTJD5mzxlfV.GJ_
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: ATPfaiNsXgbLAa8bTzGuiUHlQA0JNEsYthDS3fc-EHEVjjHLnkmNug==

GET
H2 200 18.c13b3a33.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 16 KB
5 KB 13ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/18.c13b3a33.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

e3205178d8f4b21ab5dc10a089939e49dd276dea7b5047ef2b494ffea3b93b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 01:05:58 GMT
content-encoding: gzip
age: 4976376
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"2e0e21fb7fd3dd146cc688e39d01d42e"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: pxNOQ93Ry3SgjvjCpTdQZ2Sx3uMbDhCG
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: p5y2MskYB0o0qrZYleAH4zdEjY4X9NuttzqbuvNCAh0wHKHIntGoDg==

GET
H2 200 20.8c21ea18.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 74 KB
23 KB 13ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/20.8c21ea18.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 11:53:35 GMT
content-encoding: gzip
age: 4937519
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:56 GMT
server: nginx
etag: W/"6d77a76055d81227033363af2f18caf8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: DvU1VknvadEMM0li2kjSs2rGEgsC.2zC
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: dL7hwF1nkYWDOmavLAONZItpr3RDg77-1DmhnNWGZN_UJaEeo_o-og==

GET
H2 200 25.8f107198.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 59 KB
19 KB 14ms
11ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/25.8f107198.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:26:46 GMT
content-encoding: gzip
age: 5731128
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 17 Jun 2022 14:39:27 GMT
server: nginx
etag: W/"e2511c69e5bdc03467952abaccdb5383"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: eI68DKvvjxiDbX_K1dX4xe2PNV6BS0F2
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7BUQ0vDLvT0yRg83x3XG7diiGKVp9qrVnzbv8_lxgUgIEDMo6b28nw==

GET
H2 200 13.3e86f1f6.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 91 KB
28 KB 14ms
12ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/13.3e86f1f6.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 07:26:46 GMT
content-encoding: gzip
age: 5731128
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 17 Jun 2022 14:39:26 GMT
server: nginx
etag: W/"fdee1a560ca08e3d3702e14d8f1f0b82"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 2rH9Vw5zwyFjPSSMs.YwDeMiE5sBqg4r
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 9eX3byZjN_vSj9J4mz5K34iDGj284mX8bMh4vbReWcoifMyzexj7PA==

GET
H2 200 11.639238ba.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 23 KB
7 KB 15ms
13ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/11.639238ba.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 03 Jul 2022 23:15:06 GMT
content-encoding: gzip
age: 5155828
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:55 GMT
server: nginx
etag: W/"4049f38c00add1738dc4806148ff8829"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 7WrloWWSc22pVf.7ICrUs7406unnhgom
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: qtGn_SXWMhUmHuTOB95a6mw02D3tFVZebC5leQh4MDvuRGa6amZYCg==

GET
H2 200 16.fde6fa28.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 62 KB
20 KB 16ms
13ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/16.fde6fa28.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 21 Jul 2022 03:22:54 GMT
content-encoding: gzip
age: 3672160
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 20 Jul 2022 16:44:35 GMT
server: nginx
etag: W/"90795af8c950a50300cf801b300db7ab"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Czs8PHX517U6kDfcy5c9LsKW5uxut099
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: jL0bevQtQ7YR0zF7TNF_ek0xJeZZxwce0BxQVA7-WAGL62XH0F2iOA==

GET
H2 200 45.772158c8.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 105 KB
34 KB 17ms
14ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/45.772158c8.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

af7690b10b2e4c40106b8e8ac69c9287176615a9913004666af12c98251d6ec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 06:43:42 GMT
content-encoding: gzip
age: 6943312
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 10 Jun 2022 19:03:31 GMT
server: nginx
etag: W/"e683acc1d1d7a31204545c14f2e45dfc"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: aEgB7rZxvs_rhrc47mnGdmzprDAsXGNL
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FHecfsZn2aIGnP2DQta5xTKgZVIVHkogrEo60ZRVgjapf55jec-aiw==

GET
H2 200 37.9da17c94.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 12 KB
4 KB 17ms
15ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/37.9da17c94.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

46959f0ff8db28a2e76b7bcd57953ead9ec578260c21cad5c5354a46f7890cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 19:59:50 GMT
content-encoding: gzip
age: 7241144
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 09 Jun 2022 14:58:14 GMT
server: nginx
etag: W/"e5c98ad7a7e70a1957477e33db39149c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: .1KvOWwhKDvJVSWzg49IMEkznsWNUcpl
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: InKDw--YhKEIJ2YEvNP-vrBHKHlv9AjZqV9rSk6S2g8fQfWXU7NLbw==

GET
H2 200 28.ed383893.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 12 KB
5 KB 18ms
16ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/28.ed383893.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

8843d0dae7daa6e3bdf06e07ffb65e5b5240268203496f5946dcdda9cc0c290d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Tue, 12 Jul 2022 08:05:31 GMT
content-encoding: gzip
age: 4432803
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 11 Jul 2022 14:16:17 GMT
server: nginx
etag: W/"910117b3f0a0501f693606963bfe4daf"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: AvxSunSgeBTQzaCE.4f6vvhlOyihsj6Q
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: iKw_epwfFsmoA7CNijTgWkjx0bsa0QApY6UB17G5mcqYB98WqsT7Ow==

