urlscan.io logo urlscan.io
SecurityTrails logo

www.zerofox.com Open in urlscan Pro
2606:4700::6812:5b1e  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Submission: On August 08 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 28 IPs in 2 countries across 21 domains to perform 111 HTTP transactions. The main IP is 2606:4700::6812:5b1e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.zerofox.com.
TLS certificate: Issued by R11 on July 30th 2024. Valid for: 3 months.
This is the only time www.zerofox.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
41 2606:4700::68... 13335 (CLOUDFLAR...)
4 104.19.148.8 13335 (CLOUDFLAR...)
3 2607:f8b0:400... 15169 (GOOGLE)
6 104.17.71.206 13335 (CLOUDFLAR...)
1 3.133.231.135 16509 (AMAZON-02)
1 52.84.125.20 16509 (AMAZON-02)
1 13.224.214.111 16509 (AMAZON-02)
11 23.33.42.83 20940 (AKAMAI-ASN1)
4 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2600:1408:c40... 20940 (AKAMAI-ASN1)
2 69.192.29.241 16625 (AKAMAI-AS)
4 18.235.189.78 14618 (AMAZON-AES)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 172.217.197.156 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 2620:1ec:50::12 8075 (MICROSOFT...)
1 2600:9000:27a... 16509 (AMAZON-02)
1 192.28.147.68 15224 (OMNITURE)
1 2600:1408:ec0... 20940 (AKAMAI-ASN1)
1 64.233.180.147 15169 (GOOGLE)
2 76.223.9.105 16509 (AMAZON-02)
5 3.132.189.106 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
3 104.18.37.212 13335 (CLOUDFLAR...)
2 104.16.118.43 13335 (CLOUDFLAR...)
111 28
41    2606:4700::6812:5b1e (United States)

ASN13335 (CLOUDFLARENET, US)
www.zerofox.com
4    104.19.148.8 (None, )

ASN13335 (CLOUDFLARENET, US)
script.crazyegg.com
3    2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    104.17.71.206 (None, )

ASN13335 (CLOUDFLARENET, US)
get.zerofox.com
1    3.133.231.135 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-133-231-135.us-east-2.compute.amazonaws.com
tracking.crazyegg.com
1    52.84.125.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-125-20.ord53.r.cloudfront.net
pagestates-tracking.crazyegg.com
1    13.224.214.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-111.phl50.r.cloudfront.net
assets-tracking.crazyegg.com
11    23.33.42.83 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-33-42-83.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
4    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2600:1408:c400:26::17da:d920 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    69.192.29.241 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-29-241.deploy.static.akamaitechnologies.com
munchkin.marketo.net
4    18.235.189.78 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-189-78.compute-1.amazonaws.com
tags.srv.stackadapt.com
2    2606:4700::6812:1eb0 (United States)

ASN13335 (CLOUDFLARENET, US)
tracking.g2crowd.com
1    172.217.197.156 (United States)

ASN15169 (GOOGLE, US)
PTR: qa-in-f156.1e100.net
googleads.g.doubleclick.net
1    2607:f8b0:4004:c1b::8b (Washington, United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    2607:f8b0:400d:c04::9c (Morganton, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    2620:1ec:50::12 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    2600:9000:27aa:3600:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)
tag.clearbitscripts.com
1    192.28.147.68 (United States)

ASN15224 (OMNITURE, US)
143-dhv-007.mktoresp.com
1    2600:1408:ec00:2e::1735:ba7 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
1    64.233.180.147 (United States)

ASN15169 (GOOGLE, US)
PTR: on-in-f147.1e100.net
www.google.com
2    76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com
epsilon.6sense.com
5    3.132.189.106 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-132-189-106.us-east-2.compute.amazonaws.com
x.clearbitjs.com
app.clearbit.com
2    2607:f8b0:400d:c00::8a (Morganton, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    104.18.37.212 (None, )

ASN13335 (CLOUDFLARENET, US)
js.zi-scripts.com
2    104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
Apex Domain
Subdomains		 Transfer
47 zerofox.com
www.zerofox.com
get.zerofox.com
752 KB
12 6sc.co
j.6sc.co — Cisco Umbrella Rank: 12402
c.6sc.co — Cisco Umbrella Rank: 16017
ipv6.6sc.co — Cisco Umbrella Rank: 12823
b.6sc.co — Cisco Umbrella Rank: 6896
23 KB
7 crazyegg.com
script.crazyegg.com — Cisco Umbrella Rank: 4547
tracking.crazyegg.com — Cisco Umbrella Rank: 8138
pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 9978
assets-tracking.crazyegg.com — Cisco Umbrella Rank: 9638
41 KB
4 clearbitjs.com
x.clearbitjs.com — Cisco Umbrella Rank: 44158
55 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 669
px4.ads.linkedin.com — Cisco Umbrella Rank: 7330
2 KB
4 stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 4688
10 KB
4 bing.com
bat.bing.com — Cisco Umbrella Rank: 534
15 KB
3 zi-scripts.com
js.zi-scripts.com — Cisco Umbrella Rank: 15834
4 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
297 KB
2 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 10891
2 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 18992
712 B
2 google.com
analytics.google.com — Cisco Umbrella Rank: 238
www.google.com — Cisco Umbrella Rank: 10
64 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
2 KB
2 g2crowd.com
tracking.g2crowd.com — Cisco Umbrella Rank: 19182
2 KB
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 8471
6 KB
1 clearbit.com
reveal.clearbit.com Failed
app.clearbit.com — Cisco Umbrella Rank: 46721
1 KB
1 mktoresp.com
143-dhv-007.mktoresp.com
318 B
1 clearbitscripts.com
tag.clearbitscripts.com — Cisco Umbrella Rank: 38565
2 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1884
14 KB
0 google.ca Failed
www.google.ca Failed
111 21
Domain Requested by
41 www.zerofox.com www.zerofox.com
8 b.6sc.co www.zerofox.com
6 get.zerofox.com www.zerofox.com
get.zerofox.com
4 x.clearbitjs.com tag.clearbitscripts.com
x.clearbitjs.com
4 tags.srv.stackadapt.com www.zerofox.com
tags.srv.stackadapt.com
4 bat.bing.com www.googletagmanager.com
bat.bing.com
www.zerofox.com
4 script.crazyegg.com www.zerofox.com
script.crazyegg.com
3 js.zi-scripts.com www.zerofox.com
js.zi-scripts.com
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 www.googletagmanager.com www.zerofox.com
www.googletagmanager.com
2 ws.zoominfo.com js.zi-scripts.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 epsilon.6sense.com j.6sc.co
2 tracking.g2crowd.com www.zerofox.com
tracking.g2crowd.com
2 munchkin.marketo.net www.zerofox.com
munchkin.marketo.net
2 j.6sc.co www.googletagmanager.com
j.6sc.co
1 app.clearbit.com x.clearbitjs.com
1 www.google.com www.zerofox.com
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 143-dhv-007.mktoresp.com munchkin.marketo.net
1 tag.clearbitscripts.com www.zerofox.com
1 px4.ads.linkedin.com www.zerofox.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 assets-tracking.crazyegg.com script.crazyegg.com
1 pagestates-tracking.crazyegg.com script.crazyegg.com
1 tracking.crazyegg.com script.crazyegg.com
0 reveal.clearbit.com Failed tag.clearbitscripts.com
0 www.google.ca Failed www.zerofox.com
111 32
Subject Issuer Validity Valid
www.zerofox.com
R11		 2024-07-30 -
2024-10-28		 3 months crt.sh
script.crazyegg.com
Cloudflare Inc ECC CA-3		 2024-08-02 -
2024-12-31		 5 months crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
get.zerofox.com
Cloudflare Inc ECC CA-3		 2024-02-02 -
2024-12-31		 a year crt.sh
crazyegg.com
Amazon RSA 2048 M02		 2024-06-30 -
2025-07-30		 a year crt.sh
6sc.co
R11		 2024-07-03 -
2024-10-01		 3 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-19 -
2024-12-16		 6 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-08 -
2024-12-11		 a year crt.sh
*.srv.stackadapt.com
Amazon RSA 2048 M03		 2023-09-09 -
2024-10-07		 a year crt.sh
g2crowd.com
WE1		 2024-06-23 -
2024-09-21		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-07-01 -
2025-01-01		 6 months crt.sh
clearbitscripts.com
Amazon RSA 2048 M03		 2024-05-11 -
2025-06-08		 a year crt.sh
*.mktoresp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-07 -
2024-10-07		 a year crt.sh
*.6sense.com
Amazon RSA 2048 M03		 2024-04-23 -
2025-05-22		 a year crt.sh
clearbitjs.com
Amazon RSA 2048 M02		 2023-09-18 -
2024-10-17		 a year crt.sh
clearbit.com
Amazon RSA 2048 M01		 2023-09-18 -
2024-10-17		 a year crt.sh
zi-scripts.com
WE1		 2024-07-25 -
2024-10-23		 3 months crt.sh
zoominfo.com
E5		 2024-07-18 -
2024-10-16		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Frame ID: E9F1A1F6F631B264CA142913A87DB72F
Requests: 106 HTTP requests in this frame

Frame: https://get.zerofox.com/index.php/form/XDFrame
Frame ID: 8EAC47022CDC73A472F2206EDBE33D62
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Raccoon Stealer Pivots Towards Self-Protection | ZeroFox

Detected technologies

Overall confidence: 100%
Detected patterns
  • script\.crazyegg\.com/pages/scripts/\d+/\d+\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Page Statistics

111
Requests

94 %
HTTPS

44 %
IPv6

21
Domains

32
Subdomains

28
IPs

2
Countries

1248 kB
Transfer

3625 kB
Size

41
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=984946&time=1723125893159&li_adsId=e7dca08a-5bee-4421-9fd7-7adf62773cdd&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=984946&time=1723125893159&li_adsId=e7dca08a-5bee-4421-9fd7-7adf62773cdd&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&e_ipv6=AQL9TYSXuET8xwAAAZEyToiOhnLq5n7mnb0u1-ohwsE9-XzjPFYOku2tq3SEYB3sjY8unD76

