www.netskope.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Submission: On February 20 via manual (February 20th 2024, 8:31:28 pm UTC) from US — Scanned from DE

Summary HTTP 61 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 10 domains to perform 61 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.netskope.com.
TLS certificate: Issued by GlobalSign Extended Validation CA - S... on September 8th 2023. Valid for: a year.

This is the only time www.netskope.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	151.101.193.91 151.101.193.91	54113 (FASTLY) (FASTLY)
2	2a02:26f0:350... 2a02:26f0:3500:18::1724:a29d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2606:4700::68... 2606:4700::6812:1105	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::644	54113 (FASTLY) (FASTLY)
2	2a02:26f0:480... 2a02:26f0:480:4b6::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	104.17.74.206 104.17.74.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
1	44.199.109.240 44.199.109.240	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
1	104.16.96.80 104.16.96.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:1005	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.247.156 35.186.247.156	15169 (GOOGLE) (GOOGLE)
61	14

35 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.netskope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.91 (United States)

ASN54113 (FASTLY, US)

client-registry.mutinycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:18::1724:a29d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:1105 (United States)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::644 (United States)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:480:4b6::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.74.206 (None, )

ASN13335 (CLOUDFLARENET, US)

go.netskope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.199.109.240 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-199-109-240.compute-1.amazonaws.com

app.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.96.80 (None, )

ASN13335 (CLOUDFLARENET, US)

app-sj09.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	netskope.com www.netskope.com go.netskope.com	1 MB
9	qualified.com js.qualified.com — Cisco Umbrella Rank: 23983 app.qualified.com — Cisco Umbrella Rank: 25187 assets.qualified.com — Cisco Umbrella Rank: 26593	949 KB
4	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4586 consentcdn.cookiebot.com — Cisco Umbrella Rank: 5239 imgsct.cookiebot.com — Cisco Umbrella Rank: 5471	123 KB
1	sentry.io sentry.io — Cisco Umbrella Rank: 169	324 B
1	marketo.com app-sj09.marketo.com	67 KB
1	gstatic.com www.gstatic.com	197 KB
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	wistia.net fast.wistia.net — Cisco Umbrella Rank: 9755	132 KB
1	mutinycdn.com client-registry.mutinycdn.com — Cisco Umbrella Rank: 22645	16 KB
0	amazonaws.com Failed qualified-production.s3.us-east-1.amazonaws.com Failed
61	10

	Domain	Requested by
35	www.netskope.com	www.netskope.com
7	assets.qualified.com	app.qualified.com
6	go.netskope.com	www.netskope.com app-sj09.marketo.com go.netskope.com
2	consent.cookiebot.com	www.netskope.com consent.cookiebot.com
1	sentry.io	assets.qualified.com
1	app-sj09.marketo.com	www.netskope.com
1	www.gstatic.com	www.google.com
1	app.qualified.com	js.qualified.com
1	www.google.com	www.netskope.com
1	imgsct.cookiebot.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	fast.wistia.net	www.netskope.com
1	js.qualified.com	www.netskope.com
1	client-registry.mutinycdn.com	www.netskope.com
0	qualified-production.s3.us-east-1.amazonaws.com Failed
61	15

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
www.beeswax.com
www.crazyegg.com
policies.google.com
www.linkedin.com
www.appnexus.com
twitter.com
www.facebook.com
documents.marketo.com
privacy.microsoft.com
www.stackadapt.com
www.thetradedesk.com
wpengine.com
netskopestage.wpengine.com
go.netskope.com
netskope.com
resources.netskope.com
docs.netskope.com
community.netskope.com
support.netskope.com
trust.netskope.com
partners.netskope.com
github.com
www.instagram.com

Subject Issuer	Validity	Valid
netskope.com GlobalSign Extended Validation CA - SHA256 - G3	`2023-09-08` - `2024-10-09`	a year	crt.sh
client-registry.mutinycdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-06-03` - `2024-07-04`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-06` - `2024-04-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
fast.wistia.net GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-02` - `2024-08-02`	a year	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-17` - `2024-04-17`	a year	crt.sh
go.netskope.com Cloudflare Inc ECC CA-3	`2023-04-05` - `2024-04-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
app.qualified.com R3	`2024-01-20` - `2024-04-19`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
app-sj09.marketo.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-08` - `2024-09-07`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Frame ID: DCEA9A360FE3B3130D730D11AF96909E
Requests: 51 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 9A69CC3B20BFEFA0CC9D5D0755DE24F4
Requests: 1 HTTP requests in this frame

Frame: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=0e3e6443-3803-4a33-a1e5-bcbcbb4b1374
Frame ID: F7EA1196799E4676BEA6414DDC06AB46
Requests: 10 HTTP requests in this frame

Frame: https://go.netskope.com/index.php/form/XDFrame
Frame ID: 54B1B022C1DE2DE5D9EFDEE4F19EFCC6
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile - NetskopePowered by Cookiebot

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

61
Requests

98 %
HTTPS

54 %
IPv6

10
Domains

15
Subdomains

14
IPs

3
Countries

2776 kB
Transfer

8223 kB
Size

7
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/en/what-is-behind-powered-by-cookiebot/
Title: Powered by Cookiebot

Search URL Search Domain Scan URL

URL: https://www.beeswax.com/cookies/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/goto/privacy-policy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.crazyegg.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.appnexus.com/corporate-privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://twitter.com/en/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.facebook.com/policy.php/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://documents.marketo.com/legal/cookies/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.stackadapt.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.thetradedesk.com/general/website-privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://wpengine.com/legal/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://netskopestage.wpengine.com/
Title: netskopestage.wpengine.com

Search URL Search Domain Scan URL

URL: https://go.netskope.com/
Title: go.netskope.com

Search URL Search Domain Scan URL

URL: https://netskope.com/
Title: netskope.com

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://resources.netskope.com/ebooks/designing-a-sase-architecture-for-dummies
Title: Get the eBook

Search URL Search Domain Scan URL

URL: https://docs.netskope.com/
Title: Product Documentation

Search URL Search Domain Scan URL

URL: https://community.netskope.com/
Title: Customer Community

Search URL Search Domain Scan URL

URL: https://support.netskope.com/
Title: Support Portal

Search URL Search Domain Scan URL

URL: https://trust.netskope.com/
Title: Trust Portal

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/Products/ct-p/Netskope_Solution_Discussions
Title: Product Discussion Forums