GET
H2 200 21.b8c41db9.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 17 KB
7 KB 19ms
17ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/21.b8c41db9.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 22 Jul 2022 00:55:28 GMT
content-encoding: gzip
age: 3594606
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 20 Jul 2022 16:44:35 GMT
server: nginx
etag: W/"65e5c965272e021ae33ff8bc39565ef5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: f.0PmvFwFO6wHvpJ0r6JG1gTthOACCRK
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: Em3hQzVJPk2YBYBpoFzBTKHKKpdr-Q2E7UEZJMypVl2pOlyOkhCFpQ==

GET
H2 200 9.f50eb0b3.chunk.css
js.driftt.com/core/assets/css/ Frame C5D6 13 KB
3 KB 18ms
16ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/9.f50eb0b3.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

d65de87105aa9fe774e1fb4322529cd2ad2718e7387afb70e51b870cbf23b571

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:13 GMT
server: nginx
etag: W/"e6efd75f849f72222df348ff402e8026"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: cfUNfNdGGDHKWON2NXR5AFmNvq8uIDRB
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: fnKYbIUS1kHOB-kUbFPR8t09e6CzUV-vTfPc0gqihjORnZTg7NikRg==

GET
H2 200 9.535a3a94.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 70 KB
22 KB 20ms
18ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/9.535a3a94.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

59a73ec19a6bedd8415c972674adc1f24a9b785ebbe28b6b49b571c02ba227f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:17 GMT
server: nginx
etag: W/"073dafbb4b9bd1b881e6475386b712ee"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: oCovUdRwAlg.GGR_hVxwJrKIYj.O.YqJ
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: XShfvITVwUlY-Zaf5HwYXdsMC78bQ-A9hdjQrBU_H0aYqDFX_U3emw==

GET
H2 200 17.22abfce0.chunk.css
js.driftt.com/core/assets/css/ Frame C5D6 24 B
666 B 18ms
17ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/17.22abfce0.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 19:59:49 GMT
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
age: 7241145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 24
last-modified: Thu, 09 Jun 2022 14:58:11 GMT
server: nginx
etag: "0c5dad92482d9a7c7c253510f5082465"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: ykspFRt4QsihJmMduj_fPY2DMuvVpMeo
access-control-allow-origin: *
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
accept-ranges: bytes
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7OzoJcgUeQ0Y_H-qgPaIk2TFBTfEuI_l26XHYK9sf2RUNRtyk7FnUQ==

GET
H2 200 17.6ccd0f69.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 77 KB
20 KB 20ms
19ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/17.6ccd0f69.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

ab6f19b1c8929b99d3725f9d7688325dfaa743613fd72cd4dc67ef0ceb50d34b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"a581fbb27874f93f15c3fe3784f2391a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: A6__olwCDz1FD.1X9WiQXDg59ZPZqaUK
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YSX9C0SaCHzJ1uC05dU1apbz2PhIZ1d-KNlT3M5wnke-ugX-tY-xpA==

GET
H2 200 24.6872e542.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 48 KB
13 KB 21ms
20ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/24.6872e542.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

f78f03c76e2d4bc33181242fa874eb1864fd893a0220c67c3c921173ccebaa5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:22 GMT
content-encoding: gzip
age: 525912
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"d5fca8bbc4fcf7b492843bcb9a12189b"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: myoo_FG2jXaPzinerG5A.TSm8zp.AVWF
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: caJ3_PxDJvnhNpE20tqlRKC33h-JTc0V2jdv6nzXbZBiVor9KtKR2g==

GET
H2 200 15.470f07ed.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 40 KB
13 KB 21ms
20ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/15.470f07ed.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b18d121835cf2154f365b4d22c28ee2158878fa79c3f550b603994b75947cd1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 31 Aug 2022 18:23:26 GMT
content-encoding: gzip
age: 75728
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Wed, 31 Aug 2022 18:10:09 GMT
server: nginx
etag: W/"7928b8a053044dac0930a819c7f6cac0"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: FkcIx6pwGge5IA4Bglyp6FQ8lfWD.1Bl
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BjDPfgD9Qm5mscneEh4s1e_ub84QI2L86oxj_DLUZrieBpyumA-iOg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 184ms
183ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=797ae762-6d2e-4563-86d2-f97fb7ede92e&session=cbd0ed6f-d2bf-45a5-84d8-acb056767ef4&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A33%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Securonix%20Threat%20Labs%20Security%20Advisory%3A%26nbsp%3BNew%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&pageViewId=55f6eeb5-88fb-4aee-8863-c9b099d80714&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:34 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 34.11d2b6a7.chunk.css
js.driftt.com/core/assets/css/ Frame C5D6 3 KB
1 KB 8ms
7ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/34.11d2b6a7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sat, 02 Jul 2022 23:19:59 GMT
content-encoding: gzip
age: 5241935
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:54 GMT
server: nginx
etag: W/"87532c4db85f1429fa6d759bc3332f36"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: _3ypchvV2Y1htZw1RZMu3A33yhTTURn1
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: euE-3ZENYrzrk3sjGVPdl-YJ0rO0MwvlZWGdE9gLf4Vu4urvjq31fg==

GET
H2 200 34.3cbd9261.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 3 KB
2 KB 8ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/34.3cbd9261.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

7186667a162c9e21b7932996c559c2a4451b1460ce4330f81abcd487c094f906

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:23 GMT
content-encoding: gzip
age: 525911
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"748f87dc8e48bdf52edce2868c5c428c"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: 9WcUo8FUpPIrUIsoQRc2Y_xjFIjq3R62
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YQrVSbgb6lkK6xxqE2ADQGRef6GrqfWg6-XYIU-IX0IHMgptU9D29Q==

