www.varonis.com Open in urlscan Pro
45.60.154.169 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.varonis.com/blog/power-automate-data-exfiltration
Submission: On October 04 via api (October 4th 2023, 2:13:36 pm UTC) from DE — Scanned from DE

Summary HTTP 183 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 48 IPs in 3 countries across 38 domains to perform 183 HTTP transactions. The main IP is 45.60.154.169, located in United States and belongs to INCAPSULA, US. The main domain is www.varonis.com. The Cisco Umbrella rank of the primary domain is 539348.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2023 Q3 on August 30th 2023. Valid for: 6 months.

This is the only time www.varonis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
50	45.60.154.169 45.60.154.169	19551 (INCAPSULA) (INCAPSULA)
3	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
30	2606:4700::68... 2606:4700::6810:70d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
3	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6811:c060	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
4	2606:4700:440... 2606:4700:4400::ac40:9284	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:f8a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4cba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
4	152.195.15.58 152.195.15.58	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6810:bd59	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:4341	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	3.124.54.211 3.124.54.211	16509 (AMAZON-02) (AMAZON-02)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
10	2.17.100.193 2.17.100.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.32.121.31 13.32.121.31	16509 (AMAZON-02) (AMAZON-02)
2 3	185.89.210.82 185.89.210.82	29990 (ASN-APPNEX) (ASN-APPNEX)
1	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	104.244.42.72 104.244.42.72	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
2	54.147.237.138 54.147.237.138	14618 (AMAZON-AES) (AMAZON-AES)
1 4	100.24.225.40 100.24.225.40	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:710... 2a02:26f0:7100::5f64:87d0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	35.156.227.238 35.156.227.238	16509 (AMAZON-02) (AMAZON-02)
2 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:400c:c07::9a	15169 (GOOGLE) (GOOGLE)
3	52.222.236.102 52.222.236.102	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6810:890f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
183	48

50 45.60.154.169 (United States)

ASN19551 (INCAPSULA, US)

www.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
info.varonis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2606:4700::6810:70d1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

plausible.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c060 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:9284 (United States)

ASN13335 (CLOUDFLARENET, US)

142972.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f8a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4cba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 152.195.15.58 (United States)

ASN15133 (EDGECAST, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.bizibly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:bd59 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4341 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.124.54.211 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-54-211.eu-central-1.compute.amazonaws.com

tags.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-31.fra60.r.cloudfront.net

trackit.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.89.210.82 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.72 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.147.237.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-237-138.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 100.24.225.40 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-225-40.compute-1.amazonaws.com

c2.ktxlytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::5f64:87d0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.227.238 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-227-238.eu-central-1.compute.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.222.236.102 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-102.fra56.r.cloudfront.net

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:890f (United States)

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	varonis.com www.varonis.com — Cisco Umbrella Rank: 539348 info.varonis.com	4 MB
30	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 20014	64 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 14010 c.6sc.co — Cisco Umbrella Rank: 19472 ipv6.6sc.co — Cisco Umbrella Rank: 14550 b.6sc.co — Cisco Umbrella Rank: 7792	19 KB
11	google.com cse.google.com — Cisco Umbrella Rank: 4999 www.google.com — Cisco Umbrella Rank: 11 clients1.google.com — Cisco Umbrella Rank: 659 region1.analytics.google.com — Cisco Umbrella Rank: 2225	176 KB
6	stackadapt.com tags.srv.stackadapt.com — Cisco Umbrella Rank: 4568	11 KB
5	ktxlytics.io 1 redirects trackit.ktxlytics.io — Cisco Umbrella Rank: 80737 c2.ktxlytics.io — Cisco Umbrella Rank: 59470	99 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 96 region1.google-analytics.com — Cisco Umbrella Rank: 1878	22 KB
5	linkedin.com 2 redirects platform.linkedin.com — Cisco Umbrella Rank: 7471 px.ads.linkedin.com — Cisco Umbrella Rank: 830 px4.ads.linkedin.com — Cisco Umbrella Rank: 7048	163 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 4608	203 KB
4	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1600 syndication.twitter.com — Cisco Umbrella Rank: 1900 analytics.twitter.com — Cisco Umbrella Rank: 1065	132 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 229	176 KB
4	hubspotusercontent-na1.net 142972.fs1.hubspotusercontent-na1.net	186 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 23579	3 KB
3	google.de www.google.de — Cisco Umbrella Rank: 3974	625 B
3	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 806 ib.adnxs.com — Cisco Umbrella Rank: 360	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 691	14 KB
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 25762 scout.salesloft.com — Cisco Umbrella Rank: 30841	4 KB
3	bizible.com cdn.bizible.com — Cisco Umbrella Rank: 13961	26 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 stats.g.doubleclick.net — Cisco Umbrella Rank: 175	2 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	290 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	10 KB
2	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 10820	2 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 23716	743 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1593	19 KB
2	hubspot.com app.hubspot.com — Cisco Umbrella Rank: 10205 track.hubspot.com — Cisco Umbrella Rank: 4798	2 KB
2	plausible.io plausible.io — Cisco Umbrella Rank: 15933	2 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	185 B
1	t.co t.co — Cisco Umbrella Rank: 707	378 B
1	bizibly.com cdn.bizibly.com — Cisco Umbrella Rank: 22453	203 B
1	reddit.com alb.reddit.com — Cisco Umbrella Rank: 2076	637 B
1	adsrvr.org insight.adsrvr.org — Cisco Umbrella Rank: 964	149 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1078	15 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 4897	1 KB
1	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1759	8 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 4629	21 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 10102	22 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 12088	6 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	1 KB
183	38

	Domain	Requested by
41	info.varonis.com	www.varonis.com cdn2.hubspot.net
30	cdn2.hubspot.net	www.varonis.com
9	www.varonis.com	www.varonis.com js.usemessages.com
8	b.6sc.co	www.varonis.com
6	tags.srv.stackadapt.com	www.varonis.com tags.srv.stackadapt.com cdn.bizible.com
6	www.google.com	cse.google.com www.varonis.com
4	c2.ktxlytics.io	1 redirects cdn.bizible.com www.varonis.com
4	js.hs-banner.com	www.varonis.com js.hs-banner.com
4	connect.facebook.net	www.varonis.com connect.facebook.net
4	142972.fs1.hubspotusercontent-na1.net	cdn2.hubspot.net
3	js.zi-scripts.com	www.varonis.com js.zi-scripts.com
3	px.ads.linkedin.com	2 redirects cdn.bizible.com
3	www.google.de	www.varonis.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.varonis.com
3	cdn.bizible.com	www.googletagmanager.com www.varonis.com cdn.bizible.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com cdn.bizible.com
3	www.googletagmanager.com	www.varonis.com www.googletagmanager.com www.google-analytics.com
3	cse.google.com	www.varonis.com www.google.com
3	cdnjs.cloudflare.com	www.varonis.com
2	ws.zoominfo.com	js.zi-scripts.com
2	stats.g.doubleclick.net	cdn.bizible.com www.googletagmanager.com
2	epsilon.6sense.com	cdn.bizible.com
2	scout.salesloft.com	cdn.bizible.com
2	region1.google-analytics.com	www.googletagmanager.com
2	secure.adnxs.com	1 redirects www.varonis.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	platform.twitter.com	www.varonis.com platform.twitter.com
2	plausible.io	www.varonis.com plausible.io
1	track.hubspot.com
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.varonis.com
1	www.facebook.com	www.varonis.com
1	ipv6.6sc.co	cdn.bizible.com
1	c.6sc.co	cdn.bizible.com
1	ib.adnxs.com	1 redirects
1	analytics.twitter.com	www.varonis.com
1	t.co	www.varonis.com
1	clients1.google.com	www.varonis.com
1	syndication.twitter.com	platform.twitter.com
1	cdn.bizibly.com	www.varonis.com
1	alb.reddit.com	www.varonis.com
1	insight.adsrvr.org	www.varonis.com
1	trackit.ktxlytics.io	www.varonis.com
1	j.6sc.co	www.varonis.com
1	static.ads-twitter.com	www.varonis.com
1	scout-cdn.salesloft.com	www.varonis.com
1	js.hs-scripts.com	www.googletagmanager.com
1	www.redditstatic.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	app.hubspot.com	www.varonis.com
1	js.hs-analytics.net	www.varonis.com
1	js.usemessages.com	www.varonis.com
1	static.hsappstatic.net	www.varonis.com
1	platform.linkedin.com	www.varonis.com
1	fonts.googleapis.com	www.varonis.com
183	55

This site contains links to these domains. Also see Links.

Domain
info.varonis.com
ir.varonis.com
brand.varonis.com
my.varonis.com
aws.amazon.com
azuremarketplace.microsoft.com
varonis.com
docs.microsoft.com
medium.com
www.darkreading.com
www.vectra.ai
www.linkedin.com
www.reddit.com
www.facebook.com
twitter.com
www.instagram.com

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-30` - `2024-02-26`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
plausible.io R3	`2023-09-16` - `2023-12-15`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-05-17` - `2024-05-16`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-09-30` - `2024-09-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-13` - `2023-10-11`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-25` - `2024-02-21`	6 months	crt.sh
io.bizible.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-06-01` - `2024-07-01`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-20` - `2024-04-18`	a year	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M02	`2023-09-09` - `2024-10-07`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
6sc.co R3	`2023-08-19` - `2023-11-17`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
*.ktxlytics.io Amazon RSA 2048 M02	`2023-06-19` - `2024-07-16`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-01` - `2024-02-28`	6 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
www.google.de GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-06-02` - `2023-12-02`	6 months	crt.sh
*.google.de GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
js.zi-scripts.com Amazon RSA 2048 M03	`2023-09-17` - `2024-10-16`	a year	crt.sh
zoominfo.com Cloudflare Inc ECC CA-3	`2023-04-04` - `2024-04-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.varonis.com/blog/power-automate-data-exfiltration
Frame ID: FE43C41FB1F00DD2447CE01E660E298B
Requests: 178 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.varonis.com
Frame ID: 15510D4A392A340D998CB5A7BCB89674
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Using Power Automate for Covert Data Exfiltration in Microsoft 365search

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Plausible (Analytics) Expand

Overall confidence: 100%
Detected patterns

plausible\.io/js/plausible\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

183
Requests

98 %
HTTPS

64 %
IPv6

38
Domains

55
Subdomains

48
IPs

3
Countries

5570 kB
Transfer

8505 kB
Size

59
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://info.varonis.com/en/price-quote-request?hsLang=en
Title: Request a quote

Search URL Search Domain Scan URL

URL: https://info.varonis.com/resource/t1/research-report/forrester-tei-study-2020?hsLang=en
Title: Measurable ROI

Search URL Search Domain Scan URL

URL: https://ir.varonis.com/
Title: Investor relations

Search URL Search Domain Scan URL

URL: https://brand.varonis.com/?hsLang=en
Title: Brand

Search URL Search Domain Scan URL

URL: https://my.varonis.com/Login
Title: Partner portal

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/pp/prodview-rwnjb5nrlmnx6?sr=0-1&ref_=beagle&applicationId=AWSMPContessa
Title: Buy on AWS marketplace

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.varonis-dsp?tab=overview
Title: Buy on Azure marketplace

Search URL Search Domain Scan URL

URL: https://my.varonis.com/login
Title: Community

Search URL Search Domain Scan URL

URL: https://info.varonis.com/securityfwd?hsLang=en
Title: SecurityFWD

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/demo-request?hsLang=en
Title: Get started

Search URL Search Domain Scan URL

URL: https://varonis.com/blog
Title: Blog

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/power-platform/admin/block-forwarded-email-from-power-automate
Title: https://docs.microsoft.com/en-us/power-platform/admin/block-forwarded-email-from-power-automate

Search URL Search Domain Scan URL

URL: https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
Title: https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138

Search URL Search Domain Scan URL

URL: https://www.darkreading.com/application-security/hidden-dangers-of-microsoft-365-s-power-automate-and-ediscovery-tools
Title: https://www.darkreading.com/application-security/hidden-dangers-of-microsoft-365-s-power-automate-and-ediscovery-tools

Search URL Search Domain Scan URL

URL: https://www.vectra.ai/learning/power-automate
Title: https://www.vectra.ai/learning/power-automat

Search URL Search Domain Scan URL

URL: https://info.varonis.com/en/great-saas-data-exposure-report?hsLang=en
Title: Download our free report

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&title=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365
Title: LinkedIn,

Search URL Search Domain Scan URL

URL: http://www.reddit.com/submit?url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&title=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365
Title: Reddit,

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration
Title: Facebook.

Search URL Search Domain Scan URL

URL: https://aws.amazon.com/marketplace/seller-profile?id=6ff5d0ae-b146-412d-b78a-d54d7e6a841a
Title: Buy on AWS marketplace

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/varonis.varonis-dsp?tab=overview&exp=ubp8
Title: Buy on Azure marketplace

Search URL Search Domain Scan URL

URL: https://www.facebook.com/VaronisSystems/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/varonis

Search URL Search Domain Scan URL

URL: https://twitter.com/varonis

Search URL Search Domain Scan URL

URL: https://www.instagram.com/varonislife/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 118

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=833645257 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D833645257

Request Chain 144

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=8774940407839765704 HTTP 302
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=8774940407839765704&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

Request Chain 160

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1696428809788&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1696428809788&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&cookiesTest=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1696428809788&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&cookiesTest=true&e_ipv6=AQLwkuvA4dzZFwAAAYr7CWAGap44L7-NgPYjlHmxGYrzzMHAKNYISO3kA9_UX-SJqRzT274-

183 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request power-automate-data-exfiltration Show response
www.varonis.com/blog/ 210 KB
53 KB 274ms
208ms Document
text/html 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f8a6ba9454c6b2c6745f52a84861a7ec34586cd90dfda729484f2fabd65e7c3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 810e0691ada1bb8f-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 04 Oct 2023 14:13:28 GMT
edge-cache-tag: CT-106309124751,CT-65326053274,CT-66268097107,CT-66273490760,CT-66469717370,CT-66547768082,CG-740355147,P-142972,CW-104582894481,CW-114784368718,CW-115642542216,CW-115948073012,CW-115948073023,CW-125777074029,CW-60280511003,CW-71662020467,CW-87397221683,CW-87930956413,CW-87944291354,CW-96126751858,CW-97266453797,E-100805726527,E-106410557973,E-108364953711,E-114794918156,E-115634408573,E-60279793823,E-60280511142,E-60281971978,E-60281971998,E-60281972084,E-73655310759,E-80785228186,E-87927120033,E-98046358057,MENU-87776709421,RA-60280510996,PGS-ALL,SW-2,B-740355147,GC-100803005043,GC-115636626695,GC-115977342816,GC-125774591019,GC-135490609319,GC-80785228207,GC-87929337765,GC-87930955017,GC-87944143779,TS-60284153915
etag: W/"83983dd0652fe62dcfebb45909281ba2"
last-modified: Wed, 04 Oct 2023 02:52:42 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2BXdiJheUNifpLCfLXfkDtHEBGZ8ZDrXVv6Ah2JHBPrROr7jxprWgVbEgIn1b0zbJ8NJhLzGAeoAAkoWXPoodDiEvlwqb%2BNLBSeQjW2IssFkizTZUQyAZBbTN4tokPznmg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cdn: Imperva
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 65326053274
x-hs-https-only: worker
x-hs-hub-id: 142972
x-hs-prerendered: Wed, 04 Oct 2023 02:52:42 GMT
x-iinfo: 7-102224749-102224754 NNNN CT(1 8 0) RT(1696428807335 44) q(0 0 0 0) r(2 2) U24

GET
H2 200 index.js Show response
www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 46ms
45ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 a914ae2afc6a4cecb4160376b03ff6a2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 14338092
x-amz-cf-pop: PHL51-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 7-102224749-102224791 NNNY CT(2 27 0) RT(1696428807335 246) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOWkV%2BKWg6l875lcaIhTsSEIJgk2LEPE9AHIYSShMtMHw3ZNUvViOmYsg2UDEUBIJLDLXXpDBDVhHycotrFcjr98BKtHxq%2BYWshzgeRWPSo3i3rlFtwow5HIkFNIGQTdeA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 810e0692da5837f0-FRA
x-amz-cf-id: h_4sSAtPY7GVmPxJSp7-QXxXADs-gUfRFEMOL17VMTRDtoxsLcvrzw==
expires: Thu, 03 Oct 2024 14:13:28 GMT