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/grouphubs/page
Title: Join a User Group

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/Events/ct-p/events
Title: Community Events

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/Inside-Netskope-Security/bd-p/Inside_Netskope
Title: Inside Netskope Security

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/Artificial-Intelligence-and/bd-p/AI-Machine-Learning
Title: AI and ML Forum

Search URL Search Domain Scan URL

URL: https://partners.netskope.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile%27

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=%20Evasive%20Phishing%20Campaign%20Steals%20Cloud%20Credentials%20Using%20Cloudflare%20R2%20and%20Turnstile%20@Netskope&url=https%3A%2F%2Fwww.netskope.com%2Fblog%2Fevasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile%27

Search URL Search Domain Scan URL

URL: https://github.com/fingerprintjs/BotD
Title: Fingerprint BotD

Search URL Search Domain Scan URL

URL: https://partners.netskope.com/English/
Title: Partner portal

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/netskope

Search URL Search Domain Scan URL

URL: https://twitter.com/netskope

Search URL Search Domain Scan URL

URL: https://www.instagram.com/netskope/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

61 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile Show response
www.netskope.com/blog/ 995 KB
135 KB 8362ms
8303ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

c1296196e167631e98e8288efa04ed0f01e6dd3ac077a56290ce1a7e8392f928

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: https://www.netskope.com
alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8589831578974528-TXL
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 20 Feb 2024 20:31:23 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://www.netskope.com/wp-json/>; rel="https://api.w.org/" <https://www.netskope.com/wp-json/wp/v2/posts/52906>; rel="alternate"; type="application/json" <https://www.netskope.com/?p=52906>; rel=shortlink
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: MISS
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
x-powered-by: WP Engine

GET
H2 200 29745d69a30aec94.js Show response
client-registry.mutinycdn.com/personalize/client/ 50 KB
16 KB 128ms
34ms Script
application/javascript 151.101.193.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://client-registry.mutinycdn.com/personalize/client/29745d69a30aec94.js
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.91 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2885a080ab1b2dedb3b38ffb73dba08a0917cf8a9b8739297366c5f65e94e58a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

x-amz-version-id: ORt2P6bPrFYkBPcBrtu9UASlhnU.4ACo
x-continent-code: EU
content-encoding: gzip
date: Tue, 20 Feb 2024 20:31:23 GMT
via: 1.1 varnish
x-edge-region: EU-East
x-amz-request-id: HB0VH8NM30MS21K2
age: 676
x-amz-server-side-encryption: AES256
x-cache: HIT
x-edge-datacenter: FRA
content-length: 16273
x-amz-id-2: YQBMx084WWHTGuhd2pEzYIZlW8HU8XarGXSMCmH+Xs5UYrfVGqdOLdzcRrFt2eim9MuuoUt77Bk=
x-served-by: cache-fra-eddf8230033-FRA
x-connection-speed: broadband
last-modified: Tue, 20 Feb 2024 13:51:33 GMT
server: AmazonS3
etag: "d7bcd8e697abf539033f76e31b195258"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: s-maxage=3600, max-age=0
vary: X-Continent-Code, Accept-Encoding
accept-ranges: bytes
x-country-code: DE
x-cache-hits: 1

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 109 KB
34 KB 134ms
46ms Script
application/javascript 2a02:26f0:3500:18::1724:a29d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 92f06f19786b23eef48cbd094d2c2716158a52fc7258250da0e8fdf4bf249fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date: Tue, 20 Feb 2024 20:31:23 GMT
content-encoding: gzip
last-modified: Mon, 05 Feb 2024 09:22:29 GMT
etag: "20d92bd71458da1:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=148
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 34339
expires: Tue, 20 Feb 2024 20:33:51 GMT

GET
H2 200 qualified.js Show response
js.qualified.com/ 638 KB
156 KB 630ms
536ms Script
text/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=n7t9Zf7nr8m6n2fF

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6aa476b0acca52ee5e7466a8a8358ee1fea59ff06d6ccfaf78a9650238d9014b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-encoding: gzip
via: 1.1 spaces-router (devel)
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: MISS
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: 870dd23d-c12f-48d0-0e73-a3bc7b81d7a9
pragma: no-cache
x-runtime: 0.026057
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"6aa476b0acca52ee5e7466a8a8358ee1"
x-download-options: noopen
vary: Accept,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 8589834b9869bfb7-WAW
expires: Wed, 21 Feb 2024 00:31:23 GMT

GET
H2 200 close-icon-dark-over-light.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 504 B
425 B 41ms
40ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/close-icon-dark-over-light.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6368b91686e9cdfa1ea54256c125a4e768173ae5c4d5d70ae6a3a92a8653190

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4420
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-1f8"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834a0e014528-TXL

GET
H2 200 netskope-logo-reverse.svg
www.netskope.com/wp-content/themes/netskope/images/v3/ 8 KB
3 KB 67ms
67ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/netskope-logo-reverse.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e0686135ec7cb7d0771d4e9374afc05027d7f466a2b37581f44ee2a4a8aaab8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4420
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 12 Dec 2023 06:11:27 GMT
server: cloudflare
etag: W/"6577f98f-204a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834a0e024528-TXL

GET
H2 200 logo.svg
www.netskope.com/wp-content/themes/netskope/images/v3/ 8 KB
3 KB 44ms
43ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/logo.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f14e99a3ff851e017534967b4b9d140802c549c9454179e78a553f0375b116f8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4419
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 12 Dec 2023 06:11:26 GMT
server: cloudflare
etag: W/"6577f98e-2089"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834a4eac4528-TXL

GET
H3 200 magnifying-glass-dark-over-light-default.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 409 B
544 B 41ms
40ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/magnifying-glass-dark-over-light-default.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dec46e3057bb9ae36cd2fa9c9d3b2f7469ba22aa97a025102f052b35de33eeb9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4419
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-199"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834a7ffe4534-TXL

GET
H3 200 language-chevron-down-dark-over-light.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 397 B
531 B 66ms
65ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/language-chevron-down-dark-over-light.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e440f379db04ed37fbacb7acb173978202bdfcb4c0ea7bbf9a6f13f4ec8acbf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4419
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-18d"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af8fb4534-TXL