GET
H2 200 0.0b2ebd4a.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 9 KB
3 KB 9ms
8ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/0.0b2ebd4a.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Wed, 06 Jul 2022 11:53:35 GMT
content-encoding: gzip
age: 4937519
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:55 GMT
server: nginx
etag: W/"c5efcdc9e465604f32cf24af10fd6c13"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: Zbe9jo4421ve4vYfPKeczcyM50i9DDWS
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: pE2gyXP1_XPLhw7GOpN25M5N3shoSmDVWJ_DkQuaLktBz5wbZ1YFFw==

GET
H2 200 3.07aa08a5.chunk.css
js.driftt.com/core/assets/css/ Frame C5D6 7 KB
2 KB 9ms
8ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/3.07aa08a5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Sun, 03 Jul 2022 23:15:07 GMT
content-encoding: gzip
age: 5155827
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 01 Jul 2022 20:20:54 GMT
server: nginx
etag: W/"189aeffd571884559dababa22c66d75a"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: tCdSVILzeupU.nQrAVkA0bwYUW3c2XL3
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: aolLyyqEHqC1NPAV6e_sOzyA0S7XANRMGuF_SRs3g968izXt_L50Kg==

GET
H2 200 3.00aa1009.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 54 KB
16 KB 10ms
9ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/3.00aa1009.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

b8eef39219651c2e824894e8f8d35742e86021c1a556136fb6ffc5e1169bccbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 11:49:00 GMT
content-encoding: gzip
age: 5715394
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Fri, 17 Jun 2022 14:39:27 GMT
server: nginx
etag: W/"b6e857285e106c4d697971a13a9e5f01"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: tTuAChfQwPESS723_FYzhanTBZ1LG4FW
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DJVKuHXn_KF2vo-OfKun7-a37CPCmHCmzLVbVCE2iXvo1K0bF844MA==

GET
H2 200 1.9ac936f5.chunk.css
js.driftt.com/core/assets/css/ Frame C5D6 43 KB
7 KB 9ms
9ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/1.9ac936f5.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

05fd3f7ca9e58167b3322b6b18b6558c169422c0b04710d9d05c12181d51fca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:23 GMT
content-encoding: gzip
age: 525911
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:12 GMT
server: nginx
etag: W/"aceba6596ea46648313cf55bd1ddcfc5"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: g2F7HrSZWtngTjVVBgLaUYEhzo51aYKk
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 7-lKHcBt4szmCsCpQBbo4L45Cilq6p0ksYKP4OldFkXYvh8FoH2s8w==

GET
H2 200 1.2539d882.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 73 KB
25 KB 11ms
10ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/1.2539d882.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

8683eb483faa2ba096b88b51024bee89996afc3d535851c25c0f3048c6ce1fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:23 GMT
content-encoding: gzip
age: 525911
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:14 GMT
server: nginx
etag: W/"b2b42f2c656523eb815001ce11edca28"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: fIE_oAo1FKBhU1h.XRllzJ0k6ca8W79P
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: wdbVQYVO9OOUgHCgGUzD29TTvFZMrzlwEvgzeHypqmsm8WuN6GdgAg==

GET
H2 200 31.1f8907d7.chunk.css
js.driftt.com/core/assets/css/ Frame C5D6 13 KB
3 KB 10ms
9ms Stylesheet
text/css 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/css/31.1f8907d7.chunk.css

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

d448922e5f8ed3b2a45beeecd2c8667699df8627efa96d61777212459cb75c61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:23 GMT
content-encoding: gzip
age: 525911
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:13 GMT
server: nginx
etag: W/"cea19cf62d3d6bd9d3f16433e69c8464"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: y_GckAHSFRel3MT0hH2mIHQBZxv6gp4Z
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: text/css
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: YfglyfQaSArcu1Ov-sOdjPhOYw6hrD6X79U1-jXesarR4ZwryXhuUQ==

GET
H2 200 31.a2b3c0b5.chunk.js Show response
js.driftt.com/core/assets/js/ Frame C5D6 12 KB
5 KB 11ms
11ms Script
application/javascript 18.66.112.55
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/assets/js/31.a2b3c0b5.chunk.js

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/runtime~main.bef95df7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.112.55 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-112-55.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

8534026f857e6cae6d883e0b91a3c4153990d691cc0298b47fee02adc5e58779

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://js.driftt.com/core/chat?region=US&driftEnableLog=false&pageLoadStartTime=1662045932892
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Fri, 26 Aug 2022 13:20:23 GMT
content-encoding: gzip
age: 525911
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Thu, 25 Aug 2022 21:13:15 GMT
server: nginx
etag: W/"7d8bb443a5de3257f895de8bf92ff127"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
x-amz-version-id: E6NeJTbwpOMQ0eNbyU6FVfN0HWCLyHlQ
via: 1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
cache-control: max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P5
content-type: application/javascript; charset=utf-8
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: BZIuukrZB3wBnLJmiTuEFmFYyAYdfqUmqnlH-NjOujVa6o8_w2OvGg==

POST
H2 200 v2 Show response
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 47C3 25 B
123 B 116ms
116ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/47.f4a0cab7.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 01 Sep 2022 15:25:34 GMT
server: istio-envoy
requestid: 786cefe9f1be40eb
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 17
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 v2
metrics.api.drift.com/monitoring/metrics/widget/init/ Frame 0
0 398ms
99ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/widget/init/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 01 Sep 2022 15:25:34 GMT
requestid: driftae3dad64e3eb9700dab60fa026b
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 200 ping Show response
bootstrap.api.drift.com/widget_bootstrap/ Frame 47C3 147 B
245 B 133ms
133ms XHR
application/json 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/47.f4a0cab7.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