111 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/ 		129 KB
24 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d32be205bad5e2c94710ccb9d302ea4230e1f51886d452376e34c22b2569db53
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
access-control-allow-origin
*
age
78784
cache-control
public, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8b000eda5bdfa2b0-YUL
content-encoding
gzip
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Thu, 08 Aug 2024 14:04:52 GMT
referrer-policy
origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-matched-path
/blog/[slug]
x-vercel-cache
HIT
x-vercel-id
iad1::iad1::qmdlk-1723125892268-969be0e2c62f
x-xss-protection
1; mode=block
/
www.zerofox.com/_next/image/ 		69 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zerofox.com/_next/image/?url=https%3A%2F%2Fzerofox.wpenginepowered.com%2Fwp-content%2Fuploads%2F2021%2F09%2FiStock-1125274914.jpg&w=1920&q=75
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57b653bfcc3e62202d18258cbf763e742cf63772280a22b4aada844d0661c4cf
Security Headers
Name Value
Content-Security-Policy script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-security-policy
script-src 'none'; frame-src 'none'; sandbox;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
age
0
x-vercel-imgsrc
f8d43aac3e93f18b3a5c5e0abe5533c2
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename="iStock-1125274914.avif"
content-length
70433
last-modified
Thu, 08 Aug 2024 14:04:53 GMT
x-vercel-id
iad1::dqxtc-1723125892434-f5e91364acee
server
cloudflare
x-vercel-cache
MISS
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8b000edb9cfda2b0-YUL
4c285fdca692ea22-s.p.woff2
www.zerofox.com/_next/static/media/ 		8 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/media/4c285fdca692ea22-s.p.woff2
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
643e38d8c288a1da34a14a68a5012441929108d50054414ce8cc33fad36a2354
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Origin
https://www.zerofox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
432003
content-disposition
inline; filename="4c285fdca692ea22-s.p.woff2"
content-length
7844
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
x-vercel-id
lhr1::4wths-1720649785997-712206abfedf
server
cloudflare
x-matched-path
/_next/static/media/4c285fdca692ea22-s.p.woff2
etag
"42d3308e3aca8742731f63154187bdd7"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
8b000edb9cfea2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
eafabf029ad39a43-s.p.woff2
www.zerofox.com/_next/static/media/ 		8 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/media/eafabf029ad39a43-s.p.woff2
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dc5d0c52428fe1696264907a1054ebbaac07f8cbe45832c105f819c2ae397c0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Origin
https://www.zerofox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
503643
content-disposition
inline; filename="eafabf029ad39a43-s.p.woff2"
content-length
7900
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
x-vercel-id
lhr1::7fmgh-1711640580037-a4f886501937
server
cloudflare
x-matched-path
/_next/static/media/eafabf029ad39a43-s.p.woff2
etag
"43751174b6b810eb169101a20d8c26f8"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
8b000edb9d01a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
0484562807a97172-s.p.woff2
www.zerofox.com/_next/static/media/ 		8 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/media/0484562807a97172-s.p.woff2
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
872e862918591a9e824dc03ed92f05729435ffbb8ebbb10eff7eda26592b1798
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Origin
https://www.zerofox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
503643
content-disposition
inline; filename="0484562807a97172-s.p.woff2"
content-length
7992
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
x-vercel-id
lhr1::pm975-1711640580172-6767f4c71ad7
server
cloudflare
x-matched-path
/_next/static/media/0484562807a97172-s.p.woff2
etag
"b550bca8934bd86812d1f5e28c9cc1de"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
8b000edb9d02a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
b957ea75a84b6ea7-s.p.woff2
www.zerofox.com/_next/static/media/ 		8 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/media/b957ea75a84b6ea7-s.p.woff2
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
197a3cbd7290c242c5c765268cdd69a9a39867fdc80cd13071f243a81c56fb76
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Origin
https://www.zerofox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
432001
content-disposition
inline; filename="b957ea75a84b6ea7-s.p.woff2"
content-length
7848
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
x-vercel-id
lhr1::cft7x-1711640580183-9e4b5b61c9c7
server
cloudflare
x-matched-path
/_next/static/media/b957ea75a84b6ea7-s.p.woff2
etag
"0bd523f6049956faaf43c254a719d06a"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
8b000edb9d05a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
7db6c35d839a711c-s.p.woff2
www.zerofox.com/_next/static/media/ 		8 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/media/7db6c35d839a711c-s.p.woff2
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ef5511d8e7b39ae3f98ffed14d6071d7914e0c145fee5a79bb43aa962ff0fc4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Origin
https://www.zerofox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
432000
content-disposition
inline; filename="7db6c35d839a711c-s.p.woff2"
content-length
7816
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
x-vercel-id
lhr1::rwt5m-1711640580181-71b853ac41c4
server
cloudflare
x-matched-path
/_next/static/media/7db6c35d839a711c-s.p.woff2
etag
"de2b6fe4e663c0669007e5b501c2026b"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
8b000edb9d07a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
022ebbe73116463d-s.p.woff2
www.zerofox.com/_next/static/media/ 		22 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/media/022ebbe73116463d-s.p.woff2
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2523def9c3de971497cca0347f55c7b1e012e636b93ae7d7d0e660b769f40d4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Origin
https://www.zerofox.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
806208
content-disposition
inline; filename="022ebbe73116463d-s.p.woff2"
content-length
22732
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
x-vercel-id
lhr1::dh9jl-1710831734990-048d56c3e05e
server
cloudflare
x-matched-path
/_next/static/media/022ebbe73116463d-s.p.woff2
etag
"b902d4bc8ed7c267c0a36d32f6460256"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
8b000edb9d0ba2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
85e177daeafa7c19.css
www.zerofox.com/_next/static/css/ 		117 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/css/85e177daeafa7c19.css
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2712b58e77913aaf1048c3d89fd3107a282a7b93fcfe6524c0354d3b15f99594
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
175457
cf-polished
status=cannot_optimize
content-encoding
gzip
content-disposition
inline; filename="85e177daeafa7c19.css"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::qgxnp-1722883551865-8722b719db63
server
cloudflare
x-matched-path
/_next/static/css/85e177daeafa7c19.css
etag
W/"b96706ef1eb88ccbe04965a471fc77dc"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edb9d03a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
14b9d8447577c126.css
www.zerofox.com/_next/static/css/ 		13 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/css/14b9d8447577c126.css
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dbf7035c4646b59e592ec0e2d953454c669b688c79945f125140ec1f181bcf56
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
431958
cf-polished
origSize=13017
content-encoding
gzip
content-disposition
inline; filename="14b9d8447577c126.css"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::pm7s4-1720044783881-8830dda4f7c1
server
cloudflare
x-matched-path
/_next/static/css/14b9d8447577c126.css
etag
W/"fbbf085963d29ee347ab6b13a91e358c"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edb9d04a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
7038.js
script.crazyegg.com/pages/scripts/0124/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/scripts/0124/7038.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9131f189a142af551381ebe50e83789c66e2eebe08b59f31739ec49bf8f8d2c