GET
H2 200 project.js Show response
www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 76ms
76ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 17121903
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 7-102224749-102224793 NNNY CT(1 23 0) RT(1696428807335 251) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CLiZTaZVmzfumnpifGGRSCZoIcUxUfSdO42tus54ZsM0ZNBtEFWPw00rzlYIHy9C30EVkpIdnodEw7%2BYn6TCmJXSzOcQtdjurFpr2MIfhScpSSKI7XfJe1rJbpR4%2BUl6DA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 810e0692e916085b-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Thu, 03 Oct 2024 14:13:28 GMT

GET
H2 200 prism-okaidia.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/ 1 KB
1 KB 39ms
14ms Stylesheet
text/css 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/themes/prism-okaidia.min.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf31d510ed313a8566d08e9b4fdbf94a0a51b35718372bc4bc75d6ff5c8282a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 7153018
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 518
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-206"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A2pKLKah6JHqUoS1XlvCNiYZX4X2y3UGut0RqJa1E1xfZslkKXwmxsEKwyL8hPyCZ3Lc%2BSQlmKZhVr5LD%2Fi1VsQcAoAs1GgYGxduhcdSXeCNFMj1rju0uFrOJfMs9mZlX79zg77FYxirenD2hUSdgRI9"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810e0692ff001909-FRA
expires: Mon, 23 Sep 2024 14:13:28 GMT

GET
H2 200 jquery-1.11.2.js Show response
www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 48ms
44ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 c2e56cd54e2593df95ccca8a6d98c958.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 21206053
x-amz-cf-pop: FRA56-P2
x-amz-version-id: null
content-encoding: br
x-cache: Miss from cloudfront
x-iinfo: 7-102224749-102224795 NNNY CT(1 17 0) RT(1696428807335 256) q(0 0 0 -1) r(1 1) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W0ANPkD7atS1lMdTp5whqssc%2B5sq%2Br5P8bV%2FrFd4QOFGa8BuAz8iuPMOHSCdNaJU%2Br81%2FztGg9LDIfoNXpI0d3QAwpCyFSeZZ4PzCl%2BW0zlsUC%2BnwB5XCpZdm%2BZYNFoqTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 810e0692eefb1981-FRA
x-amz-cf-id: 2itFIwpFqcwugqJAKrutn7H9XnbO0ihR4doKhcgYCL3Or305C22YOg==
expires: Thu, 03 Oct 2024 14:13:28 GMT

GET
H2 200 blog-no-code-styles.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/ 46 KB
8 KB 101ms
58ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ed2a2edca25cc1dd846e20cab22088d9c5b7991f52ff78f8ed21930fe92ad46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 1007228
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"ee303a3eadd35fd691e5a50c469af706"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779172809
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b27d4992-aadf-4ddf-b76a-5ba4028c6587
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: b27d4992-aadf-4ddf-b76a-5ba4028c6587
last-modified: Fri, 11 Aug 2023 18:39:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eo5K%2FTMXWMJXMTyIv5nOiTF3iQRVz33qTyiyuY8kRsne0QGXtkL1QQYJTXpb2ZNIstDTQkxwvlZvuTVzD6Kj%2BRO%2BKHZWl7Kc7aApgCd9ChRH%2BoRAVfYDSinrBt6UqLFYXzjLB354t4U%2FYMqq2TA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 810e069318f85d8d-FRA

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
1 KB 146ms
46ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Mono:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7c0fbbadde40aed1e86f4c46ea2fc1a26749994e48dc90a5bce7fd466712d99e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 13:54:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 04 Oct 2023 14:13:28 GMT

GET
H2 200 main.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1695856274102/hook-www-varonis/css/ 96 KB
18 KB 102ms
60ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1695856274102/hook-www-varonis/css/main.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ec16d96c6c70330ca6b4146cc1ddc555280de4b5b9f5499a94cc863481484a56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 567114
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"842c5806dd5869ad9144dbb00692fedc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1695856275272
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 424c1ffe-3bc0-43aa-82f3-e7807a051beb
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 170
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 424c1ffe-3bc0-43aa-82f3-e7807a051beb
last-modified: Wed, 27 Sep 2023 23:11:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJJs20ZxGoQ7Q%2BUC53T7JwNRk66vkuuQuq2lQ7eMI9CAyDdrbTQiP1%2FsxDjkV2SOMV90mq68BROerg1z52XMrwWON0R4eS%2FvEOY%2BjxDmOcqHcpfs2ZP887JyTb1%2BDJOV4%2FeYu%2B7WbhdN4jIqNR8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-5d748dcd7c-cwmpg
cf-ray: 810e069318f95d8d-FRA

GET
H2 200 fonts.min.css
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/ 2 KB
774 B 84ms
41ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971978/1681414273295/hook-www-varonis/css/fonts.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 649557
x-amz-cf-pop: IAD55-P4
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 147
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 70405339-9c47-432a-a6e3-127db0f121f9
last-modified: Thu, 13 Apr 2023 19:31:15 GMT
server: cloudflare
etag: W/"97e878d1ce8d38d99c26c5232d3e6c7a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681414274070
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IWmgwFYUIHcZYkOW4xayffRwb6YSvQfOG4V3g0e%2F2cF0C4jPXwIxW3fZsN1njsgiE%2BudrfBFIhlifHs9yc54vI%2FpRczWaeIi1trccD6gJ98pjnjR3XE9WlDAyMs70QpxKqP0Y%2Fdi%2Fto1oBSCWOY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8497bd8f5f-krwdx
cf-ray: 810e069318fd5d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_71662020467_Announcement_Banner.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114924139/ 1 KB
776 B 88ms
46ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114924139/module_71662020467_Announcement_Banner.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ffd7ab24503a28bb9eb6137b4d1e1664ed138dca5d1ced6d1a98ff841a24541

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 649557
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 30 Jan 2023 21:42:05 GMT
server: cloudflare
etag: W/"dc5b8e6da3be06320569bf90cfe1b4c6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114924139
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FaoSGcqVzJoZB2%2F1mHsX22XgtZKtAQ3pH%2FzH1eGD%2FzH1KY3w4%2BcwocGX8bU0oSy6KcSBO6XRQ%2BXvRAlG4eS%2FxtNmK0F8NZ6wgSqQRtrhptEDuE8N1PZU4BYMTrY6Y3k1PM8%2FVTB5yUXSvh%2FGqeY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e069318fb5d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_97266453797_Remediation_Announcement_Banner.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550133721/ 2 KB
1 KB 94ms
52ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550133721/module_97266453797_Remediation_Announcement_Banner.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f31e1ce1202bc0ee8105deb5885a4b7b389b2cf936bff83f05032c8a2cafd0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 649557
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:28:54 GMT
server: cloudflare
etag: W/"25e2f39fad365df55a45617ede2ed5ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550133721
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ViEi7frjB8B5gjZua5Cl71eCiNQnAykudOzYeKQ3V1PQ7B38VpBgpDcb8pWoCyXSMmdFeADrJXQm3FqNeD52268kaTcNyMxeqS7Ec46ex8hj6jVh6aEqkvuA7WE0k2eYvwrXiy6pMHgUIKCyz0k%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e069329075d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_96126751858_Site_Navigation.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030600211/ 14 KB
3 KB 84ms
42ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030600211/module_96126751858_Site_Navigation.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 45c7614c18a99d6d92d12cd7f4f06a07ce88256882a8889574d265fc32eace0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 649557
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"1e14b5836ec1ab1e8354d2661a31a88f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030600211
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: d1599fbf-b690-4072-b013-4dc5c8bcf1b9
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 178
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: d1599fbf-b690-4072-b013-4dc5c8bcf1b9
last-modified: Thu, 03 Aug 2023 02:43:21 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99NljhLy4J6oVMKTYX2bntagmGZZNJVbDMAxhoVg%2F3NCTCdATs%2B2y5LYS4AzU34A%2BgMx%2FO2Pd0haVuuOOLUPEbtpMiWPMpXfTipkaH4NdqVq9ACJEN7BD%2BdRsBZfShsA5CWYupWsZnfpMbQqOvY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-hml5r
cf-ray: 810e069319065d8d-FRA

GET
H2 200 module_125777074029_Navigation_Submenu.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210033148/ 2 KB
1 KB 93ms
52ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210033148/module_125777074029_Navigation_Submenu.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ef71ca3de1b4e89664ec102fe490b2abfbc80350253421c50a31bd3b22b9722

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 689324
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"4d29d054ec06349f29591688037aa80f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210033148
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4d55eb47-d623-435a-8413-256bb8a12d47
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 163
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4d55eb47-d623-435a-8413-256bb8a12d47
last-modified: Wed, 16 Aug 2023 18:20:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVcN1iPCUZP0hDs%2FI5QtJKp%2BGRcxD2iRDe0pKjMKUq0i5Ve1Gp3bJ7gAmEeq4R4%2BpWL1ZGxZ30aowcZQXWT%2FYEqnQln2jKfQ99QCbiRXiuBVgKt5vebwmj39XGFJPKYLd0CPjXnn4CmthGmmuZg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 810e069319045d8d-FRA

GET
H2 200 LanguageSwitcher.css
www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.11/sass/ 1 KB
1 KB 64ms
61ms Stylesheet
text/css 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/hsstatic/cos-LanguageSwitcher/static-1.11/sass/LanguageSwitcher.css

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

957a85939578fa14d2371922b58dcbf67f9b769e459f38699ceee6a84751134d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
age: 13939051
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: iXRaVI6gvNO5oDb7NS9VHG_l3VoXX6Hh
content-encoding: br
x-cache: Hit from cloudfront
x-iinfo: 7-102224749-102224797 NNNY CT(1 11 0) RT(1696428807335 259) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 10 Mar 2020 17:42:28 GMT
server: cloudflare
etag: W/"116ce0ec359fc58e099de58c90ed35b9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D7cVyk%2FYmeQOyijen5kGFDornr6CzdK%2FRcO%2BW%2BrOORtlEZRNKq59Qa11X3QN6krP2ozzDLhpzqlVQNzy8iFT0g7yWs0%2B73OKAAczNQDh5%2BCAzi1774fkImAh6o9FjlrNsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 810e0692e93135f3-FRA
x-amz-cf-id: jnOHDbtUKCLiM9384zKZ8ygYCRw6vyZPir5ZuD7qE4ivs86l5Mvn4A==
expires: Thu, 03 Oct 2024 14:13:28 GMT

GET
H2 200 module_115948073012_Blog_Post_Header.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073012/1693341707705/ 2 KB
2 KB 81ms
39ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073012/1693341707705/module_115948073012_Blog_Post_Header.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a1f86c63c2ee772b07a6f678e7f8cd51b3aea064d83423eb213fb1df9d6b34c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 464437
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"f5bff8587da6703942d1e04601fb2ccc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1693341707705
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 41525740-938d-4bb3-ac37-4631defc7afb
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 148
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 41525740-938d-4bb3-ac37-4631defc7afb
last-modified: Tue, 29 Aug 2023 20:41:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3m%2FixvCQuDjtoegTbqwrsLUOoOPQkIFGIXX%2FkUog7XmPSlbcS877OVbakXQEmktFCK%2BAi2y5qc2kZ3HONZYRjvhExHWRJj5vBkn8%2FMoGIzsC6yj7YCjdoSS4JOh8YRenQfhKPX79RrCVpfe63Gw%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 810e069319025d8d-FRA

GET
H2 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779300110/ 758 B
774 B 88ms
47ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779300110/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0420b36738d9457c3f40a67c69135b170861becd9bac983563b3aeada5287aa4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 1007228
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"af2e09f2a3860d065ab2b884c54bad8b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779300110
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4adc6e92-4e62-4268-b467-8e2cc5470e85
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 140
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4adc6e92-4e62-4268-b467-8e2cc5470e85
last-modified: Fri, 11 Aug 2023 18:41:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kTBi%2FPU0Tup370bBdQ0ZW11ZvnN8jqShO7s2sOD9bKZca25FPZms5FzG6UXIPfVshWhcoz1sHc82mWYWVjqUdHoML3EMjebxL0sz1XpmFpVoMJDUCBA2VNZaXhTMO%2FV58Z6CxgHvQYuV0%2BB4QJ8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 810e069318fe5d8d-FRA

GET
H2 200 module_60280511003_blog-form.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832789186/ 3 KB
1 KB 89ms
48ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832789186/module_60280511003_blog-form.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 197928
x-amz-cf-pop: IAD89-P2
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 180
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cd2a679d-c997-4e6d-86c8-41ee2c1fad64
last-modified: Tue, 14 Mar 2023 22:26:30 GMT
server: cloudflare
etag: W/"0beb1a886bb335c582b07556399b13e8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832789186
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8HkiKYEfMDrYlD1qAHi3Ni9UGpCoIoKC40goHn%2FDQZVxxevNmnzDU39juW6ExxJKfg0YPgVERAnPq2dmlwutUIQBIxsgJs9mj5csf%2FpeBrFtm7Raioe%2FqA1sqOrsH99Mlsmqi6rY6vjWWk9EtBM%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6db9d854cb-9nxbr
cf-ray: 810e069329135d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_104582894481_What_You_Should_Do_Now_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/ 46 B
524 B 82ms
41ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/module_104582894481_What_You_Should_Do_Now_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

age: 1670788
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: "7e0b52d7773d1bdc69885fe97aa20285"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692928068437
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
content-length: 46
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
last-modified: Fri, 25 Aug 2023 01:47:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l9P1ey3Bf5OScsG%2FNFebX64jnY8FDcf909IJH4aitvnWDsWXmKfQ9CunCov8x5Fnb9n%2FPOp76Q8fupdOX4qWlbCjZ%2FFPS61vCRtd%2BnHH6yKTEvAa18SI2ZhxOSkIPVSvf%2F8zvBpaDTYDG%2F0DH0Q%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
accept-ranges: bytes
cf-ray: 810e069329105d8d-FRA

GET
H2 200 module_115642542216_Blog_Post_Conversion_Panel.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115642542216/1684180718003/ 2 KB
1 KB 138ms
97ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115642542216/1684180718003/module_115642542216_Blog_Post_Conversion_Panel.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0d514e3fc3d638136890b4a1f61d2f861af3bbd8f997ca15685efbd22554538c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 197928
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 175
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5119b3dc-4a97-4ee2-81e9-253064842a10
last-modified: Mon, 15 May 2023 19:58:39 GMT
server: cloudflare
etag: W/"688ebc7b9f5e3593cecd51eb92e4c6e6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684180718003
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSD2txG5OyypOKA40nAyPIoF8Ubdm1uZ77bhd0qWzREolcvu5iYnCKCtJqjzzcbWhJ43hc11EoIJo6DwcVJIoPMewZ%2FLhkkDLXpZIBE5tQ7EpSYfnJ8l%2F9CAconG1qdFjZ4%2BF%2BNLOhzbCjwdxiI%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-65zd4
cf-ray: 810e0693290e5d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_114784368718_Blog_Keep_Reading.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/114784368718/1684524759023/ 2 KB
1 KB 91ms
51ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/114784368718/1684524759023/module_114784368718_Blog_Keep_Reading.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1a1846f2d4d1abd1379f703e256e92f3b4b138f6dc90fdd8c99c58b7ca43457

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1066878
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 116
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 96dd81bb-9126-4eac-a5bc-abd140019136
last-modified: Fri, 19 May 2023 19:32:40 GMT
server: cloudflare
etag: W/"d922d55fec70ef38b027578f64a0010f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1684524759023
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNdt1g8IQXcO0XhvfmOoBzEaHxfIEIhztihtkJPA8elGep1QUTgbhohczImpe8WmWXB5BcUJQpcEN%2BPDXXH7SOqlUJc8kIesGGgjuTvnBjh8LmWGa5yT7uigXyHpcLBm56LWQWvP3q2xKzFKG8o%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-65zd4
cf-ray: 810e0693290c5d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 module_87397221683_Footer_Site_Directory.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310897/ 4 KB
2 KB 90ms
50ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310897/module_87397221683_Footer_Site_Directory.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 456766b19e4bca3d3e998e25a416376f2158061b925f28f32527aee2ff1e28db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 30852
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"8853d36396f354f645f3057dfc260fb6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310897
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 0944d81a-13a3-44ae-a132-145cbc45f51c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 204
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0944d81a-13a3-44ae-a132-145cbc45f51c
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pmzajFVgGO%2Fq5MwplhmsrI0nhJ7DOwi7Gw3%2BeGalyWEP7E%2FK%2BeiJdVNHQH4ZjH0rTifYlDQPomiVlYLcV%2FBvW5L5EwR9gcuBx%2FIJWmoEl0OA1p3Q31RaslgmrLHMzOnfTUbtsG55WLqReaZcMu8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-8ktx6
cf-ray: 810e0693290a5d8d-FRA