GET
H3 200 menu-dark-over-light-default.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 391 B
493 B 80ms
78ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/menu-dark-over-light-default.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71a467e05943081c22e179f73b80ddabbf358c23f34220f52c4099c1844395c9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4418
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-187"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9034534-TXL

GET
H3 200 language-chevron-down-light-over-dark.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 394 B
530 B 40ms
38ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/language-chevron-down-light-over-dark.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6404635f1e5245f1ed344d0a9a06bd42ea764c505c7d928ded598c549867c327

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4418
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-18a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9064534-TXL

GET
H3 200 close-icon-light-over-dark.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 434 B
542 B 36ms
34ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/close-icon-light-over-dark.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

936eafa953d2486f6bb2022af7c4e7c814132ec5d8974178521ed7d7d9fc7c3f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4418
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-1b2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9094534-TXL

GET
H3 200 icon-facebook-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 607 B
665 B 259ms
257ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-facebook-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b0f827622efb7915d4a67230acf13cc60d72414d25293de918257b6a1323ee6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 28 Dec 2023 18:17:43 GMT
server: cloudflare
cf-cache-status: EXPIRED
content-encoding: br
etag: W/"658dbbc7-25f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af90a4534-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icon-facebook-hover-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 512 B
612 B 256ms
254ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-facebook-hover-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d606ddb5bc01e534364c40a559c9c6b60b77bc6763ffc71cf3e3caef95d0a49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 28 Dec 2023 18:17:47 GMT
server: cloudflare
cf-cache-status: EXPIRED
content-encoding: br
etag: W/"658dbbcb-200"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af90d4534-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icon-x-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 569 B
652 B 195ms
193ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-x-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d75c66c8f0a1c35348b6e2c24074824e3b0468bd338f65ff8f27dc884d2dbd38

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 28 Dec 2023 18:17:39 GMT
server: cloudflare
cf-cache-status: EXPIRED
content-encoding: br
etag: W/"658dbbc3-239"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af90e4534-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icon-x-hover-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 558 B
630 B 276ms
275ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-x-hover-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

268f77e3e45b55537a86e34225383555cfb5af4e8b7639a6fdc1f071344ddfee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 28 Dec 2023 18:17:36 GMT
server: cloudflare
cf-cache-status: EXPIRED
content-encoding: br
etag: W/"658dbbc0-22e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9114534-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icon-linkedin-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 627 B
684 B 571ms
569ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-linkedin-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b11ec7bc748f957b2327cfaf28b0e98a746a483d2d9474ecd9a7747264a3f8cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 28 Dec 2023 18:17:49 GMT
server: cloudflare
cf-cache-status: EXPIRED
content-encoding: br
etag: W/"658dbbcd-273"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9134534-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 icon-linkedin-hover-40x40-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 514 B
618 B 185ms
183ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-linkedin-hover-40x40-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ac74ddc84de6833afcfc6ca80844c79c27c44f1b5a8b423c3bfd976410c7b95

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 28 Dec 2023 18:17:52 GMT
server: cloudflare
cf-cache-status: EXPIRED
content-encoding: br
etag: W/"658dbbd0-202"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9144534-TXL
alt-svc: h3=":443"; ma=86400

GET
H3 200 resources-list.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 647 B
598 B 41ms
40ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/resources-list.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

479ed9cff91324f56cea70c1737c725c29865d0b6c3acd8ae60f437e9924e48e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4413
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-287"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9164534-TXL

GET
H3 200 resources-grid.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 645 B
617 B 46ms
45ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/resources-grid.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

526ca03d0ffef7dd9b4f1d4769eb6dd902a92f5a44b668aa507f2528935b113a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4413
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-285"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9184534-TXL

GET
H3 200 card-shape5.svg
www.netskope.com/wp-content/themes/netskope/dist/assets/images/ 3 KB
1 KB 63ms
61ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/assets/images/card-shape5.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a53f42b1a16d810c64140b8e704850bc798a12ffaf7ed158643517846fb1fa6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4403
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 12 Dec 2023 06:11:22 GMT
server: cloudflare
etag: W/"6577f98a-d2e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af91a4534-TXL

GET
H3 200 email-decode.min.js Show response
www.netskope.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
872 B 19ms
19ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 16 Feb 2024 14:40:03 GMT
server: cloudflare
etag: W/"65cf73c3-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 8589834a88304534-TXL
expires: Thu, 22 Feb 2024 20:31:23 GMT

GET
H2 200 E-v1.js Show response
fast.wistia.net/assets/external/ 778 KB
132 KB 99ms
28ms Script
text/javascript 2a04:4e42:400::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.net/assets/external/E-v1.js

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::644 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

de45fc8c009df32d2bb10c544fcbb904149bfb4d6902015ac7ada51c7bae870a

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 2011
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 134269
x-served-by: cache-iad-kjyo7100159-IAD, cache-fra-eddf8230031-FRA
x-browser-version: 121
last-modified: Tue, 20 Feb 2024 19:56:35 GMT
server: AmazonS3
x-timer: S1708461083.387484,VS0,VE0
etag: "661060bf1e2349268fda45076823c587"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: 4d235dc1851cfda47f87facbfe279ecc990e34c6
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 48, 2

GET
H3 200 icon-linkedin-56x56-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 564 B
653 B 43ms
42ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-linkedin-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

657493dcde82fd4f369f5b80e272de6cdeec5eb68d44738634816d20c8e41afa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4413
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Dec 2023 22:27:17 GMT
server: cloudflare
etag: W/"6584bbc5-234"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af91c4534-TXL

GET
H3 200 icon-linkedin-hover-56x56-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 502 B
602 B 38ms
37ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-linkedin-hover-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

03165c2a9725cdb822cfe4412cbf6ca0b547212758a9a3d32fca04deba5b1876

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4412
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Dec 2023 22:29:32 GMT
server: cloudflare
etag: W/"6584bc4c-1f6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af91e4534-TXL

GET
H3 200 icon-x-56x56-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 466 B
601 B 47ms
46ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-x-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5d4c3b4a76871754fb3f47fdbe125bc12dca9933139a06c806e9d91b0ba69bd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4412
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Dec 2023 22:30:22 GMT
server: cloudflare
etag: W/"6584bc7e-1d2"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9214534-TXL

GET
H3 200 icon-x-hover-56x56-1.svg
www.netskope.com/wp-content/uploads/2023/12/ 485 B
592 B 45ms
44ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/12/icon-x-hover-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