3342caca9bd339f32f1265167077f480be638202c9a7e271adda0818dfdae714

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 01 Sep 2022 15:25:34 GMT
server: istio-envoy
requestid: aef54ae15a575920
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 31
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 147
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 ping
bootstrap.api.drift.com/widget_bootstrap/ Frame 0
0 392ms
104ms Preflight
text/plain 50.16.7.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bootstrap.api.drift.com/widget_bootstrap/ping

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

50.16.7.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-50-16-7-188.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 01 Sep 2022 15:25:34 GMT
requestid: drift75aaba044898e5d96ffde2d6e05
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 0

POST
H2 204 collect Show response
l.clarity.ms/ 0
48 B 93ms
92ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.39/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.securonix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-origin: https://www.securonix.com
date: Thu, 01 Sep 2022 15:25:35 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 gartner_2021_critCap.jpg
www.securonix.com/wp-content/uploads/2021/12/ 9 KB
10 KB 28ms
28ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/12/gartner_2021_critCap.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25b37599de11a7f96f7b2330dd7e0dc57516669f1b8e8aa6e77ebc47206f90e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:35 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 359661
cf-polished: qual=85, origFmt=jpeg, origSize=47723
x-cache: HIT, MISS
x-cache-hits: 1, 0
content-disposition: inline; filename="gartner_2021_critCap.webp"
cf-bgj: imgq:85,h2pri
content-length: 9232
x-served-by: cache-chi-klot8100061-CHI, cache-yyz4574-YYZ
expires: Thu, 10 Aug 2023 20:03:54 GMT
last-modified: Fri, 03 Dec 2021 17:18:42 GMT
server: cloudflare
traceparent: 00-28146b36e31b49b5b8d04e126a4fccd7-24ea74de6056330f-00
x-timer: S1661296116.624762,VS0,VE20
etag: "61aa5172-ba6b"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZlsQ%2FWF3Q3cY1q97rwg4p4aedZ755kloX5w9n80Drodawn65OsATYiEEFfW4kVjoWayouO2N8bgnVG7PCa48p2rEu%2BontItx1IWtwXNyoR%2FhQLGUuK77y3K9G7T8ZDiMYjVrUOGgbB8cwYifvfZC"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 6503354b-181e-11ed-abb5-0a988cf2a7af
x-cloud-trace-context: 28146b36e31b49b5b8d04e126a4fccd7/2660067028363522831;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04f63af65be5-FRA
x-pantheon-styx-hostname: styx-fe2-b-5cd77cc4d9-67rzv

GET
H2 200 gartner_innovationInsightReport_21_menuImg.jpg
www.securonix.com/wp-content/uploads/2021/12/ 28 KB
28 KB 20ms
20ms Image
image/webp 2606:4700:3108::ac42:2b19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.securonix.com/wp-content/uploads/2021/12/gartner_innovationInsightReport_21_menuImg.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b19 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39aa671013c2af0bf0046fe10ae6ec6fb66295ea5cf95f107808f575a85d824f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31622400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:35 GMT
via: 1.1 varnish, 1.1 varnish
vary: Accept
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 359661
cf-polished: qual=85, origFmt=jpeg, origSize=133138
x-cache: MISS, MISS
x-cache-hits: 0, 0
content-disposition: inline; filename="gartner_innovationInsightReport_21_menuImg.webp"
cf-bgj: imgq:85,h2pri
content-length: 28204
x-served-by: cache-chi-klot8100159-CHI, cache-yyz4535-YYZ
expires: Thu, 24 Aug 2023 19:45:13 GMT
last-modified: Fri, 03 Dec 2021 17:18:42 GMT
server: cloudflare
traceparent: 00-bf8dc2e428da420da1eb596dd45772ba-419b6540179159aa-00
x-timer: S1661283914.916798,VS0,VE236
etag: "61aa5172-20812"
strict-transport-security: max-age=31622400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWoi%2FahGUC%2FCVAjocCh3wcGewj2aHHNZx%2B9qlab%2BvBpFyOOmhYIhzuocwIP%2Fs4f3BG7ppOcf8CEw%2BKfhDg%2BF9QO09qjdI4a3RAMjqnVrVw06pDvj%2BaSIlf%2BxVmObUSpf25bD2yk%2F8%2FVMhDMjIxH6"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
x-styx-req-id: 1b1dc519-231c-11ed-bb11-5219ade45ad4
x-cloud-trace-context: bf8dc2e428da420da1eb596dd45772ba/4727483559803181482;o=0
cache-control: max-age=31622400
accept-ranges: bytes
cf-ray: 743f04f63af75be5-FRA
x-pantheon-styx-hostname: styx-fe2-a-c7885cd54-k4669

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 187ms
186ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=797ae762-6d2e-4563-86d2-f97fb7ede92e&session=cbd0ed6f-d2bf-45a5-84d8-acb056767ef4&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A34%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%222007%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Securonix%20Threat%20Labs%20Security%20Advisory%3A%26nbsp%3BNew%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&pageViewId=55f6eeb5-88fb-4aee-8863-c9b099d80714&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 185ms
184ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=797ae762-6d2e-4563-86d2-f97fb7ede92e&session=cbd0ed6f-d2bf-45a5-84d8-acb056767ef4&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A35%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223009%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Securonix%20Threat%20Labs%20Security%20Advisory%3A%26nbsp%3BNew%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&pageViewId=55f6eeb5-88fb-4aee-8863-c9b099d80714&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:36 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 200 bulk Show response
metrics.api.drift.com/monitoring/metrics/event2/ Frame 47C3 25 B
88 B 114ms
113ms XHR
application/json 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/core/assets/js/47.f4a0cab7.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://js.driftt.com/
Authorization
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 01 Sep 2022 15:25:37 GMT
server: istio-envoy
requestid: db07185c19ca75c6
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-max-age: 1209600
access-control-allow-credentials: true
x-envoy-upstream-service-time: 16
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
content-length: 25
access-control-expose-headers: X-Results-Total-Count,X-Page-Info