GET
H2 200 module_87930956413_Footer_Legal_Links.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87930956413/1678467830039/ 207 B
752 B 102ms
61ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87930956413/1678467830039/module_87930956413_Footer_Legal_Links.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f08978088fd2635efee64efe38bdf155d6258f8b547fca43381435d0048ce46

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 649557
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 10 Mar 2023 17:03:51 GMT
server: cloudflare
etag: W/"96007886169fd0ec341d641653f4f98b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678467830039
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0KKZ%2FdNurWnuBZ7EnA%2Bqq8CjFYtAlLBDG4XktSr5dr0DJq6QPV7OtBHhpIPP9vM2Nir9Q5KmKjBwB0mQRhGDu96aHCDKRnr43HOh5c4mlnp2%2F0WI%2BP07yRSMqUu%2F4ilk5EpHYMKVyLiilyAnvc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e069329095d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H2 200 module_87944291354_Footer_Copyright.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87944291354/1674235657411/ 45 B
416 B 139ms
98ms Stylesheet
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87944291354/1674235657411/module_87944291354_Footer_Copyright.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce52d3c9ed8217ae0ca3dd0479d5ced16baf2de6625e0c81166471aaa956136d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 689197
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
content-length: 45
last-modified: Fri, 20 Jan 2023 17:27:38 GMT
server: cloudflare
etag: "c54f91357d03928424b38f6d19c9c224"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674235657411
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZNh3FMxm0kp%2BNG4zn8MExOnALvoMnpfd1pNM4NANfbRpftB8OodJ%2B6q03seEPGOqfr0Qz1CIlm3149PEph3DCix2Ao7DTpNYEYbjwl%2Fxd6kj%2FkPv%2B9j7k8omd8nH0lxs3mSUxfPosaBofY0kaLQ%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 810e069329085d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 plausible.js Show response
plausible.io/js/ 1 KB
1 KB 106ms
9ms Script
application/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://plausible.io/js/plausible.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1081 /

Resource Hash

021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
x-content-type-options: nosniff
cdn-edgestorageid: 1080
cdn-cachedat: 10/04/2023 13:16:15
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.0.3
alt-svc: h3=":443"; ma=2592000
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 200
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, max-age=3600
permissions-policy: interest-cohort=()
cdn-requestid: 85bf87bcd74a52cb38c4220dfc00fa8e
cdn-requestcountrycode: DE
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 93ms
19ms Script
text/javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

143a76ea0c14e9a8a7a4d08df5c01cd055e4753c0ab5d2335026731a1d1c1c2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency: 663
date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AKAM
x-edgeconnect-midmile-rtt: 0
content-length: 163638
x-li-uuid: AAYG5BysxHhIzTj0Pf/fYw==
server: Play
x-li-pop: prod-lor1-x
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-lor1
cache-control: public, max-age=3600
x-li-proto: http/1.1
expires: Wed, 4 Oct 2023 14:37:43 GMT

GET
H2 200 Frame%2036-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 115ms
74ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 173349
x-amz-request-id: Q1PSHWT8NNJXX544
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 NNNN CT(4 10 0) RT(1696428807335 487) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"4a0280ec41a09339bc32b34cd26d66f3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428417394
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 87714f2c4c5d69d88a49430daf7bbfbc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YmacvXukdtrqgcUXsZZPYD9p7.OCqpBh
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875523,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: c4tQH4sDd+PK+KBUtb8uYMjnrWcL+lLelUEiMrSJYvJWDMfHdVAAC+rYMMWSR28B+LIoRxCw3xE=
last-modified: Tue, 11 Apr 2023 21:05:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FvVY4sYW6ToEhMIgHJJhDQnPvCD1DJKem9c0sFXm4sGBfED2hIjGiCs0mSOrxXOpPRz9hVIcXaM42rYhnygtzNHx1bn0AGu4vsNh0%2BzUqEIWE0No29E%2B9KqWi1RvnhefgY%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: E/H6NrQH9VyyOsXoUSiYAwdzHWUAAAAAo/ZQmCPPlmc26QOWmnSJAg==
cf-ray: 810e06947d20922f-FRA
x-amz-cf-id: WRiteXxoB_SYyJnrt8pJ7KArs-EHFp6sqlX7BfJ0C26g49JpRebx5A==

GET
H2 200 Frame%2036%20(2).svg
info.varonis.com/hubfs/ 2 KB
2 KB 111ms
71ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(2).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 174134
x-amz-request-id: A53NB0D8EVNBF9MG
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224813 NNNN CT(5 12 0) RT(1696428807335 493) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"db75d74e33e96cccf27b2b6b95161418"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428486763
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 66ce4848bcf993e3c57b596461cd0b82.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nlQ.JNOv_1Z2QlY4vh553LM_j5Qk51Cs
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98066981132,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 0CktnbFsptepMmExMv+mLQskIDEadyDeVnDH5QsXfKQ4XLWcCYSM4lj8UuB+U5NehRPp/a4clvI=
last-modified: Tue, 11 Apr 2023 21:05:13 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJt%2BFHv8GZTJHmgbaZ6E%2FHb%2FDuoBC%2F1pYqpeSt3PhU00MHKqc%2FzYUmdfYY%2BNzAYHKg0cRUFDe5NHyo3XLvRQ4%2BVKwEtu83%2B5wTYvjiSh8k6V%2F9jWQ0xTlU29rLreXrhqVk0%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: sLiJPqKy8GGyOsXoUSiYAwdzHWUAAAAAUizRLRzmMwrYbLjURLveyw==
cf-ray: 810e06947bb19a00-FRA
x-amz-cf-id: yec2iQQOkbfgfo18Vy_BDETaS7kEHDL6YjR0Jw4GdOqHqGnzLUKKUA==

GET
H2 200 Frame%2036%20(1).svg
info.varonis.com/hubfs/ 1 KB
2 KB 114ms
74ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Frame%2036%20(1).svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-cdn: Imperva
age: 173920
x-amz-request-id: NQFAG8T2BDAW98G7
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224811 NNNN CT(4 11 0) RT(1696428807335 490) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"7cba335c1df43bbb31b831c70444dc5c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673428464410
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 8c1abfbb8460bed752668233d296dba8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jQIVfYXDwJPgRyEKdz3rJ1BSaSxuz0vz
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98065875545,FD-109376198768,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: SXgeX0uqU0pdoqCZJPOCeVTsVGYw3uiEeuQ1x6Z7X7fFRo3lCLyJB5u8hDDqUt0pnxXX7yRMYX4=
last-modified: Fri, 07 Apr 2023 16:37:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SkA0VXKFL9evv8TNmc9GldfII491NmDJOPkLJLla660N6hhDeZSfHD7R6ObaQn%2FuXHeYpvqeJ1WVDxktCBXnGVlBnwhqlxtkrWuLGDmKo8h5FExDsyaZa%2FkcI0aLGspdRiM%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: lDnaQmKXhC6yOsXoUSiYAwdzHWUAAAAActxotA5yDoVxEqGJEV6qOw==
cf-ray: 810e06947a743720-FRA
x-amz-cf-id: 21idg2_zmWH0e-1KV8POTCvSoYVo2AIRQNAqK91huOELsmw2Yze9Hw==

GET
H2 200 NavIcon_M365_2.svg
info.varonis.com/hubfs/ 6 KB
3 KB 129ms
89ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/NavIcon_M365_2.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 173272
x-amz-request-id: 357MJZN8FR3473F2
x-amz-server-side-encryption: AES256
edge-cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 NNNN CT(3 15 0) RT(1696428807335 496) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"8bcc6d027ad47e870fe16a237dc73bfe"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1674081974689
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 551a3a9c2bf1e2158a9f24897afe2b8c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: zwSqLSU0xjuOBDaiT8xXQbFQQAf95O6P
x-amz-cf-pop: AMS58-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-99087873924,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: riQ6y1eClPbjVpXRp9M9nEYufh7GpQCzWZ4o4Z4JRAqUso1rlR1O+eejrYmQPiP5W6Fl8Ekey2U=
last-modified: Fri, 07 Apr 2023 16:33:12 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IDti%2BqTuZMyRPq7Lk4MdLnHpsMYrQNhPeR3ButlDXyqHjFfnQt0AvtV6guLGSlPxUhptVuO6PViRRKpjGpWQiBJbkO12jy2Hth1GU9dBwV8tegTGkEjRREf2HtC5rbCujFg%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: +hbacd8manOyOsXoUSiYAwdzHWUAAAAAHbrfu2qDqrezuy+/hrIDxw==
cf-ray: 810e06948d742c20-FRA
x-amz-cf-id: jhEr8cejOxHk9VunPwEF6dhXApXsOMG5r9oIS3EUerTAdE30ENhkZw==

GET
H2 200 NavIcon_AzureFiles.svg
info.varonis.com/hubfs/Web%20Assets/Logos/ 2 KB
2 KB 109ms
69ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Web%20Assets/Logos/NavIcon_AzureFiles.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 173795
x-amz-request-id: A09ZXKTFKBPTX60P
x-amz-server-side-encryption: AES256
edge-cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224815 NNNN CT(4 18 0) RT(1696428807335 494) q(0 0 0 -1) r(0 0) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"39f1c52d2cc888b95c60463165cda36d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691417731365
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 14bd82d61eea261f371dd878bc132822.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PQz0I5ZDy7h_rRyB67TOq3xY2tYQaD.k
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-128881005631,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: A9YkOo3y2TP0f6kfSubRKlDhFgOE3PlC3h4JKGdchVb0kFraUJ/c+nM1TqgON4IwtS4c8rCxgSgO28KBydonq6R9BogksDtWWVMaQkz/PQA=
last-modified: Mon, 07 Aug 2023 14:15:32 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4DY%2F%2BuEZYSzanCwzNQ%2F4nAR3Me5YmaMw3ErFTlJoKFj3V0cJTAb0GbeyK3WjVsn%2B9R3gAiejZFHj3vS3StF0b%2BN%2BWtKi2FsN%2FcUQgaUnx1m%2FU4GPBS1iHrUrLkl5HCc5uNk%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: St0oeBziVGayOsXoUSiYAwdzHWUAAAAACOgyTuCNxf1GM0Y9s9yJZA==
cf-ray: 810e069489242bf7-FRA
x-amz-cf-id: IJ3X9wZfM5B23VmE7tZLPtt-L953or_Re1ZKdU7pDsjIeDt-FuKatw==

GET
H2 200 Logo_Windows_Full-Color-1.svg
info.varonis.com/hubfs/ 480 B
2 KB 142ms
102ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Windows_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db1e2dc64218b7044da50d01d0ffb83bcdca49a35b1ab7ffcdef6736863986cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 170950
x-amz-request-id: SNK40KF3Q6P5HV7X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224815 PNNN RT(1696428807335 499) q(0 0 0 -1) r(1 1) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"d694fe76cecc0228afb418373de25fd7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429615523
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 5399a427cccb3191e8715ae58ba175aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .uN1VY8fE_6giU8Wl79_70fP6NJlVGUA
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067711332,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: kuMG1pGIg6SdDay1RYa0XpkWGopbrr6tXV8SWsuH0cMJdg9yPPtzkHLzdYgrHO2GYxDlYY1K0zw=
last-modified: Wed, 29 Mar 2023 16:37:38 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2Fj7X7iRPtUni8chHhxcxdRNWw%2FZzyHZbUEUs7oYeD942B31SackGG%2F8uhq7UezAKEBJwz4CUrgFx2lUgL0w39YSs6SmKNA6FnpU4ENIuD58qRQmQH5OHA31RR2vEPUTIGA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: c+NEKEPrpl2yOsXoUSiYAwdzHWUAAAAAHf6hLtG0JCGVumPI9sFjNQ==
cf-ray: 810e0694b9422bf7-FRA
x-amz-cf-id: zZRnFc5I3i2Scrgidk5vS6Xr9HWqjyO_AWlJefNqTIpjEKIZN7gLHg==

GET
H2 200 Icon_Windows%20AD_Full-Color.svg
info.varonis.com/hubfs/ 308 B
1 KB 1085ms
1065ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_Windows%20AD_Full-Color.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a40943594d5eaaa010c66254e2dc4a83d8bc53104602afda2e3b622b8e78e2f0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 171991
x-amz-request-id: 91M3WXV36EZBN119
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 612) q(0 10 10 -1) r(10 10) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"cd83460848cbb057d8576e5cbd227359"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429626407
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 6c38ff4c7648bbb26bea641498fdefb0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: j0AZK7sFXh11TgqH_ROdfL.gi9gjKDU7
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067389516,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: r5f14mtr9HcStcYzr/QvndFgZzEv1/Byu4PN9gJkPa7FYluqDrRHGS/wsdrleDQLE7LpvQ30S8s=
last-modified: Fri, 07 Apr 2023 16:34:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RcZ0hPpIwsZtxep3CS9wOBMWA1HDN9skx496ClDLOn77gw1vEvGfSQ7rhXCb7kt%2BW7zu2bcfkuDYAAQImM4s7YZSAWVIzdVRjWYVuvIii%2FzRZhEvBnxbufRQuZYU6yyWv2w%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: gOOIVEy27AuyOsXoUSiYAwhzHWUAAAAAbBwMZqwob4SZmieNhW+ZIQ==
cf-ray: 810e069b38e6922f-FRA
x-amz-cf-id: Dd4oAnSg1CB-TPe8s5MHR9l_9Ze4DLTkGOWKsQA8Fi5sJrmWZUyGaw==

GET
H2 200 Logo_GoogleDrive_icon.svg
info.varonis.com/hubfs/ 1 KB
2 KB 1108ms
1089ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_GoogleDrive_icon.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b40e79c5d412914e928d19e3cda375d940ed037dd6a1f6d7613b894e39898094

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 173272
x-amz-request-id: YVZE9R47R8TFES8S
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 614) q(0 10 10 -1) r(11 11) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"5ed1993efba372d504a94f9cededf3ac"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429633320
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 e2dc4178fd5d89ed6c6e3cd0e2e53fa6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: C55Z6MT7XpHwV8In.o_V0y0xhp5ppwr0
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067730253,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: YfuR8HBCHiyLXe5cQib2YJWYoTTT9cCK6ahfvCUnzYM6FmPBG4enqeUWhdlZ237Pb0UPe173Ghs=
last-modified: Wed, 29 Mar 2023 16:35:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bOuBwKN2rwmhuzThFauSArs1BG2ulPwtJ9lDuu6sHVphws75Np5EYOB9MPgjAKXJ7sGsdf9arqHcz5%2Bb6bI%2Bp1rE4WJSKt5wAa%2BJYwHC70U6Fm4Wq62ySlqFgbMYc8Yn%2Flo%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: LX2pUw6LGjeyOsXoUSiYAwlzHWUAAAAA4qYVSSwAQNFl3mKI2hIQWA==
cf-ray: 810e069b7c962c20-FRA
x-amz-cf-id: NZ3Z360voC6sUkiLcnJOQCD-VWRzlMZBqPccTyEFUnlsooG_Q9S6ag==

GET
H2 200 Logo_Salesforce_Full-Color-1.svg
info.varonis.com/hubfs/ 12 KB
6 KB 1104ms
1085ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Salesforce_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2f24b7fa64d8f44ddd36d64d9a647d13caea3756513d97abd40e3c8754efc63b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 173334
x-amz-request-id: EH4513RYH5VXHF24
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 616) q(0 10 10 -1) r(11 11) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"be309990b75f168448dbfedb6fa65e11"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429638821
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tAzo3ayGAIUKFNkzvo1.OA9IZRoodnWm
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067569686,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: t4Oj1/uSlx5pBDroERgvwBJGEfARHhZaW248VKjFqrqrGRjST5dG5QDthIMUImMw7RjK0DYtVfw=
last-modified: Wed, 29 Mar 2023 16:36:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JcnqXLmNT9W5JUC6k3XDWWAWGF0VDQHV5DvuKFWupOTwepSF%2Fhe08AbCb%2FoJr1g656A0N7keUPx0jm0SNqvv1HIv%2FRofg0sBlTLDngQ8brLa2c4ubGBD5eLgCxK5LTipuq8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: ULBJM0pkcQ2yOsXoUSiYAwlzHWUAAAAANSIuyodcqJ8NPE04dQ5cig==
cf-ray: 810e069b7912922f-FRA
x-amz-cf-id: __Z_qEET4lJ_spHEDBZdJd2fAvC0J_2yJXBtkLR0lf5nHv5I9MNswA==