126eaa53ccf333133b8bce6072a653df6c67061087a6ff50ae19b1135b477f53

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4412
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 21 Dec 2023 22:31:10 GMT
server: cloudflare
etag: W/"6584bcae-1e5"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9244534-TXL

GET
H3 200 icon-instagram-56x56-1.svg
www.netskope.com/wp-content/uploads/2024/01/ 2 KB
1 KB 42ms
41ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2024/01/icon-instagram-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0d93d104b98be6a8824a435ff8d3065efd6e114be96b8e82368857f28657c34

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4412
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 29 Jan 2024 03:01:44 GMT
server: cloudflare
etag: W/"65b71518-6ea"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9264534-TXL

GET
H3 200 icon-instagram-hover-56x56-1.svg
www.netskope.com/wp-content/uploads/2024/01/ 2 KB
1 KB 61ms
60ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2024/01/icon-instagram-hover-56x56-1.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

33cf789ab1c5ecaf28b73e0c10b2e9eb2c33028fd4753f236c048603375b7e94

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4411
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 29 Jan 2024 03:01:46 GMT
server: cloudflare
etag: W/"65b7151a-71f"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9284534-TXL

GET
H3 200 autoptimize_ceb768af453c7310c3f47abaee9bf2ca.js Show response
www.netskope.com/wp-content/cache/autoptimize/js/ 1 MB
284 KB 263ms
262ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_ceb768af453c7310c3f47abaee9bf2ca.js

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa2bfb57267266c29dc5e96a499b56eed07cc743ca2ae60390b34541da8dba3c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Tue, 20 Feb 2024 19:46:49 GMT
server: cloudflare
cf-cache-status: EXPIRED
content-encoding: br
etag: W/"65d501a9-1154e6"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834af9294534-TXL
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 1920-White-Hero-Background.jpg
www.netskope.com/wp-content/uploads/2020/04/ 132 KB
132 KB 215ms
214ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2020/04/1920-White-Hero-Background.jpg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

20ac13832cf543d255fa733af28f1aa92a1cdb0d59fade560194ae124d0b93da

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: EXPIRED
alt-svc: h3=":443"; ma=86400
content-length: 134691
last-modified: Mon, 11 Dec 2023 14:46:39 GMT
server: cloudflare
etag: "657720cf-20e23"
vary: Accept, Accept-Encoding
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8589834b09304534-TXL
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 dark-breadcrumbs-chevron.svg
www.netskope.com/wp-content/themes/netskope/images/svg/ 419 B
528 B 36ms
36ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/svg/dark-breadcrumbs-chevron.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

356a0eb9e781db945428e35f6262936f8ff27dcebdec78414ec43da9b728d5d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4410
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 01 Jan 2024 23:35:23 GMT
server: cloudflare
etag: W/"65934c3b-1a3"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8589834b09354534-TXL

GET
H3 200 1920-cta-background.jpg
www.netskope.com/wp-content/uploads/2022/05/ 5 KB
6 KB 181ms
181ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2022/05/1920-cta-background.jpg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3570163585bac938916c6534b08bf93c4b1af8bfdacdac060ad7aa3884fb8cf8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: EXPIRED
alt-svc: h3=":443"; ma=86400
content-length: 5496
last-modified: Mon, 11 Dec 2023 14:55:16 GMT
server: cloudflare
etag: "657722d4-1578"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8589834b09374534-TXL
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Graphik-Regular.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 121 KB
121 KB 39ms
37ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Regular.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2d97ceaa48cf6574b5c9f91d3b43d7b4c3dcc0ab52379143c1e28144593e2f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4410
alt-svc: h3=":443"; ma=86400
content-length: 123672
last-modified: Tue, 12 Dec 2023 06:11:23 GMT
server: cloudflare
etag: "6577f98b-1e318"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8589834b093e4534-TXL

GET
H3 200 Graphik-Bold.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 128 KB
129 KB 88ms
87ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Bold.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4a9fd00f61dfc85e1e200efc6c3aa2d0e624be65aa5e7bd26b8e7fa2a28a12c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4410
alt-svc: h3=":443"; ma=86400
content-length: 131544
last-modified: Tue, 12 Dec 2023 06:11:23 GMT
server: cloudflare
etag: "6577f98b-201d8"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8589834b09404534-TXL

GET
H3 200 Graphik-Medium-Web.woff2
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 33 KB
33 KB 235ms
235ms Font
font/woff2 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Medium-Web.woff2

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b40e2981d50f54f5ec3df6fbacf3b328ed9b5f653485e4980dfefae02fb7b80

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: EXPIRED
alt-svc: h3=":443"; ma=86400
content-length: 33401
last-modified: Tue, 12 Dec 2023 06:11:23 GMT
server: cloudflare
etag: "6577f98b-8279"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8589834b09424534-TXL

GET
H3 200 Graphik-Semibold.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 127 KB
128 KB 105ms
105ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Semibold.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

da4a5e89a01b2570a9a81157bec8661348bfd80f3048f474354bf11f4ea2640e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
age: 4410
alt-svc: h3=":443"; ma=86400
content-length: 130516
last-modified: Tue, 12 Dec 2023 06:11:23 GMT
server: cloudflare
etag: "6577f98b-1fdd4"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8589834b09444534-TXL

GET
H2 200 bc-v4.min.html Show response
consentcdn.cookiebot.com/sdk/ Frame 9A69 627 B
812 B 117ms
29ms Document
text/html 2a02:26f0:480:4b6::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:4b6::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer: https://www.netskope.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=31512585
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 20 Feb 2024 20:31:23 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Wed, 19 Feb 2025 14:01:08 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1708461083449_1551582779_87448264_23_851_27_30_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 cc.js Show response
consent.cookiebot.com/4b140262-ec1c-4bad-9de3-68c17c1566cb/ 336 KB
88 KB 97ms
97ms Script
application/x-javascript 2a02:26f0:3500:18::1724:a29d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/4b140262-ec1c-4bad-9de3-68c17c1566cb/cc.js?renew=false&referer=www.netskope.com&dnt=false&init=false
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8a784756f0caf27efe8a838027abe758e892756c6bef6472c08bc6178d111693

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:23 GMT
content-encoding: gzip
last-modified: Tue, 20 Feb 2024 20:31:23 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: private, max-age=1200
cross-origin-resource-policy: cross-origin
content-length: 89316
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef

GET
DATA 200
OK truncated
/ 338 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cba0af6ded7d4daf9ab3ffd18fe667588edb8c5c3e3d427b2f3867596da382d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 293 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Evasive-Phishing-Campaign-1-768x759.png
www.netskope.com/wp-content/uploads/2023/08/ 216 KB
217 KB 227ms
227ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/08/Evasive-Phishing-Campaign-1-768x759.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f82f7e24e845c2edcebde3c55cc051bd4d781104958ea6b70ed34e05ae8aada

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:24 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-length: 221546
last-modified: Mon, 11 Dec 2023 14:38:31 GMT
server: cloudflare
etag: "65771ee7-3616a"
vary: Accept, Accept-Encoding
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 8589834eb9004534-TXL
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 teknkl-formsplus-1.0.5.js Show response
go.netskope.com/rs/665-KFP-612/images/ 41 KB
11 KB 553ms
234ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/rs/665-KFP-612/images/teknkl-formsplus-1.0.5.js?_=1708461083654

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_ceb768af453c7310c3f47abaee9bf2ca.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sat, 13 Jan 2024 03:07:34 GMT
server: cloudflare
etag: "3410f7-a291-60ecb150ff8f5"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 85898352ad31bf44-WAW
content-length: 11024
expires: Tue, 20 Feb 2024 20:32:24 GMT

GET
H2 200 1.gif
imgsct.cookiebot.com/ 35 B
478 B 145ms
145ms Image
image/gif 2a02:26f0:480:4b6::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=4b140262-ec1c-4bad-9de3-68c17c1566cb
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:4b6::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:24 GMT
x-guploader-uploadid: ABPtcPoWexo3jiVsr0aKdqD6b9ZNdIT0TUCdUgB-R19YNilG1MlCp7gwH6Lp1B57f8YPg7KrTONGlLEucQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 35
last-modified: Mon, 23 Oct 2023 11:39:32 GMT
server: UploadServer
etag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-generation: 1698061172769999
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public,max-age=1800
x-goog-stored-content-length: 35
accept-ranges: bytes
content-type: image/gif

POST
H3 200 admin-ajax.php Show response
www.netskope.com/wp-admin/ 30 B
518 B 1243ms
1243ms XHR
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-admin/admin-ajax.php?_r=1206444230

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_ceb768af453c7310c3f47abaee9bf2ca.js

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

101fbf5a0bb7a528da8e4efaa9d8a8f5ab76793f24dfb35ebca153bb3b76f38d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept: */*
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-powered-by: WP Engine
alt-svc: h3=":443"; ma=86400
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.netskope.com, https://www.netskope.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
cf-ray: 85898350ad6d4534-TXL
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 193ms
67ms Script
text/javascript 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?_=1708461083655

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_ceb768af453c7310c3f47abaee9bf2ca.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d1366169a5911b46848e8e9a44be326ccf46950c96be143a42145a17247aee06

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 20 Feb 2024 20:31:24 GMT

GET
H/1.1 200
OK messenger Show response
app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/ Frame F7EA 6 KB
3 KB 441ms
156ms Document
text/html 44.199.109.240
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=0e3e6443-3803-4a33-a1e5-bcbcbb4b1374

Requested by

Host: js.qualified.com
URL: https://js.qualified.com/qualified.js?token=n7t9Zf7nr8m6n2fF

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

44.199.109.240 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-109-240.compute-1.amazonaws.com

Software

Resource Hash

6685bce3a5a8634cd67bd245dfc367bb2d4d37b8a8bbcd5188269f67c4befeb1

Security Headers

Name	Value
Content-Security-Policy
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.netskope.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, private, must-revalidate
Content-Encoding: gzip
Content-Length: 1720
Content-Security-Policy
Content-Type: text/html; charset=utf-8
Date: Tue, 20 Feb 2024 20:31:25 GMT
Etag: W/"6685bce3a5a8634cd67bd245dfc367bb"
Link: <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 spaces-router (devel)
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
X-Request-Id: ee70c746-c999-e8c9-3354-8b93b6b81158
X-Runtime: 0.033766
X-Xss-Protection: 1; mode=block

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/ 492 KB
197 KB 176ms
56ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/yiNW3R9jkyLVP5-EEZLDzUtA/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?_=1708461083655

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f73b574d1f2ea3ca1551ec864077fa60535b48e64a20f39930d5bab098181f6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 09:15:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 40575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 201084
x-xss-protection: 0
last-modified: Mon, 12 Feb 2024 03:00:37 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 19 Feb 2025 09:15:10 GMT

GET
H2 200 forms2.min.js Show response
app-sj09.marketo.com/js/forms2/js/ 199 KB
67 KB 434ms
269ms Script
application/x-javascript 104.16.96.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1708461083656

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_ceb768af453c7310c3f47abaee9bf2ca.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.96.80 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
cf-cache-status: MISS
etag: "1a2eb2-31ad2-60e27d4627680"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 858983566a6910b9-CPH
expires: Wed, 21 Feb 2024 00:31:25 GMT

GET
H2 200 messenger-94e6eccc.chunk.css
assets.qualified.com/packs/css/vendors~widget/sandboxed/ Frame F7EA 35 KB
7 KB 64ms
48ms Stylesheet
text/css 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
x-amz-version-id: 4JAvuLIr4YIuUjn_OE4gni4RFlHADwkW
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 8VDR84JV5HDAXXGD
age: 4895
x-amz-server-side-encryption: AES256
x-amz-id-2: pWtcVlcHjHtUYt48G23F7Q2t35fZ+8cZHRqidgXYV8aFW90l5VBrS5XIxZ+MAUBhITm0jpLd31U=
last-modified: Wed, 31 Jan 2024 04:50:30 GMT
server: cloudflare
etag: W/"a788ecf510f83ee517cbaf79306145dd"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 858983575bffbfb7-WAW
expires: Wed, 21 Feb 2024 00:31:25 GMT