OPTIONS
H2 200 bulk
metrics.api.drift.com/monitoring/metrics/event2/ Frame 0
0 99ms
99ms Preflight
text/plain 54.147.21.139
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.api.drift.com/monitoring/metrics/event2/bulk

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.147.21.139 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-21-139.compute-1.amazonaws.com

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://js.driftt.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin, content-type, accept, authorization, auth-token, uber-trace-id, x-amzn-oidc-data, x-version
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH
access-control-allow-origin: *
access-control-expose-headers: X-Results-Total-Count,X-Page-Info
access-control-max-age: 1209600
allow: POST,OPTIONS
content-length: 13
content-type: text/plain
date: Thu, 01 Sep 2022 15:25:37 GMT
requestid: drift889f9e544708a4dcaf12749ca93
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
x-envoy-upstream-service-time: 1

POST
H2 204 collect Show response
l.clarity.ms/ 0
48 B 94ms
93ms XHR
text/plain 20.120.65.166
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://l.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-e/s/0.6.39/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.120.65.166 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.securonix.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

access-control-allow-origin: https://www.securonix.com
date: Thu, 01 Sep 2022 15:25:37 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
494 B 192ms
192ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=797ae762-6d2e-4563-86d2-f97fb7ede92e&session=cbd0ed6f-d2bf-45a5-84d8-acb056767ef4&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A36%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%224012%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Securonix%20Threat%20Labs%20Security%20Advisory%3A%26nbsp%3BNew%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&pageViewId=55f6eeb5-88fb-4aee-8863-c9b099d80714&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:37 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
493 B 190ms
189ms Image
image/gif 96.16.137.162
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=05b12115ad17914938bf7667643ca0d3&svisitor=null&visitor=797ae762-6d2e-4563-86d2-f97fb7ede92e&session=cbd0ed6f-d2bf-45a5-84d8-acb056767ef4&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2001%20Sep%202022%2015%3A25%3A37%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225013%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Securonix%20Threat%20Labs%20Security%20Advisory%3A%26nbsp%3BNew%20Golang%20Attack%20Campaign%20GO%23WEBBFUSCATOR%20Leverages%20Office%20Macros%20and%20James%20Webb%20Images%20to%20Infect%20Systems%20-%20Securonix%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.securonix.com%2Fblog%2Fgolang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems%2F&pageViewId=55f6eeb5-88fb-4aee-8863-c9b099d80714&an_uid=0

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

96.16.137.162 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-137-162.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.securonix.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.52 Safari/537.36

Response headers

date: Thu, 01 Sep 2022 15:25:38 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