GET
H2 200 Icon_Nasuni_Full-Color-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 1156ms
1137ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_Nasuni_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10426b160a932ef2b98908d2f32aca756777f9d0a90ee2d7bc334cb1629e0ddd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 173483
x-amz-request-id: QGMPM34C0HVT1HH2
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 617) q(0 11 11 -1) r(11 11) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f0b0eaa5332ee7de29889d93840bfc0f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429645009
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 7f49a9d7acd3e2b85c2c573f92e92d4c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: KGxnFvJWYxjnwQ.jwg9Mt9Io5nzlo9bc
x-amz-cf-pop: VIE50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067015183,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: j/GtJI5vJtZGl4zsPB7qR9tkCxtnYJX1K2EgorxUkMqA86ozH/v1rYV6ErUd2xPaIyzn2UksMOY=
last-modified: Mon, 03 Apr 2023 21:49:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=46H45BJORjQSsVxknje1556G63RqfUyGW%2Bj7lOGwsJ0Bz0GdTjb%2FgaZUVjZJj%2FdnOS%2Bn6AK3vgB1rUWr20QLHgZWsJNeMy4cnJl6HKr2aremr4tXajNtilAUXdNTW7lDyFg%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: KR1SOnIkO1ayOsXoUSiYAwlzHWUAAAAA6UCXcCqA8LFU9nrzR90T7w==
cf-ray: 810e069bc936922f-FRA
x-amz-cf-id: VVDYauNEpRiMKwFP33JfVEQHmlOtbeH32U62LCD3wxwf1MSPN6pIUA==

GET
H2 200 Icon_UNIX_Full-Color-1.svg
info.varonis.com/hubfs/ 13 KB
6 KB 1155ms
1137ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Icon_UNIX_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5db5a02e960dde70bbf77fb6d28c61d4f6b5c291b3dd08d76a678d17c2d96420

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 172943
x-amz-request-id: 62C73JX87ERZF1CQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 619) q(0 11 11 -1) r(11 11) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f95d3f7607cf257b1cd570a34d5e7499"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429655074
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 89efe3a7854e47cf7f1fe47e28e39348.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TAyhZrsomXl28HGe2LLLazlL86PmY7x0
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98071067307,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: XeNnKzW7nWhBQxbc3MMDAhssa9HENzqu0zw+uAUS6asjwsoOz0IE2qZ+U3KIiPpDyknRcXhDjJRRN0bTn9Lp89aMX60aR5Tg8jotoqPprs8=
last-modified: Fri, 07 Apr 2023 16:34:48 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7T6EVc4mU6KUKY3Xn%2F1jS3zNRD9pLed4Zdj4Om6DTknWZntfwTP%2FXVFfZEHCh8lTlqpP6lPDYtxvJQXhWREFD270xiIvPXfa%2FmeZXTItDRPml8RkhAFOsM7TacW2UxGFOW0%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: pSStbxmO/BuyOsXoUSiYAwlzHWUAAAAAVWfmmSAIfR8/L6Eo3aYDGw==
cf-ray: 810e069bccdf2c20-FRA
x-amz-cf-id: pouZEB8oQ4M9ZM8lhw4uMDVYe9H12K3nB_rC8N8RGKMMS0lzUHr5zw==

GET
H2 200 Logo_Box_Full-Color-1.svg
info.varonis.com/hubfs/ 2 KB
2 KB 1194ms
1175ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Box_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0adb972147098e0e4d6abbd7b83952363c8eab82429760136816142d675e321

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 171183
x-amz-request-id: XH29H7EXW949ND6D
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 620) q(0 11 11 -1) r(11 11) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"12fad58f529b97c18d6081296d804d47"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429662187
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 ef76486b8b2194781e7708296c3d455c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 4bnH0nYJLrnJYB2scTeniXFFZf3HM_Ur
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067774057,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: N4RwOAJyzuZ17gt5tPwvbff0jHWjam/PrxsXwJLiAQvWbzhN0H+fUPZCv4fpOhQKM9rhuypk97c=
last-modified: Wed, 29 Mar 2023 16:36:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCsVHEaQCfAfEfkbsyMeSKV12n9NorQFucK8z6HxXInToSIeO8ql99AhR0C4LxLlHyFmj7iSd9FZs36h7TUrJvCVecj%2Bmk7X66B8%2BPcDEAzeIyzJZaKdiHi%2FKJPpP%2FQxTic%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: N081D5Aeij6yOsXoUSiYAwlzHWUAAAAADk7X4W9XeqHbrd+I2pZDSQ==
cf-ray: 810e069c1d332c20-FRA
x-amz-cf-id: AjxHffaxihPtddKS61ct9e15FjRLEhDGFhsWDvE1O7o0zvIoZ5q2eA==

GET
H2 200 Logo_Amazon%20Web%20Services_Full-Color%201.svg
info.varonis.com/hubfs/ 6 KB
4 KB 1194ms
1176ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Amazon%20Web%20Services_Full-Color%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12feece8311f076308c2bbd3d8de66155192ea9df9a705a486f8e4684c45c5c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 173953
x-amz-request-id: KJ9HSGBM4A8KY35Q
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 622) q(0 11 11 -1) r(11 11) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"9ec8f05ec8b4bccf14856667c2f4af0e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429669382
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 66ce4848bcf993e3c57b596461cd0b82.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .hqD1QhDm8nt6xQNshEa2DyryB7lp9Y3
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067015197,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dHZxroVk6phuNrfrAt/4QcKmyVUhKaeAfu+9Bv3/ooKR9c+JluCpZh+2D9phj2M/2nvY2fRRDj8=
last-modified: Wed, 29 Mar 2023 16:35:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ou2bhUHYyFiduoqsF1%2FBm%2Blgoadn1s7qRDBN44UJKr4c%2FOZ8pVxhfGsoHhFx8Ix3QdnCc2rL2ctoEsUogMFhV1gx00KbAf75th4PNGJb3mMMMu02SV75ny4DuwAIWxTKFsU%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: zkI3c4S0SwSyOsXoUSiYAwlzHWUAAAAAG2NuV+qw+L9L0sTzZRcrDw==
cf-ray: 810e069c1960922f-FRA
x-amz-cf-id: _3r0g2a9qbP9Gha9DP09HC5dKuXeXSDPozrKw7qtE8zfZX3Zu50CNQ==

GET
H2 200 Logo_Okta_Full-Color-1.svg
info.varonis.com/hubfs/ 3 KB
3 KB 1238ms
1219ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Logo_Okta_Full-Color-1.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bc3c3712e26de83ecb08d0360e70ff826b4fda86e8348a3ee2208b4ab2ebad1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 173334
x-amz-request-id: KJ9JMT0YFSD35EHN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 623) q(0 12 12 -1) r(12 12) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6ae59b6e0ce4f86234daff364456a46c"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429677378
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 f4c3162878591c5abd76f8ee1f873476.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5b0dmh0pwNv7XUyXYOrxaO9n9Ea4swdz
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067389557,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: g1r/UT3BF7UMtcL1mf5bb5hhBux2bCm3fzCOB3daWnZQbrY7vUrM3HQn373ecCm0GX8JqceAHigqjxNIBjSnDQ==
last-modified: Wed, 29 Mar 2023 16:35:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qDHunJEDQ2tt6tp8oiLCdUW6Ka0q4JRwogA7K%2BrhAN0Upvcq4b8v%2FlrXo29%2BgUZ%2BiScI2tgssrRNvkmpmQRRgHaqW2yg7Otj0RXUzpGPmRM2v7mTm7nIfPald98IseyVBSE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: kpf7TSBx4UyyOsXoUSiYAwlzHWUAAAAAy6TF5e8u8He+WodS6VRo1g==
cf-ray: 810e069c5d702c20-FRA
x-amz-cf-id: Z7ym2GTbKV_tglMWgNgOtJqcjM8Hxpy-4yg8XnFEIFD2jgRNO9PI9A==

GET
H2 200 Fill%201.svg
info.varonis.com/hubfs/ 1 KB
2 KB 1229ms
1210ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Fill%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a074c8ee602a0b3416f69defbab28371abb92ce73f934afa6e58ecec72b9256

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-cdn: Imperva
age: 173349
x-amz-request-id: XXMGPCD1B0Q0AW6C
x-amz-server-side-encryption: AES256
edge-cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 628) q(0 12 12 -1) r(12 12) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"6980550af35925ac7c226d9e70c95932"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1673429684459
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 6ef87569c26a159f552948d3c30a2be0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: T17L.OC3KO6B91DsAQ1bpeTtHFnJrWVM
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-98067849848,FD-102044878171,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hOgFBnGIboXmgTetU/Pr0PahXaaIzBVjPoFhU35Znc+1PHP8/ux1nmpb5GMVNWttkrK91vT9xnaGt/XBmSkxGiJJKsH/m6AI3strtq1CekM=
last-modified: Mon, 27 Mar 2023 20:18:29 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKqhljI%2FMYp4aNBwgSamuauRE%2FOrDXOun3%2FgSzQsaa9KlYGOgzA90RQdEQ7p9Bx5VApk%2BIihKNoNpqfazV2G3RrGe9httQ5UxYz7y7FOF9oIYm3Fio51tZKe11NUrRSaL34%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: gUpidYN6hH+yOsXoUSiYAwlzHWUAAAAAtAQsmKBcrt+DhltuvrlW/A==
cf-ray: 810e069c5984922f-FRA
x-amz-cf-id: _b0rYbs3gT-i72VhqH7G7ukqyZzWFcpwC8snbdsY8eKOxFha_NIsLQ==

GET
H2 200 eric-saraga-1.jpg
info.varonis.com/hubfs/ 15 KB
16 KB 1598ms
1580ms Image
image/jpeg 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/eric-saraga-1.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3811fb1027a0a283c76a65c78409b4e1c7e6657e18287317b7217fc5a5641b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246728735,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: YR7Y8XCSM9SMPD0P
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246728735,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224815 PNNN RT(1696428807335 595) q(0 0 0 -1) r(10 16) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "4750d78c05bea94e00eec7761c09c611"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646950989425
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: wMU2wQSgPq6.JAW2FFMDgj88kcRfhNMK
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-68246728735,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 14867
x-amz-id-2: ZYT40EW1WCw1WE+QS7xDBBMnsDzuk3XPrJx5XByEtAyzVxGcXSaw2LDAfsPkwBV3xGTqL+Zil9E=
last-modified: Fri, 24 Mar 2023 15:43:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xwaRsoND4jQI%2B2R8B7uZqF1RaR%2BMUg%2Fxh2yH9UZPrC5CK20eeExjMqycW%2F2yjRowM9%2FrB%2FBd9UYnu1yylF6aFLg8FFdxp64co9%2Ftgsj1JJTMEVNSqf7TPZWNAOWLzW8MowI%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: D4RPHpbtcX6yOsXoUSiYAwlzHWUAAAAAK0UG059MjyCCeYOhl06kNg==
accept-ranges: bytes
cf-ray: 810e069509982bf7-FRA
x-amz-cf-id: wo3-Q0tHrhUCnE8o71bPMoBpjUMvxRXVEbMgBln3Y5Id4Ps687_JrA==

GET
H2 200 Blog_PowerAutomate_BlogHero_FNL.png
info.varonis.com/hubfs/ 495 KB
496 KB 1038ms
1019ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_PowerAutomate_BlogHero_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27a90bf1857542b28af8513896c678324d731f9ce4033731bd1b3d58f827c7c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-65330498995,FD-109375700770,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: R8GPBWQ1YSGG1EDS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-65330498995,FD-109375700770,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 598) q(0 0 0 -1) r(10 10) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_PowerAutomate_BlogHero_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "9e82a52075eb98f93009603ebe8d123f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1643814395134
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 033e374ece012797cbee0d505e2e61b4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: t7gBXVfE6jsLXlJYUQtdMH4arlMmdVhQ
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=640020
x-cache: Miss from cloudfront
cache-tag: F-65330498995,FD-109375700770,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 506650
x-amz-id-2: N4xshuhEp38Rrt274YDcjtmSKddgQDO1OyNqNtxu50oG77fp/gInRg/IJsSO918SkTshL+1DbWs=
last-modified: Wed, 17 May 2023 19:42:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QnLf1j3cFEIrqcHuu%2BejpBPUnrXQx%2BeKnTrkmyt0LIoQ5t8dJOX7bgqcO8FUWLCOC0KgiE5XyDnDvXR1fL7j7nKz4RVs51cGxyjw9JY4UQ4URAlRTsFCtd%2BNCeELTCFwqrQ%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 0ipXK1BDFz6yOsXoUSiYAwhzHWUAAAAAx6HD9WnH0rTVEjDY3zSglw==
accept-ranges: bytes
cf-ray: 810e06950df32c20-FRA
x-amz-cf-id: eVLRUr4yD-06ZtAk50rObGda8kD6PRZW5j7g5tEUdTzrxR28n6S34Q==

GET
H2 200 Blog_VTL_RomCom-Storm-0978_202307_FNL.png
info.varonis.com/hubfs/ 618 KB
620 KB 1268ms
1249ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_VTL_RomCom-Storm-0978_202307_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad6e4bd22817f7c57fba019ade1f5ce25d7e329977f8a1b210cd39c89f21fe60

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-125297363303,P-142972,FLS-ALL
x-cdn: Imperva
age: 88600
x-amz-request-id: TV4H3XYR4EAYWDV9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-125297363303,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 629) q(0 12 12 -1) r(12 12) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_VTL_RomCom-Storm-0978_202307_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ed4525e13e49ca059410a12574663dee"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1689697037534
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 10eb694085881f80602b0213448c7130.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: bLZi.uNgtb1cOJwSUIB5x6iNr30guhX3
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=912261
x-cache: RefreshHit from cloudfront
cache-tag: F-125297363303,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 633276
x-amz-id-2: eRmJReEC9YHy72/hot70XNXu488toD87AaTwaDMaEO3oy7VV/2HhbqUeT4USsamrDwUe8qqvRLw=
last-modified: Tue, 18 Jul 2023 16:17:18 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cWb%2BRDBANqIlFhWu76kvM7UbxG224%2BNpqdluAS%2FWdxaQPi2T38bJNV1UlOawvskkl%2BOaqTdRXSg%2FENfFAIlC9HJI%2FvlM8anxNevuKA8puD0nz3ckbcrHfa2EU1kwryMKBls%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: J6cjV3zui3+yOsXoUSiYAwlzHWUAAAAAXEw3fEJRixVO8UsvRne9yg==
accept-ranges: bytes
cf-ray: 810e069c899e922f-FRA
x-amz-cf-id: oofbln0nBPExtRLHa8oh1YJG3ntpjys85UIEcwz0yeF6uxdC4O_Dyw==

GET
H2 200 jason-hill.jpg
info.varonis.com/hubfs/ 10 KB
11 KB 1293ms
1274ms Image
image/jpeg 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/jason-hill.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc49d2e85964794551744c178395ff6f1da72c3f0c2e9592227ba20df7fa8828

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246289581,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
age: 95681
x-amz-request-id: VEY70YTE5N9FPG56
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246289581,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 631) q(0 12 12 -1) r(12 12) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "8cbc5ef89b6dd83facf0906d344d492e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646950692406
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: W3PTKRIAkcmf4UWgqpcwJpPBozXMVCQf
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: degrade=85, origSize=16352, status=webp_bigger
x-cache: RefreshHit from cloudfront
cache-tag: F-68246289581,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 10218
x-amz-id-2: iV0O+73QE4WKjfb5hRvxHO87XSdBp3a6GSrfyzNGQuYhmPKcEYE8w8NgoZECfR9DfG1dEQf9Wuo=
last-modified: Tue, 28 Mar 2023 21:23:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XfDj1CpkviU6OVHCB9CQZ0JzMz6qRF1LU7X5ElPLo9sPGjzDMe%2B8EY5Gibx23HiLIxL8XNKQYH6DGTNIcGID0g5UFm1fWiGKTy3L5e7uMwM1%2BpS%2Byc3aPU595mJ7tmsEL%2B4%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: O6xKCTWBRCayOsXoUSiYAwlzHWUAAAAA59Howy+ML6Kv2j2cYMdlSA==
accept-ranges: bytes
cf-ray: 810e069c9dc72c20-FRA
x-amz-cf-id: svBUM_Yqf5oH1OC5jDGVCNagkqPAoSO2BgTvDrUyZ-AnbxRY7cjGfw==