GET
H2 200 messenger-ea37ea0f.chunk.css
assets.qualified.com/packs/css/widget/sandboxed/ Frame F7EA 5 KB
1 KB 67ms
52ms Stylesheet
text/css 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
x-amz-version-id: Uvgaw5J3sSSSkeyeX2pSFIKIk.PdOIw7
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 6BHFS1G1ZPE6C5CK
age: 3417
x-amz-server-side-encryption: AES256
x-amz-id-2: boTrpRV4aIoC8R4WeXahvnbXwVwH8lCbl8txeycTbEkgFDsHYvyVHi8N7MtsdZtLphJaLpVohhQ=
last-modified: Fri, 01 Dec 2023 04:59:43 GMT
server: cloudflare
etag: W/"22d5f23e695250d3c5a5b1e76a015c5e"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 858983575c00bfb7-WAW
expires: Wed, 21 Feb 2024 00:31:25 GMT

GET
H2 200 messenger~runtime-3cc840d000eed43610b6.js Show response
assets.qualified.com/packs/js/widget/sandboxed/ Frame F7EA 2 KB
1 KB 65ms
53ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget/sandboxed/messenger~runtime-3cc840d000eed43610b6.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=0e3e6443-3803-4a33-a1e5-bcbcbb4b1374
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7eefb0efa5d3a37aedc9ec27f817241fd8998bedaf732cce1bb6b49f060691c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
x-amz-version-id: 3J_IpTVvcbk.usE0hnOhPz7zDFLKwBv1
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: P1ZGV4FJSQNMZHGH
age: 6543
x-amz-server-side-encryption: AES256
x-amz-id-2: OgK+5Ah3qcuSJBb+r0IcECmpWCcgS46LLDY8RH/qTTqMt6H9ayAWYRxj3NVoLAJvDGenta+1gbuW+rzFE+BmwQ==
last-modified: Thu, 08 Feb 2024 02:50:39 GMT
server: cloudflare
etag: W/"abd37240f3e07a2d2fecf9dd55bfdb45"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 858983575c03bfb7-WAW
expires: Wed, 21 Feb 2024 00:31:25 GMT

GET
H2 200 messenger-37a312c272c0510eaa42.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/ Frame F7EA 1 MB
367 KB 66ms
54ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-37a312c272c0510eaa42.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=0e3e6443-3803-4a33-a1e5-bcbcbb4b1374
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b007938dee162db8233e01d9567aba2274fcb45f1cf62a2615680ccb2b69e7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
x-amz-version-id: a7M1teWqPXrpgXek8eOg1u.ZQOWU3KHY
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: Y7AWA744YGH2JH1C
age: 7018
x-amz-server-side-encryption: AES256
x-amz-id-2: /rLQ+pyvEgScRnMSTeI81w90h6njYkS2fdRvxQiQ+lEBCEbYPLAbEXI4Fc2Y/D4ndfGhE2TgF6agu1GFvGKqhMakxOkpJmMK
last-modified: Sat, 03 Feb 2024 06:08:22 GMT
server: cloudflare
etag: W/"3e2a5ae3ef40f1d1488d7a432a95eafe"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 858983575c06bfb7-WAW
expires: Wed, 21 Feb 2024 00:31:25 GMT

GET
H2 200 messenger-6a68ac289d442a1d0df3.chunk.js Show response
assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/ Frame F7EA 930 KB
213 KB 56ms
56ms Script
application/javascript 2606:4700::6812:1105
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/widget/sandboxed/messenger-6a68ac289d442a1d0df3.chunk.js
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=0e3e6443-3803-4a33-a1e5-bcbcbb4b1374
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29fc6f21f55b8b8cdce0f370daee42a5f041f0e42f4a4dcdd9e19b17ca8010af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qualified.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
x-amz-version-id: kuq6wlLPFwzOc5wSpDaxSM.dVCcdnGm7
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 2S8VPC99A7MD4PXP
age: 1237
x-amz-server-side-encryption: AES256
x-amz-id-2: EGpmF89TsMZ4DJbWOn0sXYA+47IjE+o4tqCW0tegKxXi9EsO/yvOUDwrNCL1sS9Z1fxHbPnvCW3VMGSvor0e/Q==
last-modified: Wed, 14 Feb 2024 21:43:08 GMT
server: cloudflare
etag: W/"48089f9eb510c06d3662560771b1fcbe"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=14400
cf-ray: 85898357ac7fbfb7-WAW
expires: Wed, 21 Feb 2024 00:31:25 GMT

GET
H2 200 Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame F7EA 97 KB
97 KB 190ms
100ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-Regular-c8ba52b05a9ef10f47584d08ece2ec5c.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=0e3e6443-3803-4a33-a1e5-bcbcbb4b1374
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
x-amz-version-id: mVE_n7uzZBi.ZzLgz82KJy1ANBT8wWdi
cf-cache-status: HIT
x-amz-request-id: 2VGVMWBVG12ZFNH2
age: 9733628
x-amz-server-side-encryption: AES256
content-length: 98868
x-amz-id-2: fBnxAIF5f0/n5qTdY3ErDZthcFQPQ1TCf+73hax258olVrH+0Z3kNbcAZt8gDj6PSSzXnP0VMHY=
last-modified: Mon, 30 Oct 2023 21:53:00 GMT
server: cloudflare
etag: "dc131113894217b5031000575d9de002"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 85898357e9990020-WAW
expires: Thu, 20 Feb 2025 02:31:25 GMT

GET
H2 200 Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
assets.qualified.com/packs/media/fonts/inter/ Frame F7EA 103 KB
104 KB 152ms
62ms Font
font/woff2 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.qualified.com/packs/media/fonts/inter/Inter-SemiBold-b5f0f109bc88052d4000c58ca615671d.woff2
Requested by: Host: app.qualified.com
URL: https://app.qualified.com/w/1/n7t9Zf7nr8m6n2fF/messenger?uuid=0e3e6443-3803-4a33-a1e5-bcbcbb4b1374
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5

Request headers

Referer: https://app.qualified.com/
Origin: https://app.qualified.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
x-amz-version-id: weQn.JlTwInOYdT_yb.YMUx9jLMEy38O
cf-cache-status: HIT
x-amz-request-id: T3JZZ9FJS5DB619J
age: 8525309
x-amz-server-side-encryption: AES256
content-length: 105804
x-amz-id-2: 3XYbPidjr1TH0udFd+P9vJDkATtfOB61naaw/NU8nc+X0hghGesN5xYmBhqiu8MW3Nzuv9VEHWw=
last-modified: Tue, 14 Nov 2023 02:00:24 GMT
server: cloudflare
etag: "007ad31a53f4ab3f58ee74f2308482ce"
access-control-max-age: 3600
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: public, max-age=31557600
accept-ranges: bytes
cf-ray: 85898357e9970020-WAW
expires: Thu, 20 Feb 2025 02:31:25 GMT