115 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

33 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pages.securonix.com/	1970-01-20 05:40:47	Name: __cf_bm Value: Tppb29b1dRoVdGZNYDRb7.1r44nevEz9JvbtI4NwF5I-1662045933-0-ASvi7gpH9ChfBaMbjoO96RInX36+zRch64Q+gFBc7KQLGxPHi34fApUXVTaoVX/IzaK8sHiAwkF40Luv2oH/qb4=
.securonix.com/	1970-01-20 15:16:45	Name: _mkto_trk Value: id:179-DJP-142&token:_mch-securonix.com-1662045933225-43216
.securonix.com/	1970-01-20 07:50:21	Name: _gcl_au Value: 1.1.1340952507.1662045933
www.securonix.com/	1969-12-31 23:59:59	Name: wp-wpml_current_language Value: en
.bing.com/	1970-01-20 15:02:21	Name: MUID Value: 1C32982C78B162B22CF78A3E791D63A4
.securonix.com/	1970-01-20 05:42:12	Name: _gid Value: GA1.2.597304219.1662045933
.securonix.com/	1970-01-20 05:40:45	Name: _gat_UA-12895815-1 Value: 1
.securonix.com/	1970-01-20 15:16:45	Name: _ga_JPYDLXGD3Q Value: GS1.1.1662045933.1.0.1662045933.60.0.0
.securonix.com/	1970-01-20 15:16:45	Name: _ga Value: GA1.1.465718739.1662045933
.securonix.com/	1970-01-20 05:42:12	Name: _uetsid Value: 5218ac402a0a11eda7f103fe01c8c72d
.securonix.com/	1970-01-20 15:02:21	Name: _uetvid Value: 5218a6702a0a11ed9acea5b8f0e36412
www.securonix.com/	1970-01-20 05:50:50	Name: _an_uid Value: 0
www.securonix.com/	1970-01-20 15:16:45	Name: _gd_visitor Value: 797ae762-6d2e-4563-86d2-f97fb7ede92e
www.securonix.com/	1970-01-20 05:41:00	Name: _gd_session Value: cbd0ed6f-d2bf-45a5-84d8-acb056767ef4
.doubleclick.net/	1970-01-20 05:40:46	Name: test_cookie Value: CheckForPermission
.linkedin.com/	1970-01-20 06:23:57	Name: UserMatchHistory Value: AQLAmSMU17-oIAAAAYL5qE-BIMacTbV1kZ01FU1wEQygJThfzXF3FRR2h5MYknnTZU7rW7AipjQAuQ
.linkedin.com/	1970-01-20 06:23:57	Name: AnalyticsSyncHistory Value: AQLjeHKqtex5NAAAAYL5qE-BvOvFyVn9rqc6QIRzT92qBInWlTQNDI0t7zHWbLpOFzX0rCPLcgupDPaiuzlwNQ
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 14:26:21	Name: bcookie Value: "v=2&bbc546cb-fba9-4cff-8b1b-3ca4d8afb290"
.linkedin.com/	1970-01-20 05:42:12	Name: lidc Value: "b=TGST04:s=T:r=T:a=T:p=T:g=2795:u=1:x=1:i=1662045933:t=1662132333:v=2:sig=AQGxwT-mP5aHlP9y3eL8QgKTeDqLp_c6"
.6sc.co/	1970-01-20 15:16:45	Name: 6suuid Value: cfd5ce17d4350000edce10632f02000092a63600
www.clarity.ms/	1970-01-20 14:26:21	Name: CLID Value: 6cb812317f364196bc7952ac66466f2d.20220901.20230901
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=de-de
.www.linkedin.com/	1970-01-20 14:26:21	Name: bscookie Value: "v=1&20220901152533fdc7cce7-5980-4f2f-861a-db68ec348c7dAQH7JnIqMe7HCRfWvKkPklY3aYDp9dPB"
.linkedin.com/	1970-01-20 09:59:57	Name: li_gc Value: MTswOzE2NjIwNDU5MzM7MjswMjGE7iMJLClMy+KbO40XH7q8fGqqmDUjCctQg7iM/aS3fA==
.securonix.com/	1970-01-20 14:26:21	Name: _clck Value: kiwr75\|1\|f4i\|0
www.securonix.com/	1970-01-20 05:40:47	Name: drift_campaign_refresh Value: 4429bc28-d488-4807-b7c9-6cecb42e05ee
.c.bing.com/	1970-01-20 15:02:21	Name: SRM_B Value: 1C32982C78B162B22CF78A3E791D63A4
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 15:02:21	Name: MUID Value: 1C32982C78B162B22CF78A3E791D63A4
.c.clarity.ms/	1970-01-20 05:40:46	Name: ANONCHK Value: 0
.securonix.com/	1970-01-20 05:42:12	Name: _clsk Value: yxjqht\|1662045934365\|1\|1\|l.clarity.ms/collect
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 439aab620912e171

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://lltrck.com/scripts/lt-v3.js?llid=23883 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31622400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