GET
H2 200 Blog_BlogHero_VTL_VisualStudioBug_202305_FNL.png
info.varonis.com/hubfs/ 474 KB
475 KB 1318ms
1300ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_BlogHero_VTL_VisualStudioBug_202305_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

57d53ae04ceffb7c3cb588d188562a6311ccc7dfc5f1063488c9a644d0f085d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-118176300080,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: AC17N8VQS1G2Z6QR
x-amz-server-side-encryption: AES256
edge-cache-tag: F-118176300080,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 633) q(0 12 12 -1) r(12 13) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_BlogHero_VTL_VisualStudioBug_202305_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "dd431d312449189017d99f6eaa35385a"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685557038939
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: HurR3C4tAkzm4UE..3dp.o1oSRizhQVp
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=666790
x-cache: RefreshHit from cloudfront
cache-tag: F-118176300080,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 484916
x-amz-id-2: fe1MuUDZNVVdWarJnlZUdOPobPuPT7FTbzZ980hzXy8zxr/VlSPNNupeih5ps2n/UZr1o2drif0=
last-modified: Wed, 31 May 2023 18:17:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AEuB4yq3Sre7O7EOqnJD48MamxSyaz33pd%2FoekoqtFfK8fqnU0JJdvXuS%2B%2FzI5PhSOrJjRZ6epOYhI%2B4BmpIR0XlENiZF0sdkph8KDq4QSHp9lWC6iQpf7IG%2FfUdmSwNuZ0%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: piSeL56V7T6yOsXoUSiYAwlzHWUAAAAAp9RyfKTxo8hj6MPhg9Ymgw==
accept-ranges: bytes
cf-ray: 810e069cddfb2c20-FRA
x-amz-cf-id: PUyIrQITEtJyBmIhqKWAsO-drUdaCyXpY0n6DeoEwhpqVmR-8fy36g==

GET
H2 200 dolev-taler.jpg
info.varonis.com/hubfs/ 5 KB
6 KB 1348ms
1330ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/dolev-taler.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfa460081cd6d4b33b383902ed4854208b80b6eebcb75a7545ba76284f288012

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246290805,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: XP1Z2BZ5VG05DVBQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246290805,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 634) q(0 12 12 -1) r(13 13) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="dolev-taler.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "44b61f3bdce30ec4457b201e47d14682"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646951319194
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: X2GSYs4v5PUKbyNmDsWBVbJncG7ZJANu
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=11006
x-cache: RefreshHit from cloudfront
cache-tag: F-68246290805,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 5152
x-amz-id-2: 67nTDaYJoP+KIxmln6uR/44COKbrtZLEFupU3A3IN0Q3BXFbJ0XtliaeTxQhZVxE83gMwINxTYU=
last-modified: Fri, 17 Mar 2023 20:59:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5vtmuBA469QzusBsT7Uz%2BmKqYSchwCaAFpiJrt%2BNPpE6oVMbuu97oqdUJeDN%2F6eOQXihL4%2BRbqxIndetF2T%2FKLX0ARTLXdHK4zuypwWtWuFwdH018%2FmbZ2OK3RDK1GTstA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: McsaOBF4lCWyOsXoUSiYAwlzHWUAAAAAMrNpvWvRJOlC55oNdya+qQ==
accept-ranges: bytes
cf-ray: 810e069ce9df922f-FRA
x-amz-cf-id: iaCg2V2q_swicFsi_kkKBjtFYZ1iryNYPJs2DZcx9h3uRCw8AJfEBg==

GET
H2 200 Blog_BlogHero_VTL_GhostSites_202305_FNL.png
info.varonis.com/hubfs/ 536 KB
537 KB 1352ms
1333ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_BlogHero_VTL_GhostSites_202305_FNL.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a89418bb17ba5d40237a7c0f6b101fe9381afe7a618d2e1e4449e0ffc9c11d9f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-117175039509,P-142972,FLS-ALL
x-cdn: Imperva
age: 82978
x-amz-request-id: GY135G1HW767NPJY
x-amz-server-side-encryption: AES256
edge-cache-tag: F-117175039509,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 635) q(0 13 13 -1) r(13 13) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_BlogHero_VTL_GhostSites_202305_FNL.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "fe34892745f79012b954769f34eb0e1e"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685043118444
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 a31e887359e681523a84a0d401a4fe7c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TgDflyXJfm9V4IxeKTyCan3PF_UlLS_.
x-amz-cf-pop: AMS1-C1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=757233
x-cache: RefreshHit from cloudfront
cache-tag: F-117175039509,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 548632
x-amz-id-2: OMer6lT4zUMN2vncC+s2bqlILfMdkwKB3+kgF0qnNAfrXTWNjocnZGrTGcbjLk1EzmMMdeDp3EdQicRZsNRdYw==
last-modified: Thu, 25 May 2023 19:31:59 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=szE%2BFMurbGZ%2BsnlZlTiWU%2BX43Gd2CmbMJVIH9tXwvNXzvjRrTJg4HHAKZp6OZNq%2FwJq4dy%2FwC3NvM9eSe0c0H7RbwJCxwxkuH6hydGYC0HaqIXbjqfJW2aGMPQt5rmbVlZA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: gZTGclHv10CyOsXoUSiYAwlzHWUAAAAA1KnEKGrM2rPcfcYV49lxNQ==
accept-ranges: bytes
cf-ray: 810e069d2e3d2c20-FRA
x-amz-cf-id: saRSuIqrL8vVf3Y6Gh2IKlA4P8wQT5cNEQFNoQvIdZKwndY08hGgQA==

GET
H2 200 nitay-bachrach.jpg
info.varonis.com/hubfs/ 7 KB
8 KB 1377ms
1359ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/nitay-bachrach.jpg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

643cf3c8306417b9973a1c4f157ab3f899618b74b778c9e5f78370aafa157bad

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-68246290478,FD-38801886889,P-142972,FLS-ALL
x-cdn: Imperva
age: 158707
x-amz-request-id: XP1XY6XN4CEPY122
x-amz-server-side-encryption: AES256
edge-cache-tag: F-68246290478,FD-38801886889,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 637) q(0 13 13 -1) r(13 13) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="nitay-bachrach.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "1d1022c1d7a017202b747a97ba1cb934"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1646951131508
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 78720628b37ebf3e33c42dc098252ee8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tzjYWBK7smwW1vWHcNL9OWVBw98LFqFi
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=12517
x-cache: RefreshHit from cloudfront
cache-tag: F-68246290478,FD-38801886889,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 6888
x-amz-id-2: wnidmfmp4IwHUxjcHgr+oylxP1fOWf1KZsRq3eFlg5i/pe1v6hyUP2cYvUHGNAet73xpGvhyibg=
last-modified: Fri, 31 Mar 2023 01:20:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1zhBnql7uyg70eobNVn1rMwo%2FHtFrmxKE1Tp3SalTgE5EBztg6Vjdp9gqOmWcnPHmH%2B6pgUeJumfSptSi5F%2FA6XJhWsmm8Njh6xiFGIg2euRRZ6W1oH9GfeuIKLk%2Ff%2BExn8%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: HvasdK0AzleyOsXoUSiYAwlzHWUAAAAAxMSLhNI970s5HpEywyIjUw==
accept-ranges: bytes
cf-ray: 810e069d3a14922f-FRA
x-amz-cf-id: FlExJDi6QWkGbWFd3OvGc-K51pqw1JpMKFGd70VlvscgOqANUWR37g==

GET
H2 200 Blog_RansomwareStrain_Generic_BlogHero_202203_V1.0-01-1.png
info.varonis.com/hubfs/ 364 KB
365 KB 1424ms
1406ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog_RansomwareStrain_Generic_BlogHero_202203_V1.0-01-1.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89d78eaa84586f7037e80a478ac048adc5001647aec823161d99c6a82cd4ce3b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-103141931377,FD-109375700770,P-142972,FLS-ALL
x-cdn: Imperva
age: 95680
x-amz-request-id: W283NFX2PMJ52234
x-amz-server-side-encryption: AES256
edge-cache-tag: F-103141931377,FD-109375700770,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 639) q(0 13 13 -1) r(14 14) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Blog_RansomwareStrain_Generic_BlogHero_202203_V1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "200aaae09e66294459a0c3e447267090"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1676859440108
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: NhEzL8ge_b_tM8ZQRJjoLb73B3X1gRsR
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=620519
x-cache: RefreshHit from cloudfront
cache-tag: F-103141931377,FD-109375700770,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 372568
x-amz-id-2: CcxLGCLhwqdgxzsS9727e0mOgxYlCJW/CdesGg75Xo4YxODJuzdTkyoOyZsx6rKRvwa3oSVNI6s/Gy9nc00IH1o1Bnq65HJabZHsRiOQfsQ=
last-modified: Tue, 11 Apr 2023 21:08:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dVdNtwXB6c4Q26g07UwNVLKUSiwvL%2BHMx658DhEmdel4gmnleyHTSg7164LSUCPUCTOTWo%2B9hQyHiUE3bgHtR4CyCMgtchCmav6gBCyY5B9DItHVdKR%2FCpXzJnd7WuAhveI%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 8p/pFUlauBiyOsXoUSiYAwlzHWUAAAAA4DDpLcwSUV9H2bI8vxrmmg==
accept-ranges: bytes
cf-ray: 810e069d8a3f922f-FRA
x-amz-cf-id: DtZN7URbiAp9asgSYpR9PKXkCzKr7BylFzUe4DqNhXVZGoSmcjhwAw==

GET
H2 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/ 19 KB
7 KB 17ms
16ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/prism.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7b88bddc6c757b2fc8cb113e2469801ab14a78ec1a8fada4d6391e3573f5f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 13938259
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6336
last-modified: Tue, 23 Aug 2022 12:03:51 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "6304c227-18c0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SozMlUQAepedqhcKZHWdzYAJV5IRCyyXy1u3NdPtpnlxKTrLSZhdmYTFX56wYZkAUkG9yo1Y4sEBvKMNyCBzmab%2BTQVVVngQM3msYgmmU5nwsV7GWhiVrxypY1NtnK8Hq2N7QSI23RffR8nNBAJFu2QT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810e0693cff01909-FRA
expires: Mon, 23 Sep 2024 14:13:28 GMT

GET
H2 200 prism-autoloader.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/ 6 KB
2 KB 12ms
12ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.29.0/plugins/autoloader/prism-autoloader.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0233342795c86e2079f7406bce72c481918b9ce416aedeb6b37044abae50fc8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6035875
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2202
last-modified: Thu, 22 Jun 2023 11:16:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/r2
etag: "64942d9d-89a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NWCK0HKP2BmbHBYBg7Df6xOittu6I8UnT0IByRKkGZPcQ3rYFwyJoegyD%2FY7UbdCJ1mmxV8rX5k7Aju85nNkpE%2FrgnknM%2FaqbYezSxfsRV4AnArbR%2BQX%2FsSZcgUc2ff5TA%2Br0GiX82iTsTL2dvFpVXzG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 810e0693dffa1909-FRA
expires: Mon, 23 Sep 2024 14:13:28 GMT

GET
H2 200 facebook.svg
info.varonis.com/hubfs/ 634 B
2 KB 1441ms
1423ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/facebook.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a5034e01d5b47ec7eee2b3a45a23919684146c27b715f4fd863037b11b2abff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 172684
x-amz-request-id: 91MASTJEQZBT2X83
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 642) q(0 13 13 -1) r(14 14) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"9667ebfd8e6880e7066c322b0b25a6c8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219654732
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 f8d34d99bd5a267bad6857ae101ea8e2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WA7pU2leNpTprUjaVEZpDKXqPbClsTVp
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88772394392,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /enqSb0ICTsWTB+yz8JOg4EYsiC4dEZLXgdXEPCUlbgzsSpqxQgPXGlSw8A1TFOqEOoWFnMp6T+dCCU1+Et1WPDe0C4lQgTTt5uT7Vha9xw=
last-modified: Mon, 03 Apr 2023 21:49:25 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zi%2FjuQiRtsqq0G4kfE4tY9BpKxXNkrckrzHi6%2BQWCupL4Fm3yvT2mIc7xnJWFYavkUi08lyO%2BColymX5HxCJfKHWFShfaEv%2F0YoJLJAlMkAXXybfLvUkg7xPfannQ%2BDT02I%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: qBBqVWLr5nOyOsXoUSiYAwlzHWUAAAAAcdEbukDr6s8ZOD2nZrnrpQ==
cf-ray: 810e069d8ea12c20-FRA
x-amz-cf-id: mp8sBjc8abGu6zONGbBWujWl6Hh9UetMIvh7JEa8bVSESOv3PuXkDg==

GET
H2 200 linkedin.svg
info.varonis.com/hubfs/ 1 KB
1 KB 1477ms
1459ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/linkedin.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b4639302db82b725feb2fb5b7c2f16d1ef8abe70409c496fe0dc777e143f45d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 173671
x-amz-request-id: 43DBYYNTR4GWWBYC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 643) q(0 14 14 -1) r(14 14) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"15f6f62efcbc0f51585cd41ce283b99a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219666618
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 6ef87569c26a159f552948d3c30a2be0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QNfQH6UicIJK0KK7LA52dQI3xwAuEigm
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88772888503,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: fVWS9n0JNAOLiQscuUIs4I+u4pnJUtklEjbPkNntbve+y1uLLwcbtG3d9vnYXIJTdZQxZ5n/g+TbP1B8k65peMWmPzInm9r8YJS+6wMnze8=
last-modified: Fri, 07 Apr 2023 16:33:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nMnvnw9Uhe31DleifbtY5mVDiceQVisdoYZeqYgreINUyZ5fsczzBi1p5WiUnfGzmJ%2BLMeDL%2Bxaf6y00KamFeU6l4j4dxZcM6JO5B0P6E7LjoEXdLgPnLNVT2Yvd3hben54%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: elrYL4Y5eE2yOsXoUSiYAwlzHWUAAAAAEEgF7WUgCugDsOz0rrr3xg==
cf-ray: 810e069dca63922f-FRA
x-amz-cf-id: tA92Ew1gb-_BBVoqfJdtOrJal-phI23UxwtOIMasTJW5Ev06N_jSxg==

GET
H2 200 twitter.svg
info.varonis.com/hubfs/ 1 KB
2 KB 1482ms
1464ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/twitter.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3daf9b6a39281fdc04a57bdabe589d9aa970719d22733e04fc1ab799b7a5db49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-cdn: Imperva
age: 171182
x-amz-request-id: 62C0V4BTKGK6MQP8
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 645) q(0 14 14 -1) r(14 14) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3ce4a000e199a193e3e73cfac7b4e108"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219676422
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 033e374ece012797cbee0d505e2e61b4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 5d9b1tur7umZsj9sMPaWqlWPAKNW7KFs
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88759860049,FD-109375175550,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: BZHernvh0nR2GFpvRDQzNmRgCpNvF+1ucEPsM1V4Ze/2s8jv+WW3OCQrQ/Il6Vmw/40Nyx5E+SE=
last-modified: Fri, 07 Apr 2023 13:49:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pKu4q02gCYqm60a5CaACfrAMipKxw6NCGV3VcF8BIrhXiyf1sHNV3qGWgq0l5dcI%2BmjivjGlyGGQYRDdp5TiI3TrAoSy0oaYQZTQEOoxZy%2FH1pHl%2FvXddF8DAufaN7kmJpo%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: mh7tDZh6ihayOsXoUSiYAwlzHWUAAAAAG7iwZOyWp2+rZVUjeYtguQ==
cf-ray: 810e069dcedc2c20-FRA
x-amz-cf-id: LgCriFtK2NPajPY6HhyiJDMmBlPgzp8mS7SvnkU6kfhoomtJoaPmQw==

GET
H2 200 instagram.svg
info.varonis.com/hubfs/ 3 KB
2 KB 1510ms
1492ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/instagram.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae925eb57e9822aec57086375bcf93fe910d7c6c0d83cf10bf448c5348aaf0b0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-cdn: Imperva
age: 173081
x-amz-request-id: 62C6MYKVCW3AY0BS
x-amz-server-side-encryption: AES256
edge-cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 647) q(0 14 14 -1) r(15 15) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"2eeffa913d57b77cfd604f3ef1fae9ed"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1666219687130
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 eec5ede1fdb15ceb2352a4ebfb155362.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: meODPhL4FdcYRYplK87hLr86vudDDmQz
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-88770507300,FD-102755455116,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: EszBHddJJKCeWOUChrjlMnRyfDGRG8h7L4j+17McV0mdAGNXAETuXHdDPKf1BUc76winCEAiTMQ=
last-modified: Mon, 03 Apr 2023 21:29:00 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnJKPaje5ioUOcxaeYAAVA5jLgv7W0c3%2Bkf5oEyhvEjyDJbUHCTHARx6apnwSMv3uokiLc1WPtRG5kL7hng%2Bkpi1VpGbbi7epVoWp84cw4wgJ9DpjpabpxDlDr46gcutJ4o%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: bPbZcX6uZTOyOsXoUSiYAwlzHWUAAAAA1zk3ykMwKLBoBGnb3/4VwA==
cf-ray: 810e069e0a88922f-FRA
x-amz-cf-id: smVKS-oSAmam635_bw_ICYMJBBf1_WaY1cs7hearKHSD2bOASmalZg==