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-encoding
gzip
cf-cache-status
HIT
age
8016
cf-polished
origSize=6998
ce-version
11.5.253
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Thu, 08 Aug 2024 07:31:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
8b000edc3a667117-YYZ
webpack-fbec0eefec7af835.js
www.zerofox.com/_next/static/chunks/ 		6 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/webpack-fbec0eefec7af835.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
007a09c375d2835e02188150e53c07ecb502c1dc0eedd964950877827889b1d3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
80026
content-encoding
gzip
content-disposition
inline; filename="webpack-fbec0eefec7af835.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::r2j7g-1723044060259-6d91462f2f8b
server
cloudflare
x-matched-path
/_next/static/chunks/webpack-fbec0eefec7af835.js
etag
W/"61d8b5017af96fdb566c805d5b28f8ce"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd2aa2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
framework-0995a3e8436ddc4f.js
www.zerofox.com/_next/static/chunks/ 		137 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/framework-0995a3e8436ddc4f.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
580de6ef0908bcea077dd15595c66e6f6fb8c10c7ddd679a75132ac178b2f6cb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
503643
cf-polished
origSize=140943
content-encoding
gzip
content-disposition
inline; filename="framework-0995a3e8436ddc4f.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::pzr5v-1718180692590-089ff29c1995
server
cloudflare
x-matched-path
/_next/static/chunks/framework-0995a3e8436ddc4f.js
etag
W/"dc9a3191851f37ad4296589c6158ac35"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd2da2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
main-5ab15c02aad1f9cc.js
www.zerofox.com/_next/static/chunks/ 		107 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/main-5ab15c02aad1f9cc.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8476cde998911b9e440ea14007c8ab0a7cfc96afdc4827a7c7d0bf278ad73441
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
517006
cf-polished
origSize=109838
content-encoding
gzip
content-disposition
inline; filename="main-5ab15c02aad1f9cc.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::kqxbm-1722264342335-e175d846b805
server
cloudflare
x-matched-path
/_next/static/chunks/main-5ab15c02aad1f9cc.js
etag
W/"77b2a975d9f0245588b90ac880a88ad3"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd2fa2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
_app-5ac60f3d2a46bf44.js
www.zerofox.com/_next/static/chunks/pages/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/pages/_app-5ac60f3d2a46bf44.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c4baf0e0ce800e940449e1ecde98b3592286536ee6e421668fb200405c530fed
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
503643
cf-polished
origSize=23510
content-encoding
gzip
content-disposition
inline; filename="_app-5ac60f3d2a46bf44.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::5frzp-1722264342359-d3fca132ff34
server
cloudflare
x-matched-path
/_next/static/chunks/pages/_app-5ac60f3d2a46bf44.js
etag
W/"da40d16d18432836a7898b3eaca113af"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd31a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
94726e6d-8d34670dde5bf6f5.js
www.zerofox.com/_next/static/chunks/ 		51 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/94726e6d-8d34670dde5bf6f5.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9190d54a7844a7d6096425850304b69afb1aeb3bb68fb289b9037066508a62
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
806207
cf-polished
origSize=51949
content-encoding
gzip
content-disposition
inline; filename="94726e6d-8d34670dde5bf6f5.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::bkh2k-1719655253959-780f7ffb5c30
server
cloudflare
x-matched-path
/_next/static/chunks/94726e6d-8d34670dde5bf6f5.js
etag
W/"917f925491d12f96c4a0791e8ab55290"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd32a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
5675-9237e15a4c24296e.js
www.zerofox.com/_next/static/chunks/ 		9 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/5675-9237e15a4c24296e.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
95fb3fb157c62ee3bd6f517d9190e66ad391bb990c4a33d87bdd2b08a6eec582
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
431993
content-encoding
gzip
content-disposition
inline; filename="5675-9237e15a4c24296e.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::c58wp-1722264342324-08a273606783
server
cloudflare
x-matched-path
/_next/static/chunks/5675-9237e15a4c24296e.js
etag
W/"f8b614a6487b7210e5c357e178b53a13"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd35a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
1876-d28ece1bab41db3d.js
www.zerofox.com/_next/static/chunks/ 		22 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/1876-d28ece1bab41db3d.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
831f73d6f7ea04151bd7e93c98939c546b6f1fdadf394c7cf8811e20b322329e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://zerofox.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://zerofox.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://zerofox.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors 'none'; frame-src 'self' http://*.zerofox.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://zerofox.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
503643
cf-polished
origSize=22860
content-encoding
gzip
content-disposition
inline; filename="1876-d28ece1bab41db3d.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::llhnl-1710782598487-1dbc952f0fd8
server
cloudflare
x-matched-path
/_next/static/chunks/1876-d28ece1bab41db3d.js
etag
W/"f7cf698b185d99912201fb83f77a6fb1"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd36a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
9225-694b3df05dbf6a79.js
www.zerofox.com/_next/static/chunks/ 		9 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/9225-694b3df05dbf6a79.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6f95a43203115e46ccc71a4038ba46a90d2a401b0a13fc58bddbb495998de23
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
517006
cf-polished
origSize=9582
content-encoding
gzip
content-disposition
inline; filename="9225-694b3df05dbf6a79.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::grdhn-1715871937614-72f11c1a8584
server
cloudflare
x-matched-path
/_next/static/chunks/9225-694b3df05dbf6a79.js
etag
W/"75f4ab7203b644f3ace5f42fe959fac3"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd38a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
6043-6d4cf6dc9442e009.js
www.zerofox.com/_next/static/chunks/ 		26 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/6043-6d4cf6dc9442e009.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3085598c30d834918b38b90ff1d1d8c220020ddfe4b1518a0ee06e7fa764e8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
246462
cf-polished
origSize=26821
content-encoding
gzip
content-disposition
inline; filename="6043-6d4cf6dc9442e009.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::skrjb-1722876202161-a6fdee9e234d
server
cloudflare
x-matched-path
/_next/static/chunks/6043-6d4cf6dc9442e009.js
etag
W/"4af5328ef66ce43f4d193ecf2fa336c1"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd39a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
4715-0438bb512ddf2fac.js
www.zerofox.com/_next/static/chunks/ 		19 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/4715-0438bb512ddf2fac.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e048a7960ff87f873ec8daa98d408d984c7faa2b40b6ce7fe119b1a05a1e7c4b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
431954
cf-polished
origSize=19739
content-encoding
gzip
content-disposition
inline; filename="4715-0438bb512ddf2fac.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::j6fsd-1716215800973-1ec43ee16654
server
cloudflare
x-matched-path
/_next/static/chunks/4715-0438bb512ddf2fac.js
etag
W/"95caf8d23c15953d58ba041079dd1fb7"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd3aa2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
6583-f383c54719e06d6d.js
www.zerofox.com/_next/static/chunks/ 		19 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/6583-f383c54719e06d6d.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
248c55ea10fc98b7f7e8ba262579323d67c8d21f8bbf21d7fcc42d799c990d8a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
246462
cf-polished
origSize=19273
content-encoding
gzip
content-disposition
inline; filename="6583-f383c54719e06d6d.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::n49t4-1722876202231-e413e97f9c99
server
cloudflare
x-matched-path
/_next/static/chunks/6583-f383c54719e06d6d.js
etag
W/"67164a4bad1961576c5cfeda096962d4"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd3ca2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
7536-5abdf212690572cb.js
www.zerofox.com/_next/static/chunks/ 		20 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/7536-5abdf212690572cb.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b218b51c147227b6d25d503a5cfdc5ab51ba9f65ed296e37200c9b556318940
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
101899
content-encoding
gzip
content-disposition
inline; filename="7536-5abdf212690572cb.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::gfswn-1716374875464-b523063c2e5a
server
cloudflare
x-matched-path
/_next/static/chunks/7536-5abdf212690572cb.js
etag
W/"3541c820ff07c7af960572414b818baf"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd3da2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
4298-b5d9bd3a01fa9a3d.js
www.zerofox.com/_next/static/chunks/ 		15 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/4298-b5d9bd3a01fa9a3d.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5eaa623aebf9c7f85b9b53ceedd21be76be4c0f409e02a264c282b69bda5a75
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
431991
content-encoding
gzip
content-disposition
inline; filename="4298-b5d9bd3a01fa9a3d.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::bjr52-1720040360365-d7c2d8544302
server
cloudflare
x-matched-path
/_next/static/chunks/4298-b5d9bd3a01fa9a3d.js
etag
W/"ad390b914378b1355edb50f25808f40b"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd3fa2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
6546-3117af5b92c2eb95.js
www.zerofox.com/_next/static/chunks/ 		42 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/6546-3117af5b92c2eb95.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43b859d8f1615978b75fd65a14a045f2eab04830702da9e9242ddf2f1c5f2e15
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
503643
cf-polished
origSize=42549
content-encoding
gzip
content-disposition
inline; filename="6546-3117af5b92c2eb95.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::6lh27-1720049948677-7e0ecf8485bd
server
cloudflare
x-matched-path
/_next/static/chunks/6546-3117af5b92c2eb95.js
etag
W/"e39298b9be9fa33033329641ac5938a9"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd40a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
2820-1f5f6ad8563bbfcf.js
www.zerofox.com/_next/static/chunks/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/2820-1f5f6ad8563bbfcf.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d06ccc404347dc1741de3fac46256509e029509528ad290ee67090a07a05778c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
503643
cf-polished
origSize=22083
content-encoding
gzip
content-disposition
inline; filename="2820-1f5f6ad8563bbfcf.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::db978-1716407270307-ac6de0c05fb0
server
cloudflare
x-matched-path
/_next/static/chunks/2820-1f5f6ad8563bbfcf.js
etag
W/"8a02d839dc8fd9bce61455384139bcb2"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd42a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
2337-a9d85d535da80d84.js
www.zerofox.com/_next/static/chunks/ 		298 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/2337-a9d85d535da80d84.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4613ebafeed891708837c1e8e7d68e3689f73b6d84170cd796362a1a75f357e2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
806207
cf-polished
origSize=305134
content-encoding
gzip
content-disposition
inline; filename="2337-a9d85d535da80d84.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::m5cp8-1717784808235-20979d358eec
server
cloudflare
x-matched-path
/_next/static/chunks/2337-a9d85d535da80d84.js
etag
W/"5674494ad1876004cc0aaa2576689ff9"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd43a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
1561-7922a17a3bb6b099.js
www.zerofox.com/_next/static/chunks/ 		21 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/1561-7922a17a3bb6b099.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0942f9a38de1ed9804ad48231d90f354e6c311b551eee9f059b8f4654fce4d1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
400734
content-encoding
gzip
content-disposition
inline; filename="1561-7922a17a3bb6b099.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::dr79f-1716215805364-b113bcc7289f
server
cloudflare
x-matched-path
/_next/static/chunks/1561-7922a17a3bb6b099.js
etag
W/"97bbacc59a4e606a47a71cde449f63fd"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd44a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
4537-ff2962663a0d6fd3.js
www.zerofox.com/_next/static/chunks/ 		58 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/4537-ff2962663a0d6fd3.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e45196499cb309704bdf623f71fe3ee3019f9b0081e054a05b6cd8a84e1b67a5
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
517006
content-encoding
gzip
content-disposition
inline; filename="4537-ff2962663a0d6fd3.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::jmxdd-1722007335537-6c7da91b1eba
server
cloudflare
x-matched-path
/_next/static/chunks/4537-ff2962663a0d6fd3.js
etag
W/"3341a27f29ae67fb02482126ddf3d5ab"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd45a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
5490-40ef37e2cb445ad6.js
www.zerofox.com/_next/static/chunks/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/5490-40ef37e2cb445ad6.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a88e74a42ae6b61811386cd56db83e513dfdaef89cc90cc00940867cd84ddb7a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
431949
content-encoding
gzip
content-disposition
inline; filename="5490-40ef37e2cb445ad6.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::fsl7z-1717529976932-e45fc4343227
server
cloudflare
x-matched-path
/_next/static/chunks/5490-40ef37e2cb445ad6.js
etag
W/"2bbddbb393259422ae65f9f89bf6cefc"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd46a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
3034-2fe957a920f8b3a0.js
www.zerofox.com/_next/static/chunks/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/3034-2fe957a920f8b3a0.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c194757e6deb5962019f36aa87860d6ce25ee222ad5ff23252e90a92592f6cc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://*.hotjar.com https://content.hotjar.io https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com wss://ws.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com/; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
517007
content-encoding
gzip
content-disposition
inline; filename="3034-2fe957a920f8b3a0.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::kp4n2-1717468662256-9b68a8fbb9d8
server
cloudflare
x-matched-path
/_next/static/chunks/3034-2fe957a920f8b3a0.js
etag
W/"64e3a5bb8661c7d97170347d77bf3d94"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbcd47a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
9018-1528b0ea97ed754d.js
www.zerofox.com/_next/static/chunks/ 		15 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/9018-1528b0ea97ed754d.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7f7696ac425fec01de8b7bab640af28b7667f9003a7d61e1878e42c33008017
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
246462
content-encoding
gzip
content-disposition
inline; filename="9018-1528b0ea97ed754d.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::ck4tw-1722876202167-56e88725bd3a
server
cloudflare
x-matched-path
/_next/static/chunks/9018-1528b0ea97ed754d.js
etag
W/"114dffb4ae62702da91f9d008f10db09"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbdd54a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
2188-dc97186e660b3730.js
www.zerofox.com/_next/static/chunks/ 		9 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/2188-dc97186e660b3730.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbfc8ffc157a7e1c0f191da7ac46ae170b096157fcbfe4e6a75eac65b8f87a6d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
806207
content-encoding
gzip
content-disposition
inline; filename="2188-dc97186e660b3730.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::vs2zh-1721248096129-33f303093b62
server
cloudflare
x-matched-path
/_next/static/chunks/2188-dc97186e660b3730.js
etag
W/"9951227c186959d9a030198f3e29a574"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbdd57a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
2150-4de94e654fdf0e11.js
www.zerofox.com/_next/static/chunks/ 		315 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/2150-4de94e654fdf0e11.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cf78e0a623aef91a384adb7be5476b61ffc05cfb0ae1d62e6899887cd037e8b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
165337
content-encoding
gzip
content-disposition
inline; filename="2150-4de94e654fdf0e11.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::55tjr-1722888734036-ba502f0c40fb
server
cloudflare
x-matched-path
/_next/static/chunks/2150-4de94e654fdf0e11.js
etag
W/"8ddaf4ec95b6028c24981c5283f05aca"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbdd58a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
%5Bslug%5D-e19ea3f52ede880e.js
www.zerofox.com/_next/static/chunks/pages/blog/ 		13 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/chunks/pages/blog/%5Bslug%5D-e19ea3f52ede880e.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
397340bcc33495b223f15a98cf2f53c9f6112af72bd97180fef9e3031989264e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
514460
content-encoding
gzip
content-disposition
inline; filename="[slug]-e19ea3f52ede880e.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::jt7g2-1721849890014-366506d5f6e7
server
cloudflare
x-matched-path
/_next/static/chunks/pages/blog/%5Bslug%5D-e19ea3f52ede880e.js
etag
W/"6d5cb6e247744f8a71509f4019817a31"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbdd59a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
_buildManifest.js
www.zerofox.com/_next/static/GzFny2vpWIjW_0A2YF922/ 		8 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/GzFny2vpWIjW_0A2YF922/_buildManifest.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e271dfbad921618bb5c5ae7c5106bd3ab3b7a69fd942a3914f17fa48ca7d0be7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
80026
content-encoding
gzip
content-disposition
inline; filename="_buildManifest.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::k6rx2-1723044060276-f236423e8c0e
server
cloudflare
x-matched-path
/_next/static/GzFny2vpWIjW_0A2YF922/_buildManifest.js
etag
W/"31585bcfb0a8f9528a248a4026177d71"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbdd5aa2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
_ssgManifest.js
www.zerofox.com/_next/static/GzFny2vpWIjW_0A2YF922/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/_next/static/GzFny2vpWIjW_0A2YF922/_ssgManifest.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
989ddb8b82254790a99310db64b972d315833acb33938f6518e2ccc946570746
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
HIT
age
80026
content-encoding
gzip
content-disposition
inline; filename="_ssgManifest.js"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
cf-bgj
minify
x-vercel-id
lhr1::6fdxr-1723044060259-861582144258
server
cloudflare
x-matched-path
/_next/static/GzFny2vpWIjW_0A2YF922/_ssgManifest.js
etag
W/"8406d069326bb7d4578547853129e728"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edbdd5ba2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Fri, 08 Aug 2025 14:04:52 GMT
email-decode.min.js
www.zerofox.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
849 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
last-modified
Tue, 06 Aug 2024 10:19:48 GMT
server
cloudflare
content-encoding
gzip
etag
W/"66b1f8c4-4d7"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
max-age=172800, public
cf-ray
8b000edb9d0ca2b0-YUL
expires
Sat, 10 Aug 2024 14:04:52 GMT
zerofox-logo-alt.svg
www.zerofox.com/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zerofox.com/images/zerofox-logo-alt.svg
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79e6e855ee68b89a0479f8e74954fce62134d0861f58a5875295512547093fcf
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
MISS
content-encoding
gzip
content-disposition
inline; filename="zerofox-logo-alt.svg"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
x-vercel-id
lhr1::5n5vs-1723125892585-98279d0b02f8
server
cloudflare
x-matched-path
/images/zerofox-logo-alt.svg
etag
W/"57e938b71ac9077755ac2da694056acf"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=14400
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000edc3da5a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Thu, 08 Aug 2024 18:04:52 GMT
www.zerofox.com.json
script.crazyegg.com/pages/data-scripts/0124/7038/site/ 		8 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0124/7038/site/www.zerofox.com.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0124/7038.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cba4ddb3d4d3d245d365a83793d31a4192a7f030d472125228a751dbf9deac06

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-encoding
gzip
cf-cache-status
HIT
age
8014
ce-version
11.5.253
alt-svc
h3=":443"; ma=86400
content-length
2076
last-modified
Thu, 08 Aug 2024 07:31:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8b000edcb9d536a5-YYZ
a581768cc6db592e3f8c858ea9954cda.js
script.crazyegg.com/pages/versioned/common-scripts/ 		102 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/a581768cc6db592e3f8c858ea9954cda.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0124/7038.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
daede37b98b32b4b1f45a5c8e3a7b5d98f59004fb4b020c6adb79ed750c5a3d8