179-djp-142.mktoresp.com
ajax.googleapis.com
b.6sc.co
bam.nr-data.net
bat.bing.com
bootstrap.api.drift.com
c.6sc.co
c.bing.com
c.clarity.ms
d.adroll.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
j.6sc.co
js-agent.newrelic.com
js.driftt.com
l.clarity.ms
lltrck.com
metrics.api.drift.com
munchkin.marketo.net
p.typekit.net
pages.securonix.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.adroll.com
secure.adnxs.com
snap.licdn.com
static.addtoany.com
stats.g.doubleclick.net
use.typekit.net
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.securonix.com
104.17.70.206
13.107.42.14
142.250.186.162
151.101.66.137
162.247.241.14
18.66.112.55
185.89.211.132
192.28.144.124
20.120.65.166
20.234.93.27
2001:4860:4802:34::36
2001:4860:4802:36::178
23.205.237.4
2600:9000:225e:c00:6:9280:1080:93a1
2606:4700:10::6816:46c5
2606:4700:3108::ac42:2b19
2620:1ec:21::14
2620:1ec:27::cafe:1759
2620:1ec:c11::200
2a00:1450:4001:801::2003
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:810::2004
2a00:1450:4001:827::200a
2a00:1450:4001:829::2008
2a00:1450:400c:c0c::9a
2a00:1450:400e:800::200a
2a02:26f0:3500:16::215:1495
2a02:26f0:3500:16::215:149b
2a02:26f0:3500:16::215:14a0
3.232.44.166
50.16.7.188
54.147.21.139
54.72.196.78
96.16.137.162
001220cb68c21db98c0a3dcc0163715cbfd14fbfb0901e4fbf113f7f694bf715
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
031d80ef7e88e01ae16a5e2e59ce168bc31fec81be6aa8ac388d7213d37c3da5
05fd3f7ca9e58167b3322b6b18b6558c169422c0b04710d9d05c12181d51fca2
0c32078838463fe8175345deab44bf7659faf054f9e51b066b866b66ee1eabbc
134c3842a07e834d961c98923d97523d1dc8a06ede956172ddc949f626ed47b6
14a3921ddf5cdc373e9bbd88590bd4ed17cf65a4d5fb14169486227f6bd3e41c
19473eebfb0672867a4438e2a015de79fded34b9f5ae5598bade57eb01cf0563
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
20804ff5ee452d138617f9efdc826981160f9040dafcdd1fb7c9978ab999d54c
22529609ad54b33ee1695008d3daa6e35f133849c49ee00d7e9bc02eb0dd9a56
25b37599de11a7f96f7b2330dd7e0dc57516669f1b8e8aa6e77ebc47206f90e2
2ca9d8cbfe9c3a6118e3fdbdf356e2772836c45d8c8402eeb68498dfb6c438cd
30153b15b4cb898c421e657f6de21dc27435cb990e7888367bdee12e06398da7
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
32626949417e1e5f0a910740e6d8dce52bc42f2808aa774007c13d70947b0b0c
3342caca9bd339f32f1265167077f480be638202c9a7e271adda0818dfdae714
39aa671013c2af0bf0046fe10ae6ec6fb66295ea5cf95f107808f575a85d824f
3a484da0ec050bccd6034a00ee39c4919c49ca749d0510f934a9ff5a07251a6c
3b3b71c71974d1254250a2c3f5fc59fb228a49e7d3a9a9cf0d7e3dfd111cdf39
3cab90ff5e90baef068351689b53ae8b3a03762f8e8d52460a729de7ed4fa43d
41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea
41ffe9422818faa1f1a0723e9e18982b31b1fe71e13615102dc43a004f3bcc51
464b561ee00c86db1cddb80f2c9d6febbc2c1aa95f422fa73a4fb8ef7d5d5028
46959f0ff8db28a2e76b7bcd57953ead9ec578260c21cad5c5354a46f7890cf7
4982c043d136b44ffd3b29577370647c1b87d481090eb0632222e5902e4cd8e3
4ca130786a2d2531241f8b8c7aaad6a4e27271f51b417b9c23f51bfb0c65c080
4e423ac1ac4da8d9d40da38fd2e532138980aa88315bdef2de61c807d304a8e1
4eda4b5575532ad6a713d3d9bbcde581c519d9b8d0202363925ddc80049eed6d
5037b0e817c4f08c1dc6bf38fa3e6611f8fc3fc3646b79c069a78270101c4a02
50679e0e3933c945348a2db0cc128bb14b57a60a74fabf8cae13acc14efbb2e1
5434fd9068146a682f25a9d92e08f9fba70d18145d1b1aa6f8dc0aee3b23bca2
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
58415d97eb0b5745ccfa6e5e2f996581ec39f6c4af80627d3dd3c06bc5977ca6
58fb907b1dae335e344d5701d74c333a4a4792f9c7a83789e02f02089d199168
59a73ec19a6bedd8415c972674adc1f24a9b785ebbe28b6b49b571c02ba227f7
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5dbaf0a4ff0f8ac8c1b67550eee84390b089604ffaf71183e417636c7e183ac5
5e2d296664123aed1106464a611ef20234a6eed68d82ed5b1afd66660b185c59
6c93a2e253cf1b83c4549ee38234134aa07f3b0293815375c49c9d4576986db1
6f973e7d75a7e6f6e59708f19631c8890034db5debb4d04f189deb53c114e708
70feedeaddf39777b9cd59729d5a595f7b1e63c2b9a588dde118dd52e7816c1b
713e7e24f3bf8c7b706c0d24b249287eb70165b0288152093d67ebede3e11259
7186667a162c9e21b7932996c559c2a4451b1460ce4330f81abcd487c094f906
71e905aff9bad1d3b5a783336fcdd013cc97beb8985e4cd2cf7d195925a48211
72a2177b6bc91437be1155d80ed03bdc6c87661f0816cd0805b43011bcc86894
7852a22b72ead62cfc4a1b1ca32874b3e222f232a991a6d1432313572f534135
78c1118165ba1620bd91cc6f96c1cd99fa9469a9382f73f313c8e556d0fdaa9d
7e6f3eacf6af919ace45f10e39eda3e72143e0f57aad29590a6d37d5ddd0292f
7fe9c49bb2fa7df0e7f30f29e2cf5dc5856a6a94e24020cd71b15806418e2509
80b41604ed76eb37787a40ba315a3af3a5c83b3bce68e39037deb9202582abc8
814189be4de21d42597f62ffcc0ee1d28b6326d795bbad2e922952cad4dabab1
81e6b4ec22135fd2056e29456e32539e21876266ab0bf8438b87117f70c0f827
822d9f63010492e9e3ef4764f0747a97a5e75aa4d6e6010ad6d858c6728c44fb
841ec96a41283cf23db2d69fe67d9beee3e9b222bccfe81ecf6edefc78e92151
84ab83a5ddc3b0d7f10f7d165e3e334de42ad254a1a84ab89b7cfba1e3b131b6
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8534026f857e6cae6d883e0b91a3c4153990d691cc0298b47fee02adc5e58779