GET
H2 200 ISO-27001-Logo%201.png
info.varonis.com/hubfs/ 2 KB
3 KB 1513ms
1495ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ISO-27001-Logo%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b15ab10a2a109c8e59d604cd4101cebe7aab42ec227f8f521398e063bfe0217

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 173081
x-amz-request-id: E3SFV0W4QWDCWVE5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 649) q(0 14 14 -1) r(15 15) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="ISO-27001-Logo%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "a413509b077bcf2faa7621b0d5d4de36"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604427281
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 033e374ece012797cbee0d505e2e61b4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: timIF1O_gxoEXq7s04ImeochSBRbmAhf
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2523
x-cache: RefreshHit from cloudfront
cache-tag: F-87926327385,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2066
x-amz-id-2: 2xfA2NfzacSDbqXcT1VoBm7k+oh+S5jWVjB7hIJwjtS4cBT0g4zTmQpeDTlL345k3ZMennHS+68=
last-modified: Wed, 29 Mar 2023 16:10:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=quSzQAcwozXoA8snv40JKWYzLyDbSEK9qbxQDhDR%2F7mQ57zuHmkrUveBGkEeTtOmQgAezwHg79cg0qQ5qPdgPUsnwu7Ou%2Fh2h68ve4Oy7K%2Bkxm2GJRI6nBB%2BU7WknpCSB3k%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: TOE1Lstj4DmyOsXoUSiYAwlzHWUAAAAAICHEJbQuKDSW/OnNkuFFFA==
accept-ranges: bytes
cf-ray: 810e069e0f1d2c20-FRA
x-amz-cf-id: EjXg24I0ZH6ZGXmQWb4EPmN9psLgJ2F0D1qgIF05QnPeIznPEoFRLw==

GET
H2 200 ISO-27001-Logo%20Copy%204%201.svg
info.varonis.com/hubfs/ 13 KB
11 KB 1532ms
1514ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/ISO-27001-Logo%20Copy%204%201.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba1b3f329ba47639a8586777bb19db73a9c3e37954b5e72ff97df8e0ea931062

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 174093
x-amz-request-id: EWVQRAFNS44A6MP9
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 650) q(0 15 15 -1) r(15 15) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"3c29f40cae554dd8c7276ac63187dec1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604432436
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 a4a80ac7ffee78c042728f52e3f729e0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xgSkvj92cQLN2iNJZ_lFxRESVIwvyqH_
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-87926648114,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: dxzb3YNaaIikgVV8wjyIGTvFF4v2UlsRRunesANcnXexlSIm8efoIFLLF5rqRuND7XkJlHONMl0=
last-modified: Wed, 29 Mar 2023 16:10:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yMPR8RzWa3MIc6i1iXlCsSoIx6eS%2BuIhBRZ8qVhRDHIT5l9stPm7S7fIXwP6ovYoSUl1evu%2Fm5zQdc6LdW5lALucplcrIhexqTIvFCbqS%2BOLffJjIHTmMlwOMbc1KmPlg10%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Wv22SjLtL3yyOsXoUSiYAwlzHWUAAAAAuxtlOqyIpmTmijqpuyJOMg==
cf-ray: 810e069e3aa8922f-FRA
x-amz-cf-id: tPWjFJKtQ7ccTmG3my1XI1U9OoSSHNQKtjQCCYo_5ZoYL8BtuQWMdA==

GET
H2 200 STAR-Level-1-badge%201.png
info.varonis.com/hubfs/ 730 B
2 KB 1555ms
1538ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/STAR-Level-1-badge%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ea31af1ae38b9f8194f93234449262a79af7a7bdac0938c740c62f0eae9d85b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-cdn: Imperva
age: 171183
x-amz-request-id: 1P3HT58DP0M6S6QC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 652) q(0 15 15 -1) r(15 15) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="STAR-Level-1-badge%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "21b42231b455b1ad08b6ac53b5081df7"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604442982
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 77aa8087323921dee0b130bc0589bda8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 3t6QVHH7wvf.mxjXy3Y9twhVmeBu1ejQ
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=1187
x-cache: RefreshHit from cloudfront
cache-tag: F-87926648123,FD-102044878171,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 730
x-amz-id-2: 4eV8Wq3Xc+O2w+/q/WVHUvir6pznLXOT7FW9eoPRA45EF7ALapiOT1P8Uo7NFxjBoo2wcQKkPm8=
last-modified: Fri, 31 Mar 2023 14:59:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5VAOvlLmW7aMWknYUzQOeApxc1WkkxPJZrtyeH9Mbq4yKU6nHw6YbLKPDunv3mDnKO%2FkLiqtyuqxsLgP3igTHcavmVNzOHhMBQ6z0XVR0WwcNH4KhIn7GWpBiwt9%2FjmcmWE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: cnLWQMCG83SyOsXoUSiYAwlzHWUAAAAAuORIuaKX6FVU+8Fp4FBoEw==
accept-ranges: bytes
cf-ray: 810e069e5f752c20-FRA
x-amz-cf-id: AyYNPJBaI7ijNIaSYPh79EcGCkIwA8F4HLpXUL9o5g5p1VF5jSfM8g==

GET
H2 200 AICPA_SOC_250x250%201.png
info.varonis.com/hubfs/ 2 KB
3 KB 1570ms
1553ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/AICPA_SOC_250x250%201.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42222ea51046de258be17a4b61f802c94c29d8feeacaaa4ae194c590198ad002

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-cdn: Imperva
age: 173953
x-amz-request-id: WMJ3T61BMR5XWEGX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 653) q(0 15 15 -1) r(15 15) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="AICPA_SOC_250x250%201.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "3086eb0e182b996b1bd0e515cb8d5ddb"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604414374
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 8eb3c67b1958af32e15515c8eb27fbb4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: QOLtmRwBZ0.MIDnZrV1Q2ii25CJ9jxJq
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=2732
x-cache: RefreshHit from cloudfront
cache-tag: F-87927829343,FD-109375176767,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2104
x-amz-id-2: EeOL7nC7U5jA1dRdAS6lTyggbmRMT1zb8m5GLIaNwyyGVqsN0cdmEew2vPH9fGQ+QT6/hI1093A=
last-modified: Fri, 07 Apr 2023 16:34:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F7GrVV%2FelvW7ErmmvMz8tkfQ232R04cJXY2CInuW5kYVqx3xtMn3Dkq3wP%2FQMNBbXI%2FT2YqWyPFRIphwCrgfwitxOBHa%2BJ%2FX7bYLtYkyyHmWRlu1f3OvnSURz5s6qHvBXZU%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: qb1NJ/epoQmyOsXoUSiYAwlzHWUAAAAAcjxSkA3s21b2vC+Tfc5t6A==
accept-ranges: bytes
cf-ray: 810e069e6ac2922f-FRA
x-amz-cf-id: ZJ0j9mKs4nmED2x6ozXVhKE-otlUWN4gzf421LE2-PA7QaPDnr9ByA==

GET
H2 200 niap_logo%202.svg
info.varonis.com/hubfs/ 11 KB
9 KB 1599ms
1582ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/niap_logo%202.svg

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2c5c92cd55477571c7e757c4105315c813e710586cf1f334f809e8c93d845c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-cdn: Imperva
age: 173081
x-amz-request-id: 25QCTDYT7FS59M1B
x-amz-server-side-encryption: AES256
edge-cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224817 PNNN RT(1696428807335 654) q(0 15 15 -1) r(16 16) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"f7049a9fa4c9ccda9202bfdca55095ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1665604438044
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 f1a0d076bd803c49a08dd5907cff82b0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: i_ozlwX4ZN4wsFQgd.1gm.ZEAGKJ9w6P
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-87928062112,FD-31694816,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: MANj/wKnL/jYABIwHtrHBRyY8IL7eMrY7hVRLCyaMIXxPsLaW6tq3wpWGtJK63blB5K5json6fM=
last-modified: Fri, 31 Mar 2023 01:17:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2bIAOyfGAIlG9AWk5wLEalp59khZoc4y1UmKagd8xXmw%2BiMM29TDY0D877JOeTGzaMuOM3xGheGFTiYlj3Ag44fCRCVuFT91onS3oN30fg2vvToVZ989kaLzcj%2FX6kSAiSE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: 4W2wEIVA+ASyOsXoUSiYAwlzHWUAAAAApfpHu1As1nzEHtNfwzGXpg==
cf-ray: 810e069e9fbd2c20-FRA
x-amz-cf-id: ccHs6WGuv9Tu_PwWoAo1X7PJrDc0GzQDpLG_qKyNMCErHYKecOW8Dw==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 122ms
33ms Script
application/javascript 2606:4700::6811:c060
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 374989d04bb9f7efef831637d8f4b234.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: DUS51-P2
age: 1814417
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2e1p%2BdOPqkeVN%2FnhjyEkM3elmvHNREcSI8V%2F0AbHePo%2BM5q3alFHOJUOpMPOGhULya%2BblZitPN0%2FzFkO9xnzphNjS7nwFRsCduUgg37gi0Zko1lfg1aGCcn%2F5p2Ddd7V5F0GHJXTVtMuVTBcg3Js2lkvRxw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 810e0694acac1c22-FRA
x-amz-cf-id: wPYzpULuaMj49HnhSq9DCGfPKS4cOxbh-bH_kUMQKu9WYEdB65lO-Q==
expires: Thu, 03 Oct 2024 14:13:28 GMT

GET
H2 200 announcement-banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/ 304 B
628 B 58ms
25ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/108364953711/1680550379557/hook-www-varonis/js/announcement-banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 689324
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:33:00 GMT
server: cloudflare
etag: W/"ed246e714d8f7084f9613208eb724cf5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550379808
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jm6hAdTpX9x0K2YCAiFC1EXdFy3AS5xr62tRcwsTdmn3Lx%2FxFPPIdNdTZo9JvzChUYVi696asqkD3CTayT9didqnUYbFH8XZA6Qdt1vzror4qdKlKN%2FmgMNZHXZsyAJKLkDkTNCIl104YUI9oxQ%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e069439d45d8d-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 cse.js Show response
cse.google.com/ 9 KB
4 KB 222ms
64ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

c1d1b6370f1fb9e1e3476fe67d93e054011bd1b3a48fc4723f85c8f6c80006ba

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-ne7uRR2_FmHmI6qtMvbuYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-ne7uRR2_FmHmI6qtMvbuYg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding: br
date: Wed, 04 Oct 2023 14:13:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2990
x-xss-protection: 0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
server: gws
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires: Wed, 04 Oct 2023 14:13:28 GMT

GET
H3 200 module_71662020467_Announcement_Banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/ 865 B
1 KB 142ms
112ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/71662020467/1675114923395/module_71662020467_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1061714
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 116
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 789bde77-36ab-4175-9fd0-206acd5ba653
last-modified: Mon, 30 Jan 2023 21:42:04 GMT
server: cloudflare
etag: W/"6eb6d7132999731493bad4b8e9e19c88"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1675114923395
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a7SbbP5yjaan8fnZi2IcVlfMf3F4aDbTcUSd2KpxnTJEuDKxQvM9eoGg%2FelbBZmbYiJf0KY%2FSQI6fL1upWe9LKlFZ1MSQRf%2FwxIfunyuiMzrw5Ff4TM7bBzVBsCQ5Hf3w%2BAFJjwmssjl3vvvMIQ%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6db9d854cb-qmj5d
cf-ray: 810e06943afc91d5-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 module_97266453797_Remediation_Announcement_Banner.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/ 860 B
1 KB 108ms
78ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/module_97266453797_Remediation_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1356651
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:28:53 GMT
server: cloudflare
etag: W/"a25c4019cb8b6fc47eb8ed83cf1076d4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550132881
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VmvpmnAOCybfDvbyLUvuowYhNLaEsMNArXw1IkWscXjweyOo2SclT6hW9n2btP7E8xkat%2BpsImBpZ7o2wM1iGTrDTt3cTtM4pk6BC0PfGSmrIsdM2qFpgP%2BTdsisLwk05Ktogqeph5EdOImo3Ns%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e06943afd91d5-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 main.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/ 10 KB
4 KB 142ms
112ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281972084/1648813456487/hook-www-varonis/js/main.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1146646
x-amz-cf-pop: IAD12-P2
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 18
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 01 Apr 2022 11:44:17 GMT
server: cloudflare
etag: W/"c4d1fac2b0b677aeaa2c2ade72813888"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1648813456943
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjdJorahLV3QhCdimivX7aShiCKiOiILcolPw9c%2BTJdt%2BqfXfT1ucVRtPM8QBnw%2BePu608xvpgy40FnoZwmXNkli9I4vFTSELwnTy49U%2FH7BEO1GksVU6pVQlOrpE5X%2F%2FmiOZw1rYBsAA8swF%2BI%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e06943afe91d5-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 18

GET
H3 200 module_96126751858_Site_Navigation.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/ 4 KB
2 KB 143ms
113ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/module_96126751858_Site_Navigation.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 1759815
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"066f9d11e54f30bcda41cc81ace646da"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030599466
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 0f818410-8b78-4bc1-91d8-fbf201702256
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0f818410-8b78-4bc1-91d8-fbf201702256
last-modified: Thu, 03 Aug 2023 02:43:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CnsST5j9k%2F0mdtKCRHnWQTyAL0CDs4XXX0VXaP0hdH58s8HCWmqj1AWKzvBvLfv1ATeoZXLH633sPY0Mg%2ByRS3%2Bt%2B7KNkSK6VP2VEMisfdBnRlYI9PXDunUJ0vLfwRX%2BYcUfYwNOIAB8vn5N1JY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-8ktx6
cf-ray: 810e06943aff91d5-FRA

GET
H3 200 module_125777074029_Navigation_Submenu.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/ 1 KB
1 KB 136ms
107ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/125777074029/1692210032469/module_125777074029_Navigation_Submenu.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 589309
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"131209442a05e734a14e3bd00f89bee6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692210032469
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD55-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 992770b5-6e26-45a1-8ce0-a1beef15fec1
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 159
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 992770b5-6e26-45a1-8ce0-a1beef15fec1
last-modified: Wed, 16 Aug 2023 18:20:33 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xa%2FmzehQ4hP5mHepY9YiELhDFUbJrBY6xQrcuY%2FAYn3ZaB%2BDE5wNEVJ7K3zpvavniZ5ZfAPdzIbSuQlehf7H5RYZcDipQzANp64jlzkJsfkBcR5sDmoQu4dmfI%2Fetm5V9KPqV33o7caxX1HlpuY%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 810e06943b0091d5-FRA

GET
H3 200 module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/ 2 KB
2 KB 109ms
80ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/115948073023/1691779299533/module_115948073023_Table_of_Contents_Sidebar_-_Global.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 1014496
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"f95490701022c4b61b9aae62631a9ad7"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691779299533
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: edb15a77-9060-4181-a508-3ccf45d119b7
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 133
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: edb15a77-9060-4181-a508-3ccf45d119b7
last-modified: Fri, 11 Aug 2023 18:41:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UpaZjPfqqLc26n50Khc1kgiR5UVHUT0fpjI498edqvbJiSZ1hHtIbGU08L%2BUqWHFvOP8yiPBUmfoF3WBomZ%2FU4eTD1hGOGKUuHu0Fmgc%2FkjMUlDTD%2FqEVEZbxMtGvZT30vF8VgXybtjXLSWmBJk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
cf-ray: 810e06943b0191d5-FRA