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 25 Jul 2024 20:08:17 GMT
server
cloudflare
age
68767
cf-polished
origSize=104774
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
timing-allow-origin
*
cf-ray
8b000edd4b0c7117-YYZ
alt-svc
h3=":443"; ma=86400
gtm.js
www.googletagmanager.com/ 		350 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PH3386
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/_next/static/chunks/main-5ab15c02aad1f9cc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ad00d92eaa007e5b45b25fb3b0548dd7be6a02ebcf746d8ed500b27ba04457c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
116161
x-xss-protection
0
last-modified
Thu, 08 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 08 Aug 2024 14:04:52 GMT
/
www.zerofox.com/_next/image/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zerofox.com/_next/image/?url=https%3A%2F%2Fzerofox.wpenginepowered.com%2Fwp-content%2Fuploads%2F2021%2F09%2FRaccoon1.png&w=480&q=75
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bbf6ae7fbaa03305fabeef8f79c6c547f003186535769f550c5d82f020348f0
Security Headers
Name Value
Content-Security-Policy script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-security-policy
script-src 'none'; frame-src 'none'; sandbox;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
age
0
x-vercel-imgsrc
0ec15e6d2ef2ce7e84ad6331e3f4383b
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename="Raccoon1.avif"
content-length
20363
last-modified
Thu, 08 Aug 2024 14:04:53 GMT
x-vercel-id
iad1::4bv6n-1723125892754-be0564174c35
server
cloudflare
x-vercel-cache
MISS
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8b000edd6e93a2b0-YUL
/
www.zerofox.com/_next/image/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.zerofox.com/_next/image/?url=https%3A%2F%2Fzerofox.wpenginepowered.com%2Fwp-content%2Fuploads%2F2021%2F09%2Fblog-raccoon2.png&w=480&q=75
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d860b9dd7c9509738a481b54e6e48a3242f0829a747fd76abca370d00f38d00a
Security Headers
Name Value
Content-Security-Policy script-src 'none'; frame-src 'none'; sandbox;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-security-policy
script-src 'none'; frame-src 'none'; sandbox;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
age
0
x-vercel-imgsrc
61533f96078877a38e9c0a9d910c5f21
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename="blog-raccoon2.avif"
content-length
8377
last-modified
Thu, 08 Aug 2024 14:04:53 GMT
x-vercel-id
iad1::dpf8p-1723125892760-df701b03d37a
server
cloudflare
x-vercel-cache
MISS
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
public, max-age=1800, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8b000edd6e94a2b0-YUL
forms2.min.js
get.zerofox.com/js/forms2/js/ 		199 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.zerofox.com/js/forms2/js/forms2.min.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/_next/static/chunks/9018-1528b0ea97ed754d.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Fri, 19 Jul 2024 20:11:11 GMT
server
cloudflare
etag
"1e1dfc-31b30-61d9f4beb95c0"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
8b000edf788336db-YYZ
expires
Thu, 08 Aug 2024 18:04:53 GMT
www.zerofox.com.json
script.crazyegg.com/pages/data-scripts/0124/7038/sampling/ 		156 B
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0124/7038/sampling/www.zerofox.com.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/a581768cc6db592e3f8c858ea9954cda.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1fc002c7a5c97bd70a2e0901d184c202144c228b93c59c89301e718220d7d2e

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-encoding
gzip
cf-cache-status
HIT
age
8004
ce-version
11.5.253
alt-svc
h3=":443"; ma=86400
content-length
146
last-modified
Thu, 08 Aug 2024 11:51:28 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8b000ede0abc36a5-YYZ
clock
tracking.crazyegg.com/ 		41 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tracking.crazyegg.com/clock?t=1&tk=984259290440bc759499212aa3074890&u=1247038&s=447245&p=%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&v=ff491f6464691e25b67fbdff0e7c306f17ab66b0&f=zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection&ul=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/a581768cc6db592e3f8c858ea9954cda.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.133.231.135 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-133-231-135.us-east-2.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
187afb39b2dca7aa7818be15603affee559394cd4bac735d974315ee6cbeb553

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 08 Aug 2024 14:04:53 GMT
cache-control
no-store
server
awselb/2.0
content-length
41
content-type
text/plain
healthcheck
pagestates-tracking.crazyegg.com/ 		19 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagestates-tracking.crazyegg.com/healthcheck
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/a581768cc6db592e3f8c858ea9954cda.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.84.125.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-84-125-20.ord53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 03 Jul 2024 20:11:24 GMT
via
1.1 f89b43b2ea6221dfbfe8b9962fafb682.cloudfront.net (CloudFront)
x-amz-cf-pop
ORD53-C1
age
3088409
x-cache
Hit from cloudfront
content-length
19
last-modified
Fri, 08 Jul 2022 22:25:51 GMT
server
AmazonS3
etag
"d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age
31536000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
accept-ranges
bytes
x-amz-cf-id
BZ118YBSTaqih43VgDv9I2NRTOF9PzN4zkA_a9KDspzELyYxm-3jTg==
healthcheck
assets-tracking.crazyegg.com/ 		19 B
460 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://assets-tracking.crazyegg.com/healthcheck
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/a581768cc6db592e3f8c858ea9954cda.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.214.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-214-111.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 08:29:04 GMT
via
1.1 cf88880413082302757828626cf7b020.cloudfront.net (CloudFront)
x-amz-cf-pop
PHL50-C1
age
1402549
x-cache
Hit from cloudfront
content-length
19
last-modified
Fri, 08 Jul 2022 22:25:51 GMT
server
AmazonS3
etag
"d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age
31536000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
accept-ranges
bytes
x-amz-cf-id
MSlnyYuj_uUauAeUxs7Ueagu9YThv3RqtQ1F8GQ3ahigCSYv104qIA==
49e98d44-8408-4cbf-ac31-05d62c9a2746
https://www.zerofox.com/ 		45 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.zerofox.com/49e98d44-8408-4cbf-ac31-05d62c9a2746
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length
45
Content-Type
text/javascript
622d5ef1-81f9-49e7-b005-0477a5653ea5.js
j.6sc.co/j/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/j/622d5ef1-81f9-49e7-b005-0477a5653ea5.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PH3386
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
1a65eb4f071db38231b26e035e0e7832b08dd570184960e1ff93ab6dca28f6ff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
JTHUbe1wNqrUr0nOEm9KrlhN8gl5nwAx
content-encoding
gzip
date
Thu, 08 Aug 2024 14:04:53 GMT
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
x-amz-meta-content-type
application/json
content-length
1445
last-modified
Thu, 07 Sep 2023 19:03:23 GMT
server
AmazonS3
etag
"b529c8b2f7e00fedc573cac9171aadeb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=1800
accept-ranges
bytes
x-amz-cf-id
KyegfwbqS3tb41qTYxqa-FhRsPVN558RFPyGKXYRDb6pw_hMBlbosg==
expires
Thu, 08 Aug 2024 14:34:53 GMT
js
www.googletagmanager.com/gtag/ 		292 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-LKLP1CEKVM&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PH3386
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9ea6b766a31475af0b8e3f58afbd4c37a1914c8866e38f19740177f77fec6eff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
100772
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 08 Aug 2024 14:04:52 GMT
bat.js
bat.bing.com/ 		49 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PH3386
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Thu, 08 Aug 2024 14:04:52 GMT
last-modified
Sat, 13 Jul 2024 20:42:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 39C5090CA5184929A9E931FE281EB368 Ref B: YMQ01EDGE0813 Ref C: 2024-08-08T14:04:53Z
etag
"044982565d5da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14183
insight.min.js
snap.licdn.com/li.lms-analytics/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PH3386
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:26::17da:d920 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
cb31bb53eefec5a74b7e7271abd4e97e0735174d7d0b0dec0f2217462573d1f1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 28 Jul 2024 07:35:22 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=53191
accept-ranges
bytes
content-length
14597
destination
www.googletagmanager.com/gtag/ 		239 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-990807316&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PH3386
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ac96aba7a437601360851fc6e37ca80bb7e3bbdb4bb234512c45b642f09f552e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86676
x-xss-protection
0
last-modified
Thu, 08 Aug 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 08 Aug 2024 14:04:52 GMT
munchkin-beta.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin-beta.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.192.29.241 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-29-241.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
aaf173c00687da3d4328c0a1593d764175af1cb6708fa79ca5febcdc5f7de161

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 08 Aug 2024 14:04:53 GMT
Content-Encoding
gzip
Last-Modified
Fri, 03 Feb 2023 02:35:29 GMT
Server
AkamaiNetStorage
ETag
"7ea9bdc17bda32d919638e9e573666e3:1675391729.535053"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
728
events.js
tags.srv.stackadapt.com/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.189.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-189-78.compute-1.amazonaws.com
Software
/
Resource Hash
9cf0c81ac8c0b4f33159aaa71e6d6e654ab4d244596843ccf670b70634d4c1af

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 08 Aug 2024 14:04:53 GMT
cache-control
max-age=5
content-encoding
gzip
content-type
text/javascript
1009848.js
tracking.g2crowd.com/attribution_tracking/conversions/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1009848.js?p=https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/&e=
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
707305b1f7fa8a1b595c972f52053448a76d10eeaf944f3dee03279ba1febc19
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
strict-transport-security
max-age=15552000; includeSubDomains
x-content-type-options
nosniff
content-encoding
br
x-permitted-cross-domain-policies
none
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
content-disposition
inline
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
origin-agent-cluster
?1
cf-ray
8b000edf6caba261-YUL
499cc0a8-853b-4daa-a885-ee92368226c3
https://www.zerofox.com/ 		241 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.zerofox.com/499cc0a8-853b-4daa-a885-ee92368226c3
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d99e207330bc9f7a782020286e14186a6f0dfa740ec07ef0316e3c9663bf94cb

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length
241
Content-Type
text/javascript
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/990807316/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/990807316/?random=1723125893083&cv=11&fst=1723125893083&bg=ffffff&guid=ON&async=1&gtm=45be4851v869621622z872230016za201zb72230016&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&hn=www.googleadservices.com&frm=0&tiba=Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox&npa=0&pscdl=noapi&auid=1444585368.1723125893&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-990807316&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.197.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qa-in-f156.1e100.net
Software
cafe /
Resource Hash
f42bf1bfe97dc7bbe74789757923316be32210ef38b16fe56776a2095c9ba051
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1410
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-LKLP1CEKVM&gtm=45je4851v9100231180z872230016za200zb72230016&_p=1723125892679&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1728776518.1723125893&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723125893&sct=1&seg=0&dl=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&dt=Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1025
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LKLP1CEKVM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zerofox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
245 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-LKLP1CEKVM&cid=1728776518.1723125893&gtm=45je4851v9100231180z872230016za200zb72230016&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-LKLP1CEKVM&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c04::9c Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zerofox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		0
0
27025435.js
bat.bing.com/p/action/ 		334 B
407 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/27025435.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Thu, 08 Aug 2024 14:04:52 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 98ECE6635E0745A0B8E15D7BD4AEB219 Ref B: YMQ01EDGE0813 Ref C: 2024-08-08T14:04:53Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=1800
munchkin.js
munchkin.marketo.net/163/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin-beta.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.192.29.241 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a69-192-29-241.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 08 Aug 2024 14:04:53 GMT
Content-Encoding
gzip
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4741
Expires
Sat, 16 Nov 2024 14:04:53 GMT
sa.css
tags.srv.stackadapt.com/ 		65 B
203 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.189.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-189-78.compute-1.amazonaws.com
Software
/
Resource Hash
629dea3fc8ca3364508e787cddbe7e6a1e0e72071d9ba2ba4539a2c60c8f1dea

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 08 Aug 2024 14:04:53 GMT
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
65
content-type
text/css
sa.jpeg
tags.srv.stackadapt.com/ 		0
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.189.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-189-78.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 08 Aug 2024 14:04:53 GMT
cache-control
only-if-cached, no-transform, private, max-age=7776000
content-length
651
content-type
image/jpeg
attribution_trigger
px.ads.linkedin.com/ 		2 B
816 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=984946&time=1723125893159&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: E525A3BCE2EE41489E61F1BDFE310258 Ref B: YMQ01EDGE0507 Ref C: 2024-08-08T14:04:53Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-ltx1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYfLILFRJzBxDnNvXY9wQ==
x-fs-uuid
00061f2c82c5449cc1c439cdbd763dc1
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=984946&time=1723125893159&li_adsId=e7dca08a-5bee-4421-9fd7-7adf62773cdd&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=984946&time=1723125893159&li_adsId=e7dca08a-5bee-4421-9fd7-7adf62773cdd&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards...
0
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=984946&time=1723125893159&li_adsId=e7dca08a-5bee-4421-9fd7-7adf62773cdd&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&e_ipv6=AQL9TYSXuET8xwAAAZEyToiOhnLq5n7mnb0u1-ohwsE9-XzjPFYOku2tq3SEYB3sjY8unD76
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Server
2620:1ec:50::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 652ECD6F5633452AB4EF3AE912656CB0 Ref B: YMQ01EDGE0321 Ref C: 2024-08-08T14:04:53Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYfLILH8bFyP2KeaqAtqg==