POST
H2 200 / Show response
sentry.io/api/1332833/envelope/ Frame F7EA 2 B
324 B 296ms
144ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1332833/envelope/?sentry_key=b5158ee3382d49b28a864fb2b91bcaaf&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.11.1

Requested by

Host: assets.qualified.com
URL: https://assets.qualified.com/packs/js/widget-sandboxed-chunks/vendors~widget/sandboxed/messenger-37a312c272c0510eaa42.chunk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.qualified.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 20 Feb 2024 20:31:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 getForm Show response
go.netskope.com/index.php/form/ 17 KB
5 KB 831ms
822ms Script
application/javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.netskope.com/index.php/form/getForm?munchkinId=665-KFP-612&form=1953&url=https%3A%2F%2Fwww.netskope.com%2Fblog%2Fevasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile&callback=jQuery37105240175057096403_1708461085585&_=1708461085586
Requested by: Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1708461083656
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32df1a57fdc674fcf7039751f96265bc985ea58803e063c09feca6561c06c3d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:26 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-form-service-request-id: b489#18dc837546c
x-marketo-source: Form Service
cf-ray: 858983591c9bbf44-WAW
cached: false

GET
H2 200 forms2.css
go.netskope.com/js/forms2/css/ 13 KB
3 KB 256ms
248ms Stylesheet
text/css 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/css/forms2.css

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1708461083656

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
etag: "1a2ebc-3437-60e27d4627680"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8589835e4a12bf44-WAW
content-length: 2623
expires: Wed, 21 Feb 2024 00:31:26 GMT

GET
H2 200 forms2-theme-simple.css
go.netskope.com/js/forms2/css/ 826 B
421 B 240ms
232ms Stylesheet
text/css 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1708461083656

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:26 GMT
strict-transport-security: max-age=2592000;
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
cf-cache-status: REVALIDATED
etag: "1a2eb8-33a-60e27d4627680"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8589835e4a15bf44-WAW
content-length: 242
expires: Wed, 21 Feb 2024 00:31:26 GMT

GET
H2 200 XDFrame Show response
go.netskope.com/index.php/form/ Frame 54B1 2 KB
766 B 231ms
230ms Document
text/html 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/index.php/form/XDFrame

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1708461083656

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bddfc987ea51699d719251711334a03045ef0691faf81c225e6c208cbd5f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 85898360fd13bf44-WAW
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 20 Feb 2024 20:31:27 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 forms2.min.js Show response
go.netskope.com/js/forms2/js/ Frame 54B1 199 KB
66 KB 242ms
242ms Script
application/x-javascript 104.17.74.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/js/forms2.min.js

Requested by

Host: go.netskope.com
URL: https://go.netskope.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.74.206 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.netskope.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Tue, 20 Feb 2024 20:31:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Fri, 05 Jan 2024 00:21:30 GMT
server: cloudflare
etag: "4c1581-31ad2-60e27d4627680"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 858983627e43bf44-WAW
expires: Wed, 21 Feb 2024 00:31:27 GMT

GET 32ee0e68d7d667f40a5c443aea2f3ba5e1bc379b6c25b7f1151d8a6f9cf93c75.png
qualified-production.s3.us-east-1.amazonaws.com/uploads/ Frame F7EA 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: qualified-production.s3.us-east-1.amazonaws.com
URL: https://qualified-production.s3.us-east-1.amazonaws.com/uploads/32ee0e68d7d667f40a5c443aea2f3ba5e1bc379b6c25b7f1151d8a6f9cf93c75.png