GET
H3 200 module_60280511003_blog-form.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/ 232 B
1 KB 143ms
114ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/60280511003/1678832788379/module_60280511003_blog-form.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1063721
x-amz-cf-pop: IAD89-C1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 150
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a553fa1f-af85-4a74-877a-e83fff121805
last-modified: Tue, 14 Mar 2023 22:26:29 GMT
server: cloudflare
etag: W/"199d600316628445ac927b3b2b5d292b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678832788379
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y5S9ZiIQp6fG2FohA4ttozmDyrQAcmVy7KUXyWI9JfV%2BINILA1sFM6TzpofsS0vEhmDdaL%2BPkJvZQ%2BKDmbCEAxNs5KEpwKeDvPPcMHwYd5y2yHkbrlsMyZSwG%2B%2FzOAyyTFT%2BfdWtXfTY9tey%2BNA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6db9d854cb-9nxbr
cf-ray: 810e06943b0391d5-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 blog.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/ 1 KB
2 KB 134ms
106ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/73655310759/1685000791420/hook-www-varonis/js/templates/blog.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 538883
x-amz-cf-pop: IAD55-P1
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 125
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: af41164f-4ef9-448b-abab-cd967b910772
last-modified: Thu, 25 May 2023 07:46:32 GMT
server: cloudflare
etag: W/"577f12ced843bbb8382cdbe78669b3ba"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1685000791604
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tN2zj0yOER99wqpgNaQ4aPTzeFwaf6%2B2yKWPHGHDgvlnUzh2VG%2FKaVs%2Btmbrl7Is86fErrvKXpVOVUEnpYXuiry1cil27WOUnrIkvTkNAHptfHT91vxnWPZW12mbQPK5122JaxfdHP7SG5Pk8eU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-mgw6m
cf-ray: 810e06943b0591d5-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 jquery.toc.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/ 1 KB
1 KB 135ms
107ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/106410557973/1678780073283/hook-www-varonis/js/templates/jquery.toc.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1014496
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 14 Mar 2023 07:47:54 GMT
server: cloudflare
etag: W/"39e23085840845568c2de46aea67930a"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1678780073283
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZktGpUSK7UTiw5go0hcti8Li7FmCifqPc%2FrTgLpuhBo8xC%2FRmRQdNZYyC10r3PW826vE6rcM8lGsuWeYlfSIhZZoB%2B0Zr2oes%2BLWc1x0yWUBrb7uFqvnkTxZLRw1D%2B50nao9aMETkcus2FeMi2E%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e06943b0791d5-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 module_87397221683_Footer_Site_Directory.min.js Show response
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/ 577 B
1 KB 138ms
109ms Script
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/87397221683/1690924310222/module_87397221683_Footer_Site_Directory.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 55554
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"b7e1d67d9b7a486bb634ad966519a8bc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690924310222
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: faaaac8f-f4cc-4bcd-b675-e49a1718c49c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 162
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: faaaac8f-f4cc-4bcd-b675-e49a1718c49c
last-modified: Tue, 01 Aug 2023 21:11:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyqbJwb2zeOEtUXuGYvsGaor%2BFVLYRscCcSnzu1eud3xcjnKxeCP8oWmiQtV7sfuum1fBhjGHSWP2DcKv5L893ERPNhNPk26P3ipJTWoXTRDFUqIh4HxQLI1YbAp9vG92FggQdpJZNsQPkGjHNk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-hml5r
cf-ray: 810e06943b0891d5-FRA

GET
H2 200 142972.js Show response
www.varonis.com/hs/scriptloader/ 1 KB
1 KB 174ms
153ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/hs/scriptloader/142972.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7980a1c1952f08195c1f3eddff5c7e91f8083d5d508b9c31cf05648f1c03467b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 94c12936-eb8a-4953-87bd-af6a6a9e91fa
content-encoding: br
x-iinfo: 7-102224749-102224793 PNNy RT(1696428807335 472) q(0 0 0 -1) r(1 1) U24
x-envoy-upstream-service-time: 5
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 94c12936-eb8a-4953-87bd-af6a6a9e91fa
last-modified: Wed, 04 Oct 2023 14:12:17 GMT
server: cloudflare
x-trace: 2B67A81FB5BB0EBB1776A8C3AD9B37CD180019D092000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5b5c96c966-rmgdk
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hp0J9%2FXpgi%2FU3Au8RjYRW%2Fw2l9Uvz5sNv%2F1CNSmeuX3PjIv30DI5pFvZMdK9s0S3h66EzDikPQOzgzE9GeqOBftdy7Nm3Nx0lzYliFTaEg%2Bsfv4kQYZJWD5lW1jg59tkmw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e06944a62085b-FRA
expires: Wed, 04 Oct 2023 14:14:28 GMT

GET
H2 200 _Incapsula_Resource Show response
www.varonis.com/ 152 KB
22 KB 39ms
18ms Script
application/javascript 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1473832947

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

91bd4ee0403ce9769019de7b1bfea7897e0104317714e8e0a0ffca13d4124733

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 21945
content-type: application/javascript

GET
H3 200 module_104582894481_What_You_Should_Do_Now_-_Global.min.css
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/ 46 B
1 KB 131ms
112ms Other
text/css 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/104582894481/1692928068437/module_104582894481_What_You_Should_Do_Now_-_Global.min.css
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

age: 1682660
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: "7e0b52d7773d1bdc69885fe97aa20285"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1692928068437
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
content-length: 46
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5d82cead-e02d-4884-ad96-62fd591f2ae0
last-modified: Fri, 25 Aug 2023 01:47:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=prJw3Btz4qQ6vcBTjmmcX%2B8z2%2Fj6LsAeWa3HX6UmFWBLT%2B1xqMi%2FnMSVTsEcGzu2Ijf6%2BtMJzarXhnNNa%2FjlBQx%2FUkwIZm2r37jE9%2FXi1LJ5S8ITB9BJ5NM2dbjRU%2FJNYM8wTGeZEJe0m%2F4cKMk%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-nn77m
accept-ranges: bytes
cf-ray: 810e06943b0991d5-FRA

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 334 KB
111 KB 210ms
65ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

832b293df58a7c02798c9417449e355ff2727650e932f9ea3dfab2c9b7d7539e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113676
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 04 Oct 2023 14:13:28 GMT

GET
H2 200 electric-blue-bullet.svg
info.varonis.com/hubfs/List%20Bullets/ 207 B
1 KB 1610ms
1593ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/List%20Bullets/electric-blue-bullet.svg

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

579b9f734819f583199cd70b03c4e919430a74dd7698921ef16465b41d934769

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-cdn: Imperva
age: 173672
x-amz-request-id: 25QF0DCG0DZY00KY
x-amz-server-side-encryption: AES256
edge-cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 655) q(0 15 15 -1) r(16 16) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"11a69afb5c346ee7879933cb8018fb16"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1686756510007
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 e9e1ae0211eb8060a9bf55183ccf8788.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .NxTwPt8HK_D1KNCw2RVpUG949n3i.Ds
x-amz-cf-pop: CDG53-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-120194019245,FD-120194859397,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 9vAkNl0jufPyVKPBDFkjbO528XMl6jJH61DX4/j7QF+bcqL3dnLS/7eWZercAArEeWZAo9rh1p4=
last-modified: Wed, 14 Jun 2023 18:26:23 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oa67WTAGC3FUUieappxo51YgvIHH1SxU%2FluTey7bFiak03xm7ryYcEuFLrooJXGxnDkCu22m1Vs73GU5w8sMGePmtuYsvOPmogzdBeW2W%2BVY%2Bek1qzand3lqXMoxPK1rZW4%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: Buq5SHgb3zWyOsXoUSiYAwlzHWUAAAAAB2IIzkE4plV1X/d/PvFY9g==
cf-ray: 810e069eaae6922f-FRA
x-amz-cf-id: -XdHvCx8tgbGDKjLlIR8qPMB_QrrgUNMavZX-3Yu7tqUYdg2g2obfg==

GET
H2 200 left-dots.svg
info.varonis.com/hubfs/Blog%20Assets/ 2 KB
1 KB 1636ms
1619ms Image
image/svg+xml 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/Blog%20Assets/left-dots.svg

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/115634408573/1691779171899/hook-www-varonis/css/templates/blog-no-code-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

842abfe134599c5d48d4ddd88bde8d24bd36b32b22bea540837311364b7ce2c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn2.hubspot.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-cdn: Imperva
age: 173160
x-amz-request-id: 34ZDER4DNYQJZX2X
x-amz-server-side-encryption: AES256
edge-cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224815 PNNN RT(1696428807335 656) q(0 16 16 -1) r(16 16) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"254492fd49488a86ceb0dec13de43a23"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1687458027842
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 1a45d1e1304c39dfa9b034c2308f4976.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ehUGABsPDh.TzD7OR2EU0s227ASA3VJS
x-amz-cf-pop: MUC50-P1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-121911793000,FD-120194859397,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 34bYXf7S+mKI4lXqzRxMbAdcQbD+9Amhf3ISTnpfs+wemaG5n1jX2Kdm7r6hPvHTLxEaZkrcIKWBJR31DjFm/JsUkkFwUF2eYEmhCO6Ijoo=
last-modified: Thu, 22 Jun 2023 18:20:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nnqzolZM8U0pv4SpFwO%2FVYVwmZ9L%2Bk9P8hBMOKirhadej%2FQebq6rgo89iWJL2G01s9mpyQBhr%2BAn3VlU9vTJOd2BG4UBZPQSHhbULIQJGu%2FlJDHbf2D5Z%2Bpu98UcfhI%2BITA%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: A5/AdlElaByyOsXoUSiYAwlzHWUAAAAA8okR0z1S6RQDX/fpNzfatg==
cf-ray: 810e069edb7f2bf7-FRA
x-amz-cf-id: 7diwDSNG1btGWsyS1SPoLWhRhYVbOyfd9yMbRofKnrfEZmQ_CkUHVw==

GET
H2 200 Graphik-Medium-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 46 KB
47 KB 146ms
72ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Medium-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1695856274102/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
age: 630276
x-amz-request-id: 5CC17GC0K7JHBQ6M
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "b1508d27f0878f1a2c67e3104acc6f04"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839921
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 14:13:28 GMT
via: 1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: qsBQrK0UutXz6JHO9XDG7lT0R2bZ_P1t
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524008828,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 47393
x-amz-id-2: 3kDcjYmkOH+Z5RBS05z+RPd+S3aiFqV+3k449S3y9M/K9t2e0gITs3Zdm8V+wfoas0fsC8Omv+Q=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 810e0694af9619af-FRA
x-amz-cf-id: 2Ce9uH4GUfKTFLEYtT4RdnLikR_85Zla3dWFOrUhf348nFaAKFcW6g==

GET
H2 200 Graphik-Semibold-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 47 KB
48 KB 153ms
79ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Semibold-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1695856274102/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
age: 629450
x-amz-request-id: 1FTXPKQNHC2VCW22
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "912a296360c873da4d505fecc03d44a5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839881
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 14:13:28 GMT
via: 1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: mxuwX8fqRvNjrtNo8SAnedwxdNDRhr6l
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524053596,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 48237
x-amz-id-2: /3HEAWFegC6Ur44s8FS84+JrT837kolI/6BYZJxEOt0IBJGx2at2C4raGLBZJ320W7JR5owB0XE=
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 810e0694af9819af-FRA
x-amz-cf-id: 8WvtGfAGRJJwYQmLb2k-ttUeX9ZGZYTHtpWPp8EWhKY-nLgOpaRWLw==

GET
H2 200 Graphik-Regular-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 42 KB
43 KB 153ms
80ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Regular-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1695856274102/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
age: 629220
x-amz-request-id: 5CC3818F61G38HJ5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
etag: "3c6b915f90783765fd47bc0e05b46078"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681244839928
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Wed, 04 Oct 2023 14:13:28 GMT
via: 1.1 45144f4effc6db6c846de623ab8b639a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: dC1ZTBx86DO9UlmT3zytQkvsH.OIjcRF
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110525099618,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 43329
x-amz-id-2: RUSjfk2gGJuCBgRTHEcO7MTWQreRLrGje8gfEIFWR5JcFilfZRF0/ZUbUZtmhDcmKdflcRwZF41rpHuzJoUVXg==
last-modified: Tue, 11 Apr 2023 20:27:20 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 810e0694af9a19af-FRA
x-amz-cf-id: OTIOY7tepwjcnXxzXQpe8Kb9yMQqviEj13iDOxGwAmqkObBWCirAQw==

GET
H2 200 Graphik-Bold-Cy-Web.woff2
142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/ 47 KB
48 KB 138ms
65ms Font
application/font-woff2 2606:4700:4400::ac40:9284
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://142972.fs1.hubspotusercontent-na1.net/hubfs/142972/Fonts/Graphik-Bold-Cy-Web.woff2
Requested by: Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/142972/hub_generated/template_assets/60281971998/1695856274102/hook-www-varonis/css/main.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9284 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e78c8571835c19bd1a941799d68bc14b99413f2679d3410c41d1d4d3a00f50f4

Request headers

Referer: https://cdn2.hubspot.net/
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-110524009070,FD-110532947091,P-142972,FLS-ALL
age: 1770472
x-amz-request-id: 3A39QGSBS194FWQX
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110524009070,FD-110532947091,P-142972,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: "188f3225882f51f9eff1c090718bee01"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/font-woff2
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681245085855
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
via: 1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: SDMVhfZD04lWwW2k3U7RNnMB0Ks0y88s
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-110524009070,FD-110532947091,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 48457
x-amz-id-2: I/bkJto1TEo1w1nop71ae9gnzwzFOx8HKCpM67ztQ6Q+lAJd9ATT89myDUJBO50WwkpuXRHu23I=
last-modified: Tue, 11 Apr 2023 20:31:26 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 810e0694af9c19af-FRA
x-amz-cf-id: PopgObRugOSqjnuyAtaVxncq0APYGMVptEDkk8ecJlm-k-bU7Hm0hw==

GET
H2 200 img1-png.png
info.varonis.com/hubfs/ 341 KB
343 KB 1003ms
971ms Image
image/png 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/img1-png.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

042466aaf7512d3e4a31ea6f78adfe639e92ded8c67cf4ae98ecd3e2e741e3c6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-65330263887,FD-102039236096,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: VW10SAKDNED9E4ZB
x-amz-server-side-encryption: AES256
edge-cache-tag: F-65330263887,FD-102039236096,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224809 PNNN RT(1696428807335 600) q(0 0 0 -1) r(9 9) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "7958d5dd58566ae95c1e029809f62618"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1643814877138
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 29tOfGhFEPvjSMc.4cPIxYUF17SiMult
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-65330263887,FD-102039236096,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 349027
x-amz-id-2: kCEikwFWnbE2k/HY3Uev7KRtiCw/zRsbfqIbNg6MDp8MOokWJSKJsqCmbRHshgqWOJeuupbLTRQ=
last-modified: Mon, 27 Mar 2023 21:20:15 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W9aulc8DAA0UUlSuPk3P0uVSwUX1iy2pfk%2BZHUyCBx2cLjTcpSrz%2BrSE2gPU780%2FrcGuceNPfPNbILxdhYB9ZDrT6yaWt%2Fd%2FT9FCQKRh6cC0qDJyTkJREG4kfi6Q1kT5jUE%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: kJlJd2eWN3SyOsXoUSiYAwhzHWUAAAAA+iXbCiEjVqLi707tFWkfzQ==
accept-ranges: bytes
cf-ray: 810e06950d7e922f-FRA
x-amz-cf-id: f6u1IsBs-rYbUEcqUk_JxFtwQsreMqe7x2D4eo4yB0I7xIUc4zo2Aw==

GET
H2 200 MicrosoftTeams-image-3.png
info.varonis.com/hs-fs/hubfs/ 125 KB
127 KB 135ms
103ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hs-fs/hubfs/MicrosoftTeams-image-3.png?quality=high&width=1002&name=MicrosoftTeams-image-3.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73eb8a0d1b2a2ede2c0268edad90e2ec9fa7936a4dce3d39180628436b129c97

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000
via: 1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
x-cdn: Imperva
cache-tag: F-125626267994,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224811 PNNN RT(1696428807335 602) q(0 0 0 -1) r(1 1) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 128480
cf-resized: internal=ok/m q=0 n=759+171 c=0+0 v=2023.9.8 l=128480
last-modified: Thu, 20 Jul 2023 15:30:20 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfN9LSoTct3SA4lQD3ifstGpsSM2VhEIN51C3i3Gj9DQ:03cc2b93b3e8b6a941083f7a1b10e30d"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bs0Jm%2BjbmMQQWOkh7bpi1fsh%2FnXrctRwSbyHoa4c5hLFEPImtDRvJNLkF16PMSSoNDWCeWfKSxAuEfBofoteO7idMHEfql0%2BonycN0FJcFxhPxKZgBwyrMOw2%2BJVU91u4QM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-incap-sess-cookie-hdr: Pmg9cMDbFH6yOsXoUSiYAwhzHWUAAAAAy5BGQIB7UeZX+183+kK/mg==
accept-ranges: bytes
cf-ray: 810e06950af93720-FRA