Redirect headers

date
Thu, 08 Aug 2024 14:04:53 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: BB9E9C27890D47C9A4C09FD93EF8A832 Ref B: YMQ01EDGE0414 Ref C: 2024-08-08T14:04:53Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=984946&time=1723125893159&li_adsId=e7dca08a-5bee-4421-9fd7-7adf62773cdd&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&e_ipv6=AQL9TYSXuET8xwAAAZEyToiOhnLq5n7mnb0u1-ohwsE9-XzjPFYOku2tq3SEYB3sjY8unD76
x-li-proto
http/2
content-length
0
x-li-uuid
AAYfLILFUNaN0Ab9b4HhpA==
tags.js
tag.clearbitscripts.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.clearbitscripts.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/tags.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/_next/static/chunks/9018-1528b0ea97ed754d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27aa:3600:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Clearbit /
Resource Hash
f34660a0105da9f72676beb27b64c69a7abba04eb4b8dd52731264cbf2b0ae31
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
via
1.1 da45fdda4003d2326847e414bb9e55a6.cloudfront.net (CloudFront)
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
PHL51-P2
etag
W/"8ac63861a3c2024d4556cf84542d3283"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
x-amz-cf-id
0m1BJO4s2XWs83YNGfrPiraP8B0r9iQI1N-TC6uqOmR_9rRzRjw7rQ==
6si.min.js
j.6sc.co/ 		68 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/j/622d5ef1-81f9-49e7-b005-0477a5653ea5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e08bbd8d11326289feff5496edc2ee3d0d7e905fe69ad7612a63dcd6bc6e8313
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 06 Aug 2024 18:33:23 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"66b26c73-10ff6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, proxy-revalidate, max-age=10800
accept-ranges
bytes
content-length
18711
expires
Thu, 08 Aug 2024 17:04:53 GMT
getForm
get.zerofox.com/index.php/form/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://get.zerofox.com/index.php/form/getForm?munchkinId=143-DHV-007&form=2494&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&callback=jQuery37107480578422218365_1723125893166&_=1723125893167
Requested by
Host: get.zerofox.com
URL: https://get.zerofox.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f86d9b3121abb4be294a800e462d339f90849102f4ca59a0e6bddb2c19964c8c

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-form-service-request-id
490e#191324e88f6
x-marketo-source
Form Service
cf-ray
8b000ee0796f36db-YYZ
cached
false
visitWebPage
143-dhv-007.mktoresp.com/webevents/ 		2 B
318 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://143-dhv-007.mktoresp.com/webevents/visitWebPage?_mchNc=1723125893186&_mchCn=&_mchId=143-DHV-007&_mchTk=_mch-zerofox.com-1723125893185-52880&_mchHo=www.zerofox.com&_mchPo=&_mchRu=%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.147.68 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx/1.20.1 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 08 Aug 2024 14:04:53 GMT
Content-Encoding
gzip
Server
nginx/1.20.1
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
34485df7-3219-4ee0-92dd-a4f3a2408965
0
bat.bing.com/action/ 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=27025435&tm=gtm002&Ver=2&mid=0b86855e-651a-4823-b287-261feeaf06f4&sid=2f2f9830558f11ef92500f7c036c8e4c&vid=2f2fbad0558f11ef9c47d58efb6007e6&vids=1&msclkid=N&gtm_tag_source=1&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox&p=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&r=&lt=495&evt=pageLoad&sv=1&cdb=AQAQ&rn=435111
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 08 Aug 2024 14:04:52 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: AECBD76E33594810ADA3626492E6C22C Ref B: YMQ01EDGE0813 Ref C: 2024-08-08T14:04:53Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
assign
tracking.g2crowd.com/attribution_tracking/conversions/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by
Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1009848.js?p=https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/&e=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1eb0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarylAlTdVnj6wCCaZP0

Response headers
/
c.6sc.co/ 		7 B
193 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.zerofox.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/ 		20 B
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:2e::1735:ba7 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7909ac26c94c9592b7f3d0ce6d28b3921556d78b8bf9c72e91c35f410333685b

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.zerofox.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2607:5300:60:7867::6
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1723125893322_389185959_41694894_16_750_31_36_219";dur=1
content-length
20
expires
Thu, 08 Aug 2024 14:04:53 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=d5dfdf7854d89504c54ee6f70096a7b4&svisitor=null&visitor=dbd46669-732b-486f-8eff-9909d3949435&session=e732ac7b-4918-43fc-8eb6-5b8b282df184&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22ZeroFox%20Threat%20Research%20identified%20a%20change%20in%20focus%20among%20developers%20known%20as%20Raccoon%20Stealer.%20Take%20a%20closer%20look%20at%20their%20use%20of%20%E2%80%9Ccrypters%E2%80%9D%20and%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&pageViewId=91d451f0-7502-47cb-86b0-09dcfbe809eb&webTagId=622d5ef1-81f9-49e7-b005-0477a5653ea5&v=1.1.23
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 08 Aug 2024 14:04:53 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=d5dfdf7854d89504c54ee6f70096a7b4&svisitor=null&visitor=dbd46669-732b-486f-8eff-9909d3949435&session=e732ac7b-4918-43fc-8eb6-5b8b282df184&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22d5dfdf7854d89504c54ee6f70096a7b4%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22d93ac2cdef4780dc5a2dacf5aac4385e397731ff%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%22622d5ef1-81f9-49e7-b005-0477a5653ea5%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22ZeroFox%20Threat%20Research%20identified%20a%20change%20in%20focus%20among%20developers%20known%20as%20Raccoon%20Stealer.%20Take%20a%20closer%20look%20at%20their%20use%20of%20%E2%80%9Ccrypters%E2%80%9D%20and%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&pageViewId=91d451f0-7502-47cb-86b0-09dcfbe809eb&webTagId=622d5ef1-81f9-49e7-b005-0477a5653ea5&v=1.1.23
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 08 Aug 2024 14:04:53 GMT
/
www.google.com/pagead/1p-user-list/990807316/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/990807316/?random=1723125893083&cv=11&fst=1723125600000&bg=ffffff&guid=ON&async=1&gtm=45be4851v869621622z872230016za201zb72230016&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&hn=www.googleadservices.com&frm=0&tiba=Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox&npa=0&pscdl=noapi&auid=1444585368.1723125893&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfmSa5JOCWy05OfcckK-T-3BwL76FzPQ&random=594758511&rmt_tld=0&ipr=y
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
64.233.180.147 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
on-in-f147.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/990807316/ 		0
0
saq_pxl
tags.srv.stackadapt.com/ 		116 B
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=SSlrZcJ8d_jmGIVgGxx_gQ&is_js=true&landing_url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&t=Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox&tip=AVfsYagKU7MQe7WMPVRHC737K67WxBE3p5lECF7v98c&host=https%3A%2F%2Fwww.zerofox.com&sa_conv_data_css_value=%270-a2b16bcd-fd59-5f96-585f-b23182920362%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9a2b16bcdfd595f96585fb23182920362a772d167&l_src=&l_src_d=&u_src=&u_src_d=&shop=false&sa-user-id-v3=s%253AAQAKIPiNVVVjf4Tl9IQr6-i1WViXVQEozW0CRQSMhmC6a0aAENYBGAQghaHTtQYwAToEFPvsiUIE4SQEhw.oMfN1ZL0REJ617PKnxmYn1%252FITkiSFFQrsXrjnL6bpJs&sa-user-id-v2=s%253AorFrzf1ZX5ZYX7IxgpIDYqdy0Wc.SPXDt9tHLKKGBgsRIME1P3Dp860tMQpLFWsgWKQRpmo&sa-user-id=s%253A0-a2b16bcd-fd59-5f96-585f-b23182920362.hgDOA52uEDsvLLS8wHBk1%252FnUUdvQbtnS6E0OP2Fmz54
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.235.189.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-235-189-78.compute-1.amazonaws.com
Software
/
Resource Hash
450e62c7f4fdfc9d0897698f23b567fe88f9ca4fa3a047fa2e1ea0c4ca0e3597

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
https://www.zerofox.com
date
Thu, 08 Aug 2024 14:04:53 GMT
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
116
access-control-allow-methods
GET
content-type
text/plain; charset=utf-8
details
epsilon.6sense.com/v3/company/ 		742 B
712 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash
f11383ad7d3c69ffb2045e9c60ddbe79a0e90e1e840d3cf1f8521e3c160ca110

Request headers

Referer
https://www.zerofox.com/
Authorization
Token d93ac2cdef4780dc5a2dacf5aac4385e397731ff
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
X-6s-CustomID
WebTag 622d5ef1-81f9-49e7-b005-0477a5653ea5