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.netskope.com/	1970-01-20 18:34:22	Name: __cf_bm Value: NBwPnCnaYMbNMD_f7fc0IRZsTypNMKF_MrxUmVGcyK0-1708461083-1.0-AfkfqzBBMVAd9NNsEUkoE7tllitdxVakXjYTIq1BcV9pbt7LoMN0f+rasAqxNGY9RHR+WY/e8Q6C2MLSYw8MH0U=
www.netskope.com/	1970-01-21 03:19:57	Name: cookie_banner_closed Value: 1
.netskope.com/	1970-01-21 04:10:21	Name: __q_state_n7t9Zf7nr8m6n2fF Value: eyJ1dWlkIjoiMGUzZTY0NDMtMzgwMy00YTMzLWExZTUtYmNiY2JiNGIxMzc0IiwiY29va2llRG9tYWluIjoibmV0c2tvcGUuY29tIn0=
.go.netskope.com/	1970-01-20 18:34:22	Name: __cf_bm Value: JwOPyQLUYLy8Pha4xsdVWr5VSUmamLPCk2u9N7FKATQ-1708461084-1.0-ASBbrGsm9NyYkVDUTt9LpptpyPLOuW0ftg7jLRPQuOVKhXVdTZw74aL9YXNJIVEXyOoWe47QogM1K3xNA4llV6k=
.app-sj09.marketo.com/	1970-01-20 18:34:22	Name: __cf_bm Value: wZNo4_koU27mFaIZ5DGjLb.3FAQVPzIlBlaaMSHrQ7s-1708461085-1.0-Ae2pST0LFiwLwtGeAN/d51AeCoUZX+W8A6LjJgGsfgnPKZuN0sIAEZ6uMM54bXCd618+xbJ/zvflffZTh91luxU=
www.netskope.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8b4cda8035ddbc7c1abf4342c59afc14
go.netskope.com/	1969-12-31 23:59:59	Name: BIGipServersj09web-nginx-app_https Value: !O+Jb4elvCx7sUjVzLZqvSn7MxZbkrXLZv/bVbbamoccITjvxP6RlbgHm1t0aoa4v+Q18P9dYiLFwPQ==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-sj09.marketo.com
app.qualified.com
assets.qualified.com
client-registry.mutinycdn.com
consent.cookiebot.com
consentcdn.cookiebot.com
fast.wistia.net
go.netskope.com
imgsct.cookiebot.com
js.qualified.com
qualified-production.s3.us-east-1.amazonaws.com
sentry.io
www.google.com
www.gstatic.com
www.netskope.com
qualified-production.s3.us-east-1.amazonaws.com
104.16.96.80
104.17.74.206
141.193.213.21
151.101.193.91
2606:4700::6812:1005
2606:4700::6812:1105
2a00:1450:4001:80b::2004
2a00:1450:4001:80e::2003
2a02:26f0:3500:18::1724:a29d
2a02:26f0:480:4b6::f09
2a04:4e42:400::644
35.186.247.156
44.199.109.240
03165c2a9725cdb822cfe4412cbf6ca0b547212758a9a3d32fca04deba5b1876
0f82f7e24e845c2edcebde3c55cc051bd4d781104958ea6b70ed34e05ae8aada
101fbf5a0bb7a528da8e4efaa9d8a8f5ab76793f24dfb35ebca153bb3b76f38d
126eaa53ccf333133b8bce6072a653df6c67061087a6ff50ae19b1135b477f53
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
1cba0af6ded7d4daf9ab3ffd18fe667588edb8c5c3e3d427b2f3867596da382d
20ac13832cf543d255fa733af28f1aa92a1cdb0d59fade560194ae124d0b93da
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
268f77e3e45b55537a86e34225383555cfb5af4e8b7639a6fdc1f071344ddfee
2885a080ab1b2dedb3b38ffb73dba08a0917cf8a9b8739297366c5f65e94e58a
29fc6f21f55b8b8cdce0f370daee42a5f041f0e42f4a4dcdd9e19b17ca8010af
32df1a57fdc674fcf7039751f96265bc985ea58803e063c09feca6561c06c3d5
33cf789ab1c5ecaf28b73e0c10b2e9eb2c33028fd4753f236c048603375b7e94
356a0eb9e781db945428e35f6262936f8ff27dcebdec78414ec43da9b728d5d7
3570163585bac938916c6534b08bf93c4b1af8bfdacdac060ad7aa3884fb8cf8
37bddfc987ea51699d719251711334a03045ef0691faf81c225e6c208cbd5f21
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
479ed9cff91324f56cea70c1737c725c29865d0b6c3acd8ae60f437e9924e48e
4ac74ddc84de6833afcfc6ca80844c79c27c44f1b5a8b423c3bfd976410c7b95
4b40e2981d50f54f5ec3df6fbacf3b328ed9b5f653485e4980dfefae02fb7b80
4e440f379db04ed37fbacb7acb173978202bdfcb4c0ea7bbf9a6f13f4ec8acbf
526ca03d0ffef7dd9b4f1d4769eb6dd902a92f5a44b668aa507f2528935b113a
5d606ddb5bc01e534364c40a559c9c6b60b77bc6763ffc71cf3e3caef95d0a49
6404635f1e5245f1ed344d0a9a06bd42ea764c505c7d928ded598c549867c327
657493dcde82fd4f369f5b80e272de6cdeec5eb68d44738634816d20c8e41afa
6685bce3a5a8634cd67bd245dfc367bb2d4d37b8a8bbcd5188269f67c4befeb1
6aa476b0acca52ee5e7466a8a8358ee1fea59ff06d6ccfaf78a9650238d9014b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ec35ab99388f6afab345622a22772619b83b7d63705d98df3c404da782fcabb
71a467e05943081c22e179f73b80ddabbf358c23f34220f52c4099c1844395c9
731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
7a53f42b1a16d810c64140b8e704850bc798a12ffaf7ed158643517846fb1fa6
7b0f827622efb7915d4a67230acf13cc60d72414d25293de918257b6a1323ee6
7eefb0efa5d3a37aedc9ec27f817241fd8998bedaf732cce1bb6b49f060691c1
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
8a784756f0caf27efe8a838027abe758e892756c6bef6472c08bc6178d111693
8e0686135ec7cb7d0771d4e9374afc05027d7f466a2b37581f44ee2a4a8aaab8
92f06f19786b23eef48cbd094d2c2716158a52fc7258250da0e8fdf4bf249fb7
936eafa953d2486f6bb2022af7c4e7c814132ec5d8974178521ed7d7d9fc7c3f
9b007938dee162db8233e01d9567aba2274fcb45f1cf62a2615680ccb2b69e7a
a0d93d104b98be6a8824a435ff8d3065efd6e114be96b8e82368857f28657c34
b11ec7bc748f957b2327cfaf28b0e98a746a483d2d9474ecd9a7747264a3f8cc
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
be64da47ffc5fc1e40ba8205a0974330a76815e151e84ba365a750a7c96f1d1d
c1296196e167631e98e8288efa04ed0f01e6dd3ac077a56290ce1a7e8392f928
c5d4c3b4a76871754fb3f47fdbe125bc12dca9933139a06c806e9d91b0ba69bd
d1366169a5911b46848e8e9a44be326ccf46950c96be143a42145a17247aee06
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
d75c66c8f0a1c35348b6e2c24074824e3b0468bd338f65ff8f27dc884d2dbd38
da4a5e89a01b2570a9a81157bec8661348bfd80f3048f474354bf11f4ea2640e
de45fc8c009df32d2bb10c544fcbb904149bfb4d6902015ac7ada51c7bae870a
dec46e3057bb9ae36cd2fa9c9d3b2f7469ba22aa97a025102f052b35de33eeb9
e4a9fd00f61dfc85e1e200efc6c3aa2d0e624be65aa5e7bd26b8e7fa2a28a12c
e6368b91686e9cdfa1ea54256c125a4e768173ae5c4d5d70ae6a3a92a8653190
eb3487cae40a55bf31dc6e6191ab0d88ec8c8f85c62bf28ad25ad0a40c16a611
f14e99a3ff851e017534967b4b9d140802c549c9454179e78a553f0375b116f8
f2d97ceaa48cf6574b5c9f91d3b43d7b4c3dcc0ab52379143c1e28144593e2f1
f73b574d1f2ea3ca1551ec864077fa60535b48e64a20f39930d5bab098181f6c
fa2bfb57267266c29dc5e96a499b56eed07cc743ca2ae60390b34541da8dba3c

www.netskope.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

61 Requests

98 %HTTPS

54 %IPv6

10 Domains

15 Subdomains

14 IPs

3 Countries

2776 kBTransfer

8223 kBSize

7 Cookies

37 Outgoing links

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.netskope.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

98 %
HTTPS

54 %
IPv6

10
Domains

15
Subdomains

14
IPs

3
Countries

2776 kB
Transfer

8223 kB
Size

7
Cookies

61 HTTP transactions
3 data transactions