862bae5c822d87db86d0b893f474177ca1d9a51309354f12cc0ab85cd9bd9cf7
8683eb483faa2ba096b88b51024bee89996afc3d535851c25c0f3048c6ce1fc3
876d023d9d10c97941b80c3b03e2a5b94631ff7a4af9cee5604a6a2d39718d84
8843d0dae7daa6e3bdf06e07ffb65e5b5240268203496f5946dcdda9cc0c290d
892653ffaf678d6b6a7767c6e9036034c22fdb455d8b10b72f04750110a9b2a7
8bafd70b875a4328d6ac081d194f9662da21024454676cf166858d14116df322
8bb17588588e451bb21fd562f0509ea828c4033480d8d9266e75cebb64a5e61a
8d5ff2a1d9f900e4bf1305f6d3af56a666d7afcb9809bb957e1d89f5d1d5c788
8f060e210fa92b0bce82108a417cbf3f4f0ded2dc69a8b293db44da9f4b24c23
8f9e80f2512a9b40a734ff2d4e6a25f31cd87260e5a89b913ac61f5fa52f2291
91144fbcc0e3f609b021e362ec29d2a9b58f15e840f229eb99ea2c04d927882b
91237b0683343578e5a79f207e010b301013b68f33f75167553bc35f8611cc5f
9181a03603cfaf01c933ac067555d138f639b0690298048063c443e6752c310e
91c379a7d8ec04aeeb162ea6d8069ad9fe872cec0d8a56f8861b02c494a6e0f2
9238095f73e45d738bd780ad54050c981590042570eb974b29b4eb17aa270d20
96d6f4baf65d80e00b55cef3e5c8ba182ec64304b29859f098caf787d88405ef
97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9df0c15923f76778de529c7e5131028841cb6891ca460d779c92e499005ee0d0
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1b940e0f3e56645260eb1a8477620213dc239da9fe88c23e8f5eaead8f97e44
a4d1cf1412729a6ebf14ef0c798f0b9c9dc0ecee9e06e912859e4c53380fb33b
ab6f19b1c8929b99d3725f9d7688325dfaa743613fd72cd4dc67ef0ceb50d34b
af7690b10b2e4c40106b8e8ac69c9287176615a9913004666af12c98251d6ec0
b18d121835cf2154f365b4d22c28ee2158878fa79c3f550b603994b75947cd1d
b30169a38c7ecd17eefc119177c0c61337b17a8f1abfd337ac37284d1a04a65b
b3fb9332b030dc33a418be1bcd7282c9052c287fb923bd36295cb3d01db9a861
b57839788686bf37d29f47bbe45ad8258085e3aebf54650ab389c0b515b977e1
b71f76186117ab510aca8eb8208815da837acdd4b29e171c9897993175c28878
b84595cc8461bb6e8376fe94f0dd23d6657172103b03653534089c5992b058a1
b8eef39219651c2e824894e8f8d35742e86021c1a556136fb6ffc5e1169bccbd
b91234b576455d66e12dd661a2539eb2418a831078ecef9ebc7f4bbd4e580d9c
ba711f4ae1f09fd05735a7b8ec5e0d70d271cf09212431fa192deaed9a324360
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb698b4af30a506bea5e24025b0f742db88461e40a7f9f2f24293ad810bdf842
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c501de88fbb90a445f1754a529bc772e7047071bf653c8c3f0330f7bb736d140
cc08221e904788853f9dbae9e845e8c88e947de904dcd007c0da0c4d18acd1de
d448922e5f8ed3b2a45beeecd2c8667699df8627efa96d61777212459cb75c61
d44eefafcf28bcb6cd3b0645864bdd8ef36f06a5d2390f3cec1b3b026f0ece9a
d455ab882af3a742e6c9680578e6a590681bda99e34847f550f1f41a7d167969
d65de87105aa9fe774e1fb4322529cd2ad2718e7387afb70e51b870cbf23b571
d7c6f02c53af41bf4eab71b1f6f5a6fc7e6e85ae684726c8a94c333d9149a578
da03f140d305f2abdf496bdd3fad9cfed87a237cf09f6a2edcec58bc5a1f044d
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd09e3ba26066abe27c4dad57c8e0c8a63fe23a0bc87e63bcab94f25e9096459
dd7e25fe1547c7102760792d7b920ed5a289aa0224014594f856b5ab396dc0d6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
deb1aa1c2af7a0f084b58e34c78545593305a87b23f9f6e099849c1ace0c9dd6
e3205178d8f4b21ab5dc10a089939e49dd276dea7b5047ef2b494ffea3b93b19
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40b6eae9d66c60b9c750da70da6b2bc5d35c2ae9689cc1e9547e300fac4a3ba
e628ca1e0a961f5ab964cf92ac6e47e1f7a6eb1432cf55c5b0d7b2b9b191aaeb
e830cef6395dcf3b3640b9b67986a48eb98d994e87405c75a0f1846a2a9ad996
ec3a84e593065a50cd77ce9fba273b4196936940c0813ca248b045df2e2c8eff
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f083096f236cb98c87af2abc70707aef6a74bb105074919b0bdc3aeec6964c1d
f08ca65f013a2179c5c78003ce4cc47978c2b8d6d2d9f6521d3b64411ecc68de
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6200e00f9bcf9a324c8c1a046c6bc624ebcaf1379faf13e4d76ae56ea0d1a11
f78f03c76e2d4bc33181242fa874eb1864fd893a0220c67c3c921173ccebaa5f
f7ba7e664816f88dde2f3f9b789e427087a5deb8986f708dd02bcfe1c0d8ff55
f7e66776606a4057cb80e698b60f92e298786496bfb6e3caf506abf0a058db50
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8c91e009d219173c41b4c0b6e43ad28081f7580df6cb99a76aa0a476390ca47
f93483f0aaf24aea4b5534bb8647d22cd9dfcb4d08d2fd1008787bdfb8a6cc47
fbb6162a3febf0d96b3372dd4f325d2ecd9b9c4e2c6d23e2c2b4eeeb3d7ccdb0
fc1371df7c8bb882a40a23f525d33dffe96caa52b99f709834a74761aee168d1
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe62ffc3dd7627c8b0d34b70fe45c7b14dd38c89c66cca13b2e4c71360e42e91

www.securonix.com Open in urlscan Pro 2606:4700:3108::ac42:2b19 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

175 Requests

98 %HTTPS

54 %IPv6

25 Domains

39 Subdomains

35 IPs

5 Countries

2883 kBTransfer

6537 kBSize

33 Cookies

17 Outgoing links

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.securonix.com Open in urlscan Pro
2606:4700:3108::ac42:2b19 Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

98 %
HTTPS

54 %
IPv6

25
Domains

39
Subdomains

35
IPs

5
Countries

2883 kB
Transfer

6537 kB
Size

33
Cookies

175 HTTP transactions
1 data transactions