Response headers

x-trace-id
2083418944204803378
date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
server
nginx
vary
Origin, Accept-Encoding
content-type
application/json
x-6si-region
us-east-1a
access-control-allow-origin
https://www.zerofox.com
access-control-expose-headers
X-6si-Region
access-control-allow-credentials
true
timing-allow-origin
https://6sense.com, https://www.ssga.com
content-length
394
details
epsilon.6sense.com/v3/company/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.zerofox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.zerofox.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
date
Thu, 08 Aug 2024 14:04:53 GMT
server
nginx
timing-allow-origin
https://6sense.com, https://www.ssga.com
x-6si-region
us-east-1a
x-trace-id
4049685819165123602
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=d5dfdf7854d89504c54ee6f70096a7b4&svisitor=null&visitor=dbd46669-732b-486f-8eff-9909d3949435&session=e732ac7b-4918-43fc-8eb6-5b8b282df184&event=ipv6&q=%7B%22address%22%3A%222607%3A5300%3A60%3A7867%3A%3A6%22%7D&isIframe=false&m=%7B%22description%22%3A%22ZeroFox%20Threat%20Research%20identified%20a%20change%20in%20focus%20among%20developers%20known%20as%20Raccoon%20Stealer.%20Take%20a%20closer%20look%20at%20their%20use%20of%20%E2%80%9Ccrypters%E2%80%9D%20and%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&pageViewId=91d451f0-7502-47cb-86b0-09dcfbe809eb&webTagId=622d5ef1-81f9-49e7-b005-0477a5653ea5&ipv6=2607%3A5300%3A60%3A7867%3A%3A6&v=1.1.23
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 08 Aug 2024 14:04:53 GMT
reveal
reveal.clearbit.com/v1/companies/ 		0
0
destinations.min.js
x.clearbitjs.com/v2/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/ 		0
44 B 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v2/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/destinations.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.132.189.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-189-106.us-east-2.compute.amazonaws.com
Software
Clearbit /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:54 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
content-length
0
tracking.min.js
x.clearbitjs.com/v2/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/ 		168 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v2/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/tracking.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.132.189.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-189-106.us-east-2.compute.amazonaws.com
Software
Clearbit /
Resource Hash
3d6231be8a8708af3e3776f0dd137728de0a8f09e23242fbe58a2af5877ed4cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
forms.js
x.clearbitjs.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/ 		33 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/forms.js?page_path=%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.132.189.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-189-106.us-east-2.compute.amazonaws.com
Software
Clearbit /
Resource Hash
a003e59e204553ddfb1eee3ddb890ddc96b79faa7041d70e51f9d9f6bdadc041
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
/
px.ads.linkedin.com/wa/ 		0
196 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 64A6A982A84B4021823AA5D4872C576E Ref B: YMQ01EDGE0414 Ref C: 2024-08-08T14:04:53Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
access-control-allow-origin
https://www.zerofox.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYfLILJqWvE06i1iYJUfw==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PH3386
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c00::8a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 08 Aug 2024 13:46:10 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1123
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 08 Aug 2024 15:46:10 GMT
0
bat.bing.com/action/ 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=27025435&tm=gtm002&Ver=2&mid=0b86855e-651a-4823-b287-261feeaf06f4&sid=2f2f9830558f11ef92500f7c036c8e4c&vid=2f2fbad0558f11ef9c47d58efb6007e6&vids=0&msclkid=N&gtm_tag_source=ua&ec=6si_company_details&gc=USD&tpp=1&en=Y&p=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&sw=1600&sh=1200&sc=24&evt=custom&cdb=AQAQ&rn=144980
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Thu, 08 Aug 2024 14:04:52 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 211B4AD553DA4BABAE7E8EDFA70E4B91 Ref B: YMQ01EDGE0813 Ref C: 2024-08-08T14:04:53Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
206 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1825300214&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&ul=en-ca&de=UTF-8&dt=Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=6si_company_details&ea=6si_data_loaded&_u=YADAAEABAAAAACAAIC~&jid=1188947038&gjid=300479096&cid=1728776518.1723125893&tid=UA-45740019-1&_gid=93336415.1723125894&_r=1&gtm=45He4851n71PH3386v72230016za200&cd9=&cd10=&cd12=Quebec&gcd=13l3l3l3l1&dma=0&tag_exp=0&z=1165291393
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c00::8a Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:53 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.zerofox.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
forms2.css
get.zerofox.com/js/forms2/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://get.zerofox.com/js/forms2/css/forms2.css
Requested by
Host: get.zerofox.com
URL: https://get.zerofox.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
last-modified
Fri, 19 Jul 2024 20:11:11 GMT
server
cloudflare
etag
"e0d85-3437-61d9f4beb95c0"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8b000ee4ed1636db-YYZ
content-length
2623
expires
Thu, 08 Aug 2024 18:04:53 GMT
forms2-theme-plain.css
get.zerofox.com/js/forms2/css/ 		828 B
329 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://get.zerofox.com/js/forms2/css/forms2-theme-plain.css
Requested by
Host: get.zerofox.com
URL: https://get.zerofox.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Fri, 19 Jul 2024 20:11:11 GMT
server
cloudflare
etag
"e0d84-33c-61d9f4beb95c0"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8b000ee4ed1736db-YYZ
content-length
246
expires
Thu, 08 Aug 2024 18:04:53 GMT
p
app.clearbit.com/v1/ 		16 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.clearbit.com/v1/p
Requested by
Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/tracking.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.132.189.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-189-106.us-east-2.compute.amazonaws.com
Software
Clearbit /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding, Origin
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://www.zerofox.com
access-control-expose-headers
content-security-policy-report-only
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials
true
content-type
application/json
XDFrame
get.zerofox.com/index.php/form/ Frame 8EAC 		2 KB
758 B 		Document
General
Check archive.org
Download Go to
Full URL
https://get.zerofox.com/index.php/form/XDFrame
Requested by
Host: get.zerofox.com
URL: https://get.zerofox.com/js/forms2/js/forms2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ac33edb9bf2f99486892c3ac154c79a4e728942083a8d924d90c8700e2227d9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
max-age=3600
cf-cache-status
DYNAMIC
cf-ray
8b000ee5fdee36db-YYZ
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 08 Aug 2024 14:04:54 GMT
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
forms_analytics.js
x.clearbitjs.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/ 		4 B
75 B 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/forms_analytics.js?event=form_loaded&integration=marketo&form_session_id=992f0eb4-139c-44d7-ac58-5bb728cbb5d0&total_fields=19&page_path=%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F
Requested by
Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v1/pk_b3427a0d0d8ac6f7343f50b6d6be95ab/forms.js?page_path=%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.132.189.106 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-132-189-106.us-east-2.compute.amazonaws.com
Software
Clearbit /
Resource Hash
98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
forms2.min.js
get.zerofox.com/js/forms2/js/ Frame 8EAC 		199 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://get.zerofox.com/js/forms2/js/forms2.min.js
Requested by
Host: get.zerofox.com
URL: https://get.zerofox.com/index.php/form/XDFrame
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.17.71.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://get.zerofox.com/index.php/form/XDFrame
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Fri, 19 Jul 2024 20:11:11 GMT
server
cloudflare
etag
"1e1dfc-31b30-61d9f4beb95c0"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public, max-age=14400
cf-ray
8b000edf788336db-YYZ
expires
Thu, 08 Aug 2024 18:04:53 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=d5dfdf7854d89504c54ee6f70096a7b4&svisitor=null&visitor=dbd46669-732b-486f-8eff-9909d3949435&session=e732ac7b-4918-43fc-8eb6-5b8b282df184&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A54%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A53%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%221004%22%7D&isIframe=false&m=%7B%22description%22%3A%22ZeroFox%20Threat%20Research%20identified%20a%20change%20in%20focus%20among%20developers%20known%20as%20Raccoon%20Stealer.%20Take%20a%20closer%20look%20at%20their%20use%20of%20%E2%80%9Ccrypters%E2%80%9D%20and%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&pageViewId=91d451f0-7502-47cb-86b0-09dcfbe809eb&webTagId=622d5ef1-81f9-49e7-b005-0477a5653ea5&ipv6=2607%3A5300%3A60%3A7867%3A%3A6&v=1.1.23
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:54 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 08 Aug 2024 14:04:54 GMT
zi-tag.js
js.zi-scripts.com/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.zi-scripts.com/zi-tag.js
Requested by
Host: www.zerofox.com
URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:54 GMT
x-amz-version-id
PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
via
1.1 b45dc877dacb6622decf2f047880d5ae.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
content-encoding
gzip
x-amz-cf-pop
YTO50-P1
age
19592
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 18 Jul 2024 08:13:46 GMT
server
cloudflare
etag
W/"b2877da906a3216c4f3fc4030b205e54"
vary
Accept-Encoding
content-type
application/javascript
cf-ray
8b000ee7adac36c0-YYZ
x-amz-cf-id
4REv0SJ_HDdvHiavX7MzSxCkD8I7REzYjO3m_WHMj4wZCGDxH7uq6g==
favicon.ico
www.zerofox.com/ 		15 KB
5 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.zerofox.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:5b1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91153b584ce5375c14a6acbcb4a2533ed91182af3d866919318739799c5ab381
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 14:04:54 GMT
content-security-policy
default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
MISS
content-encoding
gzip
content-disposition
inline; filename="favicon.ico"
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
x-vercel-id
lhr1::kgwmb-1723125894378-dd1d53a6deba
server
cloudflare
x-matched-path
/favicon.ico
etag
W/"f240b3d3d155d828b18193fe9f429377"
x-vercel-cache
HIT
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,DELETE,PATCH,POST,PUT
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
cache-control
public, max-age=14400
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
8b000ee76eb8a2b0-YUL
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
expires
Thu, 08 Aug 2024 18:04:54 GMT
getSubscriptions
js.zi-scripts.com/unified/v1/master/ 		150 B
542 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3dabcc405be6471e494af1e8437247ea35f4fc2cbada9e99b0d112a83e4f9fc0

Request headers

Content-Type
application/json
Referer
https://www.zerofox.com/
Authorization
Bearer fa4f2de4a61679922784
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
visited_url
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/

Response headers

date
Thu, 08 Aug 2024 14:04:54 GMT
via
1.1 008b0ed6cc4c9f79c79b5aa34472a884.cloudfront.net (CloudFront)
content-encoding
gzip
cf-cache-status
DYNAMIC
x-amz-cf-pop
YTO50-P1
x-powered-by
Express
x-cache
Miss from cloudfront
alt-svc
h3=":443"; ma=86400
apigw-requestid
cMWFFg0XPHcEP0w=
server
cloudflare
etag
W/"96-z7feABpxznb86tBltvbkixDqtMM"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.zerofox.com
cf-ray
8b000ee8c853b40a-YYZ
x-amz-cf-id
Kjb70oCoAf5DAeu9jAiLa4MkehGL3pNhjsUia_29sOpcsGzLvwNz9g==
getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.37.212 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,visited_url
Access-Control-Request-Method
GET
Origin
https://www.zerofox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods
POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin
https://www.zerofox.com
alt-svc
h3=":443"; ma=86400
apigw-requestid
cMWFDjfRPHcEPBw=
cf-cache-status
DYNAMIC
cf-ray
8b000ee81fe5b40a-YYZ
date
Thu, 08 Aug 2024 14:04:54 GMT
server
cloudflare
vary
Origin
via
1.1 c73f9dc228a4b3fb05ae37ce52d04a1c.cloudfront.net (CloudFront)
x-amz-cf-id
jBTa9l-pErv3a5dQ3URacmYqsQb5mF4vVsWlw9gYEE5FJdZwaVxTeA==
x-amz-cf-pop
YTO50-P1
x-cache
Miss from cloudfront
x-powered-by
Express
/
ws.zoominfo.com/pixel/618ac5312281f500159745a9/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/618ac5312281f500159745a9/?iszitag=true
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
9f28afc39b55253ed72acd61a0939959be333fa7bd86afb9ba54aba935797b1a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

visited-url
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Referer
https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
_vtok
MTY3LjExNC4yMDkuMTAz
_zitok
c491baaa5e1046cdc7a31723125894
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/javascript

Response headers

date
Thu, 08 Aug 2024 14:04:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
https://www.zerofox.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc
h3=":443"; ma=86400
cf-ray
8b000eeaf9b9ab21-YYZ
/
ws.zoominfo.com/pixel/618ac5312281f500159745a9/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/618ac5312281f500159745a9/?iszitag=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
_vtok,_zitok,content-type,visited-url
Access-Control-Request-Method
GET
Origin
https://www.zerofox.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin
https://www.zerofox.com
allow
GET,HEAD
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8b000eea4f2c3a02-YYZ
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Thu, 08 Aug 2024 14:04:54 GMT
server
cloudflare
via
1.1 google
x-content-type-options
nosniff
x-powered-by
Express
x-robots-tag
noindex, nofollow
c3af9bb9-18fd-4931-a3de-2c183823e748
https://www.zerofox.com/ 		3 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
blob:https://www.zerofox.com/c3af9bb9-18fd-4931-a3de-2c183823e748
Requested by
Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9f28afc39b55253ed72acd61a0939959be333fa7bd86afb9ba54aba935797b1a

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length
3032
Content-Type
text/javascript
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=d5dfdf7854d89504c54ee6f70096a7b4&svisitor=null&visitor=dbd46669-732b-486f-8eff-9909d3949435&session=e732ac7b-4918-43fc-8eb6-5b8b282df184&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A55%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A54%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22ZeroFox%20Threat%20Research%20identified%20a%20change%20in%20focus%20among%20developers%20known%20as%20Raccoon%20Stealer.%20Take%20a%20closer%20look%20at%20their%20use%20of%20%E2%80%9Ccrypters%E2%80%9D%20and%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&pageViewId=91d451f0-7502-47cb-86b0-09dcfbe809eb&webTagId=622d5ef1-81f9-49e7-b005-0477a5653ea5&ipv6=2607%3A5300%3A60%3A7867%3A%3A6&v=1.1.23
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:55 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 08 Aug 2024 14:04:55 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=d5dfdf7854d89504c54ee6f70096a7b4&svisitor=null&visitor=dbd46669-732b-486f-8eff-9909d3949435&session=e732ac7b-4918-43fc-8eb6-5b8b282df184&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A56%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A55%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22ZeroFox%20Threat%20Research%20identified%20a%20change%20in%20focus%20among%20developers%20known%20as%20Raccoon%20Stealer.%20Take%20a%20closer%20look%20at%20their%20use%20of%20%E2%80%9Ccrypters%E2%80%9D%20and%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&pageViewId=91d451f0-7502-47cb-86b0-09dcfbe809eb&webTagId=622d5ef1-81f9-49e7-b005-0477a5653ea5&ipv6=2607%3A5300%3A60%3A7867%3A%3A6&v=1.1.23
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:56 GMT
x-content-type-options
nosniff
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 08 Aug 2024 14:04:56 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=d5dfdf7854d89504c54ee6f70096a7b4&svisitor=null&visitor=dbd46669-732b-486f-8eff-9909d3949435&session=e732ac7b-4918-43fc-8eb6-5b8b282df184&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A57%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A56%20GMT%22%2C%22timeSpent%22%3A%221009%22%2C%22totalTimeSpent%22%3A%224014%22%7D&isIframe=false&m=%7B%22description%22%3A%22ZeroFox%20Threat%20Research%20identified%20a%20change%20in%20focus%20among%20developers%20known%20as%20Raccoon%20Stealer.%20Take%20a%20closer%20look%20at%20their%20use%20of%20%E2%80%9Ccrypters%E2%80%9D%20and%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&pageViewId=91d451f0-7502-47cb-86b0-09dcfbe809eb&webTagId=622d5ef1-81f9-49e7-b005-0477a5653ea5&ipv6=2607%3A5300%3A60%3A7867%3A%3A6&v=1.1.23
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:57 GMT
x-content-type-options
nosniff
last-modified
Tue, 05 Oct 2021 22:17:52 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"615ccf10-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 08 Aug 2024 14:04:57 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=d5dfdf7854d89504c54ee6f70096a7b4&svisitor=null&visitor=dbd46669-732b-486f-8eff-9909d3949435&session=e732ac7b-4918-43fc-8eb6-5b8b282df184&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A58%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2008%20Aug%202024%2014%3A04%3A57%20GMT%22%2C%22timeSpent%22%3A%221007%22%2C%22totalTimeSpent%22%3A%225021%22%7D&isIframe=false&m=%7B%22description%22%3A%22ZeroFox%20Threat%20Research%20identified%20a%20change%20in%20focus%20among%20developers%20known%20as%20Raccoon%20Stealer.%20Take%20a%20closer%20look%20at%20their%20use%20of%20%E2%80%9Ccrypters%E2%80%9D%20and%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&pageViewId=91d451f0-7502-47cb-86b0-09dcfbe809eb&webTagId=622d5ef1-81f9-49e7-b005-0477a5653ea5&ipv6=2607%3A5300%3A60%3A7867%3A%3A6&v=1.1.23
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.33.42.83 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-33-42-83.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.zerofox.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 08 Aug 2024 14:04:58 GMT
x-content-type-options
nosniff
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Thu, 08 Aug 2024 14:04:58 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.ca
URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LKLP1CEKVM&cid=1728776518.1723125893&gtm=45je4851v9100231180z872230016za200zb72230016&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=27861532
Domain
www.google.ca
URL
https://www.google.ca/pagead/1p-user-list/990807316/?random=1723125893083&cv=11&fst=1723125600000&bg=ffffff&guid=ON&async=1&gtm=45be4851v869621622z872230016za201zb72230016&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&hn=www.googleadservices.com&frm=0&tiba=Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox&npa=0&pscdl=noapi&auid=1444585368.1723125893&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfmSa5JOCWy05OfcckK-T-3BwL76FzPQ&random=594758511&rmt_tld=1&ipr=y
Domain
reveal.clearbit.com
URL
https://reveal.clearbit.com/v1/companies/reveal?authorization=pk_b3427a0d0d8ac6f7343f50b6d6be95ab&callback=revealCallback

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_SITE_DATA_URL string| CE_USER_DATA_URL object| webpackChunk_N_E function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| gsapVersions object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST string| CE_USER_COMMON_SCRIPT_URL string| CE_USER_THIRDPARTY_SCRIPT_URL object| dataLayer object| webpackChunkCE2 object| CE2BH function| CE_URL_FINGERPRINT object| CE_API object| google_tag_manager object| google_tag_data string| _linkedin_data_partner_id function| onYouTubeIframeAPIReady object| zi string| ZIProjectKey function| saq function| _saq object| GooglebQhCsO object| gaGlobal function| UET function| UET_init function| UET_push object| ueto_c956a83e7e object| uetq function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin function| lintrk boolean| _already_called_lintrk object| MktoForms2 object| _6si object| MunchkinTracker object| res object| saCookies string| current_window_url_param boolean| _storagePopulated boolean| __clearbit_tagsjs object| clearbit object| ClearbitForms object| ORIBILI string| GoogleAnalyticsObject function| ga function| parcelRequire object| gaplugins object| gaData object| clearbitsq object| args string| method function| normalize function| addCaptchaScript string| firstVal function| LoadDriftWidget object| zitag object| ZILogs function| loadZILogs function| errorHandler object| ziws

41 Cookies

Domain/Path Name / Value
.zerofox.com/ Name: _ce.irv
Value: new
.zerofox.com/ Name: cebs
Value: 1
.zerofox.com/ Name: _ce.clock_event
Value: 1
.zerofox.com/ Name: _gcl_au
Value: 1.1.1444585368.1723125893
.zerofox.com/ Name: _ce.clock_data
Value: 29%2C167.114.209.103%2C1%2C3d96f8e03a42123e5523adf5c57607ad%2CChrome%2CCA
.zerofox.com/ Name: cebsp_
Value: 1
.zerofox.com/ Name: _ce.s
Value: v~ff491f6464691e25b67fbdff0e7c306f17ab66b0~lcw~1723125893048~lva~1723125892830~vpv~0~v11.fhb~1723125893042~v11.lhb~1723125893043~v11.cs~447245~v11.s~2f169c70-558f-11ef-aa99-8b37c9b84092~lcw~1723125893048
.get.zerofox.com/ Name: __cf_bm
Value: v_G4UnZWoxFvjoAqw.UaVl67q9TnKpT.ZlUcb1eptK4-1723125893-1.0.1.1-7z_lWKz.KyerAlGvkiN9LEbGgvKc_GMof.9UYq_Ov6sScbEyeHex.5zS8yFr4CFYiH0qmW5Ko_lfBuUWDnQ2qw
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-a2b16bcd-fd59-5f96-585f-b23182920362.hgDOA52uEDsvLLS8wHBk1%2FnUUdvQbtnS6E0OP2Fmz54
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-a2b16bcd-fd59-5f96-585f-b23182920362.hgDOA52uEDsvLLS8wHBk1%2FnUUdvQbtnS6E0OP2Fmz54
tags.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AorFrzf1ZX5ZYX7IxgpIDYqdy0Wc.SPXDt9tHLKKGBgsRIME1P3Dp860tMQpLFWsgWKQRpmo
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AorFrzf1ZX5ZYX7IxgpIDYqdy0Wc.SPXDt9tHLKKGBgsRIME1P3Dp860tMQpLFWsgWKQRpmo
tags.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIPiNVVVjf4Tl9IQr6-i1WViXVQEozW0CRQSMhmC6a0aAENYBGAQghaHTtQYwAToEFPvsiUIE4SQEhw.oMfN1ZL0REJ617PKnxmYn1%2FITkiSFFQrsXrjnL6bpJs
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIPiNVVVjf4Tl9IQr6-i1WViXVQEozW0CRQSMhmC6a0aAENYBGAQghaHTtQYwAToEFPvsiUIE4SQEhw.oMfN1ZL0REJ617PKnxmYn1%2FITkiSFFQrsXrjnL6bpJs
.zerofox.com/ Name: _ga_LKLP1CEKVM
Value: GS1.1.1723125893.1.0.1723125893.60.0.0
www.zerofox.com/ Name: sa-user-id
Value: s%253A0-a2b16bcd-fd59-5f96-585f-b23182920362.hgDOA52uEDsvLLS8wHBk1%252FnUUdvQbtnS6E0OP2Fmz54
www.zerofox.com/ Name: sa-user-id-v2
Value: s%253AorFrzf1ZX5ZYX7IxgpIDYqdy0Wc.SPXDt9tHLKKGBgsRIME1P3Dp860tMQpLFWsgWKQRpmo
www.zerofox.com/ Name: sa-user-id-v3
Value: s%253AAQAKIPiNVVVjf4Tl9IQr6-i1WViXVQEozW0CRQSMhmC6a0aAENYBGAQghaHTtQYwAToEFPvsiUIE4SQEhw.oMfN1ZL0REJ617PKnxmYn1%252FITkiSFFQrsXrjnL6bpJs
.zerofox.com/ Name: _mkto_trk
Value: id:143-DHV-007&token:_mch-zerofox.com-1723125893185-52880
.g2crowd.com/ Name: __cf_bm
Value: rPW4nq1EnJBwP_QocqnPB1SaZAYZz3h9iyMiVvfHD2k-1723125893-1.0.1.1-oFh7lK7pBwFmD94wP3DxQtiRvvP_50m5intuT17qfPamyR1gdIzbF.rIhK42_8nO2GNGRfh204MHnLHuHgVUng
www.zerofox.com/ Name: _gd_visitor
Value: dbd46669-732b-486f-8eff-9909d3949435
www.zerofox.com/ Name: _gd_session
Value: e732ac7b-4918-43fc-8eb6-5b8b282df184
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.bing.com/ Name: MUID
Value: 3C80B996B61460A700DDAD43B72F613C
.bat.bing.com/ Name: MR
Value: 0
.linkedin.com/ Name: bcookie
Value: "v=2&e428fb49-fd54-49e4-858a-c171545ae7c1"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjMxMjU4OTM7MjswMjHPyqZ7ABJA4SXsNA0E0FHF2K8f8HHMQBZmmr+HbjKV2Q==
.linkedin.com/ Name: lidc
Value: "b=OGST01:s=O:r=O:a=O:p=O:g=3361:u=1:x=1:i=1723125893:t=1723212293:v=2:sig=AQGMs1PnHkRyirnLj4SYnFCMaTY0XP0v"
.zerofox.com/ Name: _uetsid
Value: 2f2f9830558f11ef92500f7c036c8e4c
.zerofox.com/ Name: _uetvid
Value: 2f2fbad0558f11ef9c47d58efb6007e6
.bing.com/ Name: MSPTC
Value: CFRleMUEgvMqTwyykXL3P0Saw688Y4M77MrAmp0D5CI
.zerofox.com/ Name: _ga
Value: GA1.2.1728776518.1723125893
.zerofox.com/ Name: _gid
Value: GA1.2.93336415.1723125894
.zerofox.com/ Name: _gat_UA-45740019-1
Value: 1
get.zerofox.com/ Name: BIGipServersj09web-nginx-app_https
Value: !yMk+E0kX9YtJL/0RgS7A5F9dNDOAZOm3d2tNMFgXy+bDJUUY6VGusGWzpgbD3QUZj/br6lYZa6CUkA==
.zerofox.com/ Name: cb_user_id
Value: null
.zerofox.com/ Name: cb_group_id
Value: null
.zerofox.com/ Name: cb_anonymous_id
Value: %227fb6e2ee-6bfd-4075-9d90-45e5f9a3deff%22
.www.zerofox.com/ Name: _zitok
Value: c491baaa5e1046cdc7a31723125894
.zoominfo.com/ Name: __cf_bm
Value: KkFTRwW_HAZCve8w7.KGOdasqGG1GGicft6IUJI9Ngs-1723125894-1.0.1.1-MxQLWCXYURAb9pt54ncRqY5U1_ybXfN5VgGVRm3b8lKhyMRxaso8dNhOesqvs9y9V99aPx.s9Ht2TPvtzXMveA
.zoominfo.com/ Name: _cfuvid
Value: kTUsKwkgayVgq_gIUTkxqxpC3G.VE8ylQ8za16IaSOw-1723125894971-0.0.1.1-604800000

3 Console Messages

Source Level URL
Text
security error URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Message:
Refused to load the image 'https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LKLP1CEKVM&cid=1728776518.1723125893&gtm=45je4851v9100231180z872230016za200zb72230016&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=27861532' because it violates the following Content Security Policy directive: "img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com".
security error URL: https://www.zerofox.com/blog/raccoon-stealer-pivots-towards-self-protection/
Message:
Refused to load the image 'https://www.google.ca/pagead/1p-user-list/990807316/?random=1723125893083&cv=11&fst=1723125600000&bg=ffffff&guid=ON&async=1&gtm=45be4851v869621622z872230016za201zb72230016&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.zerofox.com%2Fblog%2Fraccoon-stealer-pivots-towards-self-protection%2F&hn=www.googleadservices.com&frm=0&tiba=Raccoon%20Stealer%20Pivots%20Towards%20Self-Protection%20%7C%20ZeroFox&npa=0&pscdl=noapi&auid=1444585368.1723125893&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfmSa5JOCWy05OfcckK-T-3BwL76FzPQ&random=594758511&rmt_tld=1&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com".
security error URL: https://bat.bing.com/bat.js
Message:
Refused to connect to 'https://bat.bing.com/actionp/0?ti=27025435&tm=gtm002&Ver=2&mid=0b86855e-651a-4823-b287-261feeaf06f4&sid=2f2f9830558f11ef92500f7c036c8e4c&vid=2f2fbad0558f11ef9c47d58efb6007e6&vids=0&msclkid=N&evt=pageHide' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.crazyegg.com; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.wpenginepowered.com http://*.zerofox.com https://munchkin.marketo.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com http://tag.clearbitscripts.com https://reveal.clearbit.com https://x.clearbitjs.com https://*.wistia.com https://*.wistia.net https://js.driftt.com https://*.leandata.com https://www.buzzsprout.com https://snap.licdn.com https://px.ads.linkedin.com https://bat.bing.com https://j.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://tracking.g2crowd.com https://tags.srv.stackadapt.com https://qvdt3feo.com/events.js https://js.zi-scripts.com *.crazyegg.com https://vercel.live; style-src 'self' 'unsafe-inline' http://*.zerofox.com https://fonts.googleapis.com https://tags.srv.stackadapt.com *.crazyegg.com; img-src 'self' blob: data: https://*.wpenginepowered.com http://*.zerofox.com www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://cdn.onetrust.com https://*.leandata.com https://i.imgur.com https://b.6sc.co https://px.ads.linkedin.com https://px4.ads.linkedin.com https://bat.bing.com *.crazyegg.com; font-src 'self' data: https://*.wistia.com https://*.wistia.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.leandata.com; object-src 'self' https://*.wpenginepowered.com; base-uri 'self'; connect-src 'self' https://*.wpenginepowered.com https://app.clearbit.com https://maps.googleapis.com http://*.wistia.com https://*.wistia.net https://*.leandata.com https://analytics.google.com https://ipv6.6sc.co https://c.6sc.co https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://tags.srv.stackadapt.com https://px.ads.linkedin.com https://143-dhv-007.mktoresp.com https://143-dhv-007.mktoutil.com https://www.google-analytics.com https://js.zi-scripts.com https://tracking.g2crowd.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ws.zoominfo.com *.crazyegg.com https://vercel.live; form-action 'self'; frame-ancestors https://*.zerofox.com https://*.wpenginepowered.com; frame-src 'self' http://*.zerofox.com https://*.wpenginepowered.com https://www.google.com https://js.driftt.com https://*.leandata.com https://www.g2.com https://www.buzzsprout.com https://td.doubleclick.net *.crazyegg.com https://vercel.live; media-src 'self' blob: https://*.wpenginepowered.com https://*.wistia.com; block-all-mixed-content; upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

143-dhv-007.mktoresp.com
analytics.google.com
app.clearbit.com
assets-tracking.crazyegg.com
b.6sc.co
bat.bing.com
c.6sc.co
epsilon.6sense.com
get.zerofox.com
googleads.g.doubleclick.net
ipv6.6sc.co
j.6sc.co
js.zi-scripts.com
munchkin.marketo.net
pagestates-tracking.crazyegg.com
px.ads.linkedin.com
px4.ads.linkedin.com
reveal.clearbit.com
script.crazyegg.com
snap.licdn.com
stats.g.doubleclick.net
tag.clearbitscripts.com
tags.srv.stackadapt.com
tracking.crazyegg.com
tracking.g2crowd.com
ws.zoominfo.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.zerofox.com
x.clearbitjs.com
reveal.clearbit.com
www.google.ca
104.16.118.43
104.17.71.206
104.18.37.212
104.19.148.8
13.224.214.111
172.217.197.156
18.235.189.78
192.28.147.68
23.33.42.83
2600:1408:c400:26::17da:d920
2600:1408:ec00:2e::1735:ba7
2600:9000:27aa:3600:7:d7d6:3c40:93a1
2606:4700::6812:1eb0
2606:4700::6812:5b1e
2607:f8b0:4004:c1b::8b
2607:f8b0:400d:c00::8a
2607:f8b0:400d:c04::61
2607:f8b0:400d:c04::9c
2620:1ec:21::14
2620:1ec:50::12
2620:1ec:c11::237
3.132.189.106
3.133.231.135
52.84.125.20
64.233.180.147
69.192.29.241
76.223.9.105
007a09c375d2835e02188150e53c07ecb502c1dc0eedd964950877827889b1d3
0423f69dc0e5f863d923e48c8c61298979b1c3fbdacbf6976d2b36f160bdea88
0c9190d54a7844a7d6096425850304b69afb1aeb3bb68fb289b9037066508a62
187afb39b2dca7aa7818be15603affee559394cd4bac735d974315ee6cbeb553
197a3cbd7290c242c5c765268cdd69a9a39867fdc80cd13071f243a81c56fb76
1a65eb4f071db38231b26e035e0e7832b08dd570184960e1ff93ab6dca28f6ff
248c55ea10fc98b7f7e8ba262579323d67c8d21f8bbf21d7fcc42d799c990d8a
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2712b58e77913aaf1048c3d89fd3107a282a7b93fcfe6524c0354d3b15f99594
2ac33edb9bf2f99486892c3ac154c79a4e728942083a8d924d90c8700e2227d9
2cf78e0a623aef91a384adb7be5476b61ffc05cfb0ae1d62e6899887cd037e8b
397340bcc33495b223f15a98cf2f53c9f6112af72bd97180fef9e3031989264e
3d6231be8a8708af3e3776f0dd137728de0a8f09e23242fbe58a2af5877ed4cd
3dabcc405be6471e494af1e8437247ea35f4fc2cbada9e99b0d112a83e4f9fc0
3dc5d0c52428fe1696264907a1054ebbaac07f8cbe45832c105f819c2ae397c0
43b859d8f1615978b75fd65a14a045f2eab04830702da9e9242ddf2f1c5f2e15
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
450e62c7f4fdfc9d0897698f23b567fe88f9ca4fa3a047fa2e1ea0c4ca0e3597
4613ebafeed891708837c1e8e7d68e3689f73b6d84170cd796362a1a75f357e2
4ef5511d8e7b39ae3f98ffed14d6071d7914e0c145fee5a79bb43aa962ff0fc4
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57b653bfcc3e62202d18258cbf763e742cf63772280a22b4aada844d0661c4cf
57cd46adbabd6c40823602b4513aecbe89320a769572255272abe9f008de69fa
580de6ef0908bcea077dd15595c66e6f6fb8c10c7ddd679a75132ac178b2f6cb
5bbf6ae7fbaa03305fabeef8f79c6c547f003186535769f550c5d82f020348f0
629dea3fc8ca3364508e787cddbe7e6a1e0e72071d9ba2ba4539a2c60c8f1dea
643e38d8c288a1da34a14a68a5012441929108d50054414ce8cc33fad36a2354
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
707305b1f7fa8a1b595c972f52053448a76d10eeaf944f3dee03279ba1febc19
7909ac26c94c9592b7f3d0ce6d28b3921556d78b8bf9c72e91c35f410333685b
79e6e855ee68b89a0479f8e74954fce62134d0861f58a5875295512547093fcf
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
831f73d6f7ea04151bd7e93c98939c546b6f1fdadf394c7cf8811e20b322329e
8476cde998911b9e440ea14007c8ab0a7cfc96afdc4827a7c7d0bf278ad73441
872e862918591a9e824dc03ed92f05729435ffbb8ebbb10eff7eda26592b1798
8b218b51c147227b6d25d503a5cfdc5ab51ba9f65ed296e37200c9b556318940
8c194757e6deb5962019f36aa87860d6ce25ee222ad5ff23252e90a92592f6cc
91153b584ce5375c14a6acbcb4a2533ed91182af3d866919318739799c5ab381
95fb3fb157c62ee3bd6f517d9190e66ad391bb990c4a33d87bdd2b08a6eec582
989ddb8b82254790a99310db64b972d315833acb33938f6518e2ccc946570746
98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3
9cf0c81ac8c0b4f33159aaa71e6d6e654ab4d244596843ccf670b70634d4c1af
9ea6b766a31475af0b8e3f58afbd4c37a1914c8866e38f19740177f77fec6eff
9f28afc39b55253ed72acd61a0939959be333fa7bd86afb9ba54aba935797b1a
a003e59e204553ddfb1eee3ddb890ddc96b79faa7041d70e51f9d9f6bdadc041
a0942f9a38de1ed9804ad48231d90f354e6c311b551eee9f059b8f4654fce4d1
a5eaa623aebf9c7f85b9b53ceedd21be76be4c0f409e02a264c282b69bda5a75
a88e74a42ae6b61811386cd56db83e513dfdaef89cc90cc00940867cd84ddb7a
aaf173c00687da3d4328c0a1593d764175af1cb6708fa79ca5febcdc5f7de161
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac96aba7a437601360851fc6e37ca80bb7e3bbdb4bb234512c45b642f09f552e
ad00d92eaa007e5b45b25fb3b0548dd7be6a02ebcf746d8ed500b27ba04457c3
c1fc002c7a5c97bd70a2e0901d184c202144c228b93c59c89301e718220d7d2e
c4baf0e0ce800e940449e1ecde98b3592286536ee6e421668fb200405c530fed
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
c7f7696ac425fec01de8b7bab640af28b7667f9003a7d61e1878e42c33008017
c9131f189a142af551381ebe50e83789c66e2eebe08b59f31739ec49bf8f8d2c
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb31bb53eefec5a74b7e7271abd4e97e0735174d7d0b0dec0f2217462573d1f1
cba4ddb3d4d3d245d365a83793d31a4192a7f030d472125228a751dbf9deac06
d06ccc404347dc1741de3fac46256509e029509528ad290ee67090a07a05778c
d32be205bad5e2c94710ccb9d302ea4230e1f51886d452376e34c22b2569db53
d860b9dd7c9509738a481b54e6e48a3242f0829a747fd76abca370d00f38d00a
d99e207330bc9f7a782020286e14186a6f0dfa740ec07ef0316e3c9663bf94cb
daede37b98b32b4b1f45a5c8e3a7b5d98f59004fb4b020c6adb79ed750c5a3d8
dbf7035c4646b59e592ec0e2d953454c669b688c79945f125140ec1f181bcf56
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e048a7960ff87f873ec8daa98d408d984c7faa2b40b6ce7fe119b1a05a1e7c4b
e08bbd8d11326289feff5496edc2ee3d0d7e905fe69ad7612a63dcd6bc6e8313
e271dfbad921618bb5c5ae7c5106bd3ab3b7a69fd942a3914f17fa48ca7d0be7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45196499cb309704bdf623f71fe3ee3019f9b0081e054a05b6cd8a84e1b67a5
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
e8f74416e7bc7051dbd2c0b2dec8cdb9a5ba4b36f88ba1b65c3e7dd7447b4090
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f11383ad7d3c69ffb2045e9c60ddbe79a0e90e1e840d3cf1f8521e3c160ca110
f2523def9c3de971497cca0347f55c7b1e012e636b93ae7d7d0e660b769f40d4
f3085598c30d834918b38b90ff1d1d8c220020ddfe4b1518a0ee06e7fa764e8d
f34660a0105da9f72676beb27b64c69a7abba04eb4b8dd52731264cbf2b0ae31
f42bf1bfe97dc7bbe74789757923316be32210ef38b16fe56776a2095c9ba051
f6f95a43203115e46ccc71a4038ba46a90d2a401b0a13fc58bddbb495998de23
f86d9b3121abb4be294a800e462d339f90849102f4ca59a0e6bddb2c19964c8c
fbfc8ffc157a7e1c0f191da7ac46ae170b096157fcbfe4e6a75eac65b8f87a6d
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a