GET
H2 200 img3-png.png
info.varonis.com/hubfs/ 222 KB
224 KB 690ms
659ms Image
image/png 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/img3-png.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f7807f53ce6922a5ef5423078085b2e018df0f1665c2cc229a58dac0a0226c3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-65330399083,FD-102039236096,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: AT070BQDQTP14DZH
x-amz-server-side-encryption: AES256
edge-cache-tag: F-65330399083,FD-102039236096,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224813 PNNN RT(1696428807335 604) q(0 0 0 -1) r(6 6) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "61973ee15321734ac4785cd86ca0fc55"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1643814899220
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
via: 1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: WtvABFwOISFIXFi.n6K8jFxvM25O91Z3
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-65330399083,FD-102039236096,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 227795
x-amz-id-2: dJoNUtTb1Rn3DrmLWEJNdw1K31HTohn8CNrcCuHh9gmjpagT5qY7I9HNoHmJAqSzWw7DIhXBIME=
last-modified: Mon, 27 Mar 2023 21:21:02 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3qb0eo6x7Y6%2B44l6OEdPqUy9U7gE0%2FdbrJFH2X3zmX513Sj5I19fEZPvW03Zn8LIfn5d2AwR%2Bchhl7zUIBi%2FH7717TBej%2BSCPBbSaf%2FLtqx8WCC2JF2veWc90P7rFWF7rcQ%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: EsSTWL20vk6yOsXoUSiYAwhzHWUAAAAAXTWoc5KonGsd66kOFsVIGw==
accept-ranges: bytes
cf-ray: 810e06951c1d9a00-FRA
x-amz-cf-id: E_co3ISu3bOfbbs5KV1hdVGbOZBbFXEs37AM3koXEadunOL5gCJ20Q==

GET
H2 200 img4-png.png
info.varonis.com/hubfs/ 36 KB
38 KB 1800ms
1770ms Image
image/png 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/img4-png.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00278a453914097eee273e1a0b21a14d0a54603c66f7f6d80d518458284a7da8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-65332189239,FD-102039236096,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: B3EA49582MFK3HH4
x-amz-server-side-encryption: AES256
edge-cache-tag: F-65332189239,FD-102039236096,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224835 NNNY CT(5 48 0) RT(1696428807335 607) q(0 0 0 -1) r(17 17) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "469b7e2843c1ad60d31e87a9eefb2580"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1643814934655
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 fde85e7daa13f95cf6b8f5fa09c62ef6.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: t5RrehpjZQSTpiaxNevwPsbfzTBa5aFK
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-65332189239,FD-102039236096,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 37016
x-amz-id-2: vtD1b7WXqCipeX7IfCI6LJTlVCpIFWA1msMDtc4QZu/m9scSodoD+huFD44j2LtvtcnyyhX26XY=
last-modified: Mon, 27 Mar 2023 21:20:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KvGzMbI%2BBf7ATisCIeHjbXOSg2UijZoA8wFzZqAsY4olQza3ywfiN8oJ5tZCK8NPgFV8AAWEf5HtjYL3ndJbItKrnI47FTpU7VyQ3PHNd6eSPFFHNXltv82bPQ6WELXRh2w%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: mL4gbWW8uzOyOsXoUSiYAwlzHWUAAAAAxQCZtGxwJDLnwtXl6OhFZQ==
accept-ranges: bytes
cf-ray: 810e06952d192c00-FRA
x-amz-cf-id: _99gFZoPY5Fw8e72jXJtDWfiEwPzu-dp4j0vTHqh7HceIYdeowRZGg==

GET
H2 200 img5-png.png
info.varonis.com/hubfs/ 40 KB
41 KB 1934ms
1907ms Image
image/png 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hubfs/img5-png.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6565a1bd1d49a65db10a0462a849777279d835b0056c40df63882ad8f87ee98

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-65330399235,FD-102039236096,P-142972,FLS-ALL
x-cdn: Imperva
x-amz-request-id: YR7JX0JYVSRA7TMC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-65330399235,FD-102039236096,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224811 PNNN RT(1696428807335 609) q(0 1 1 -1) r(10 19) U24
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: "f2ddf266befc20b70c8ae18a5af91204"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1643814940072
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 56317bf75183e752b06c880e8a1e502a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: NgcVvGkChiVn53eBVaHuPj3ZCSJN5sTd
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
cache-tag: F-65330399235,FD-102039236096,P-142972,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 41199
x-amz-id-2: JiAdzOFhPeGWKLRDqGlB+US7gD7GLO/SWeQsqAjh/uV8iBLs7Z/hxWfjHshMtQez9iiRN4jAkTE=
last-modified: Mon, 27 Mar 2023 21:20:58 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pahNdSYpikRE6VjP2azsDGdlErKy72YjUP5G5M0zRebSoaMvUyXxn7yr15%2FfcnQ%2F7mW6sFxyBXd78KdzwlX6u8Hfe2Ci4FhQGmy2vUm3BVeENUOECK7PirrihMiJEv0e6vs%3D"}],"group":"cf-nel","max_age":604800}
x-incap-sess-cookie-hdr: SigtOP+cOByyOsXoUSiYAwlzHWUAAAAAoRmw+LmK2VzURTQ0xtF8FA==
accept-ranges: bytes
cf-ray: 810e0695cbb73720-FRA
x-amz-cf-id: jAhWrA4opV8bnn0gKws4pHZyg-dSDKsUjjll1WS8bRxxrQH_9McvxA==

GET
H2 200 img6-png-1.png
info.varonis.com/hs-fs/hubfs/ 362 KB
363 KB 2808ms
2780ms Image
image/webp 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://info.varonis.com/hs-fs/hubfs/img6-png-1.png?quality=high&width=1935&name=img6-png-1.png

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c3d729459410d2b7b1860cb5facca15292c225b88f5f7c5671fddbd79a5d386

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:31 GMT
strict-transport-security: max-age=31536000
via: 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
x-cdn: Imperva
cache-tag: F-65332191277,FD-102039236096,P-142972,FLS-ALL
x-iinfo: 7-102224749-102224813 PNNN RT(1696428807335 611) q(0 8 8 -1) r(10 28) U24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 370918
cf-resized: internal=ok/m q=0 n=1725+170 c=0+0 v=2023.9.8 l=370918
last-modified: Mon, 27 Mar 2023 21:21:01 GMT
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "cfYxU7xOT2r990_vijONnMW_uHbgKLc3NlzaA_GoVaDQ:2bc65867168b9faba8340afe051e90de"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BlD5n9WmlBuk4JAD%2FAEj5uKXGeoslmTgLlKgLEe73bF4Zfc4R9Fjip%2FRZkMtfAOZcLHqUsK%2B3KjidiB8cZnTukvEjVw4bd4zmMnTmo9BNgK%2BWw8hllCrroRINuxJH4iAUZA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-incap-sess-cookie-hdr: LuIeOlu9zkeyOsXoUSiYAwpzHWUAAAAATu8L6bGeBtTCjXFQlf65UQ==
accept-ranges: bytes
cf-ray: 810e069a38d29a00-FRA

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/e992cd4de3c7044f/ 309 KB
103 KB 291ms
71ms Script
text/javascript 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/e992cd4de3c7044f/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07d241ae62c2c40e9c20c169b35cf9bda9b3e99cba1e5ad4f86351364156c290

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 105313
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 17:25:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 04 Oct 2023 14:13:28 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/e992cd4de3c7044f/ 41 KB
9 KB 304ms
84ms Stylesheet
text/css 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/e992cd4de3c7044f/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c965aefdb4c6acf10f46758dc1601a64d811dcf3a378bf9e90278916aa47508f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9102
x-xss-protection: 0
last-modified: Mon, 31 Jul 2023 17:25:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: private, max-age=31536000
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 04 Oct 2023 14:13:28 GMT

GET
H2 200 minimalist.css
www.google.com/cse/static/style/look/v4/ 5 KB
2 KB 261ms
42ms Stylesheet
text/css 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/minimalist.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=d594e21cf961c2c72

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:08:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 314
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1452
x-xss-protection: 0
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 04 Oct 2023 14:58:14 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 221ms
7ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d6db9d19306813748edcd3ad3e8cdc304c7bd5905609ba7915cddf435f023418

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 14:13:28 GMT
content-md5: Y+9gGR9nljnEFNXHI6G0vA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1686
x-fb-debug: 57eKAdyuu9kluVyBBf7HEpoMxiX9O1pfylGkHaKcT4cixrGrPZMjzIUAsq1PsRC1Xo0WR/c4DjB4UD554OFzAg==
x-fb-content-md5: fecd28918fc65e2533370934ed2407ec
cross-origin-opener-policy: same-origin-allow-popups
etag: "12fd22c4e8f4fbcde077a18f496e6170"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Wed, 04 Oct 2023 14:14:26 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 227ms
16ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 14:13:28 GMT
Content-Encoding: gzip
Age: 254
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (frb/6760)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 module_97266453797_Remediation_Announcement_Banner.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/ 860 B
1 KB 37ms
36ms Other
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/97266453797/1680550132881/module_97266453797_Remediation_Announcement_Banner.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1356651
x-amz-cf-pop: IAD89-P1
x-amz-server-side-encryption: AES256
x-hs-alternate-content-type: text/plain
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 03 Apr 2023 19:28:53 GMT
server: cloudflare
etag: W/"a25c4019cb8b6fc47eb8ed83cf1076d4"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1680550132881
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HY22MpGOV%2FXsZXswmlxAzmw7QessmSUry%2Bt%2FTViWM7rxxr4iEKvkSQOpBTII8HKSNYRb4gs65iRoCDWgOkan%2FiJVdECdf4wkUN%2BpuMKkr7AIH9conEjh%2BebnuTl7sF9VyTAy92ELPSVBVy6ys8s%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e06958bb991d5-FRA
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H3 200 module_96126751858_Site_Navigation.min.js
cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/ 4 KB
2 KB 37ms
35ms Other
application/javascript 2606:4700::6810:70d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/142972/hub_generated/module_assets/96126751858/1691030599466/module_96126751858_Site_Navigation.min.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6810:70d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-encoding: br
age: 1759815
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"066f9d11e54f30bcda41cc81ace646da"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1691030599466
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Wed, 04 Oct 2023 14:13:28 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 0f818410-8b78-4bc1-91d8-fbf201702256
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 153
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 0f818410-8b78-4bc1-91d8-fbf201702256
last-modified: Thu, 03 Aug 2023 02:43:20 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5KFFTtBys%2F7U32nNummBW%2BrsTbFQXOShzL8TtspVRMf8qHOeg0jUpsfP5JQNUyF%2BnEThyBf0YsXUA60Ju5Ww2zmKaWxD4Rvubh5sEXPLSwrEbs6whVl1JbaCp37iIWfFqIqVKUTiff%2Bn9zdPco%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-8ktx6
cf-ray: 810e06958bba91d5-FRA

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 76 KB
22 KB 232ms
35ms Script
application/javascript 2606:4700::6811:f8a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f8a8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4cbb0c49cf1ed22b88acfb387f9a6a2631d5bb65e1c184b69f647d755d02708e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
x-amz-version-id: Rc9nWyfHtNORHwaD4AH_xHs88uglfenR
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 337
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.14288/bundles/project.js&cfRay=810dfe598d572c25-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 7636532c-2b5e-4c2a-b31f-1113098f3972
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 1
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7636532c-2b5e-4c2a-b31f-1113098f3972
last-modified: Mon, 02 Oct 2023 06:50:43 UTC
server: cloudflare
etag: W/"130a40cea625878ebdd5776feea29183"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-wh2kt
cf-ray: 810e0696dbad2c7d-FRA
x-amz-cf-id: Wa_Xg0eiX5vDRHC3vgvJHXHOGXlhe2MOI3T8Akv84crxuuxOMa3AMw==
x-hs-target-asset: conversations-embed/static-1.14288/bundles/project.js

GET
H2 200 142972.js Show response
js.hs-analytics.net/analytics/1696428600000/ 67 KB
21 KB 228ms
32ms Script
text/javascript 2606:4700::6810:4cba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1696428600000/142972.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4cba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89a699a152461e445320bea3f3d031de51ddb19a946183f1a439a644173e8f99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 996A76EQDG9E6JMP
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 112daa67-f876-4766-90fa-0e8582fee9fb
age: 132
x-envoy-upstream-service-time: 42
x-amz-id-2: QhVoGNT77WhWpWNHs+USi58VJJvhHX7Ek6BVMPmcoq9ajDl0SLkM5nkkQ+mzjXR+MR1qSTKC2Vsuj/JioOxe/aJzw0+IUu/J
x-evy-trace-listener: listener_https
x-request-id: 112daa67-f876-4766-90fa-0e8582fee9fb
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 21 Sep 2023 19:51:52 GMT
server: cloudflare
etag: W/"d5d1d0d29c2707bc86fd60d405946c3f"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-snk2v
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 810e0696dc2368eb-FRA
expires: Wed, 04 Oct 2023 14:16:16 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/142972/ 72 KB
21 KB 332ms
136ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/142972/banner.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/hs/scriptloader/142972.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18f280481cc1c76e8fee899434c6cfb687a18d2431a8c1cb671b6f22d79a1a2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
x-amz-version-id: 7WRkGPbjkS9W5cCsuq535cKKUliezPOI
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: 45KBS9699ERGSZ6E
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 3127946a-b204-4e8d-998b-ecebd6fc951b
x-envoy-upstream-service-time: 25
x-amz-id-2: TxKfWPIS1rG+9gN43CtTZ8b7xM2QJ69KUkYgO1OPo6JHVqLAdB/z5dIrU1HQPh9gRt6qHRn3hxo=
x-evy-trace-listener: listener_https
x-request-id: 3127946a-b204-4e8d-998b-ecebd6fc951b
x-evy-trace-route-configuration: listener_https/all
last-modified: Tue, 26 Sep 2023 18:58:17 GMT
server: cloudflare
etag: W/"21e47621f3b91e626687b83463087439"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-c5f7fd779-fzzvz
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 810e0696d8974dbf-FRA
expires: Wed, 04 Oct 2023 14:18:28 GMT

GET
H2 200 _Incapsula_Resource
www.varonis.com/ 1 B
93 B 8ms
5ms Image
text/plain 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.varonis.com/_Incapsula_Resource?SWKMTFSR=1&e=0.6101808429304265

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

POST
H2 202 event Show response
plausible.io/api/ 2 B
501 B 82ms
57ms XHR
text/plain 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://plausible.io/api/event
Requested by: Host: plausible.io
URL: https://plausible.io/js/plausible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
cdn-edgestorageid: 1081
cdn-cachedat: 10/04/2023 14:13:28
cdn-pullzone: 682664
application: 10.0.1.5
alt-svc: h3=":443"; ma=2592000
content-length: 2
x-request-id: F4rtA27P_XXb27YPpGOB
server: BunnyCDN-DE1-1081
cdn-proxyver: 1.04
cdn-requestpullcode: 202
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
cdn-requestid: 939e652ca891a4bd6cd26d911dcbbc21
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
978 B 327ms
184ms Script
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=142972&callback=jsonpHandler

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b4cb55d0-7db2-43a6-ac28-214f050cfc96
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=810e0696dabb9b34&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: b4cb55d0-7db2-43a6-ac28-214f050cfc96
server: cloudflare
x-trace: 2B40A818587E314BBF545193E8CFB3E9AFA8139928000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-7c89bb96b9-bnhh6
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 810e0696dabb9b34-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 128ms
41ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 13:44:21 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 1747
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Wed, 04 Oct 2023 15:44:21 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/ 3 KB
2 KB 209ms
82ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015553108/?random=1696428808693&cv=11&fst=1696428808693&bg=ffffff&guid=ON&async=1&gtm=45He3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&hn=www.googleadservices.com&frm=0&tiba=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a10434d2c7b705270c162fd76edd7d3869eaf72c0d5a8a9576dbf5a3b09c286

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1352
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 23 KB
8 KB 79ms
6ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 15 Jun 2023 20:49:59 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "4a205643a240cb95fa82289d62b5af7e"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 7409

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 67 KB
25 KB 96ms
26ms Script
application/x-javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: d43b25c0ef488f3f361c0aa0ce5b9168a0feb1005710e61a55391ae2d1dc3ad2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
last-modified: Thu, 28 Sep 2023 23:06:50 GMT
server: ECS (frb/67D4)
age: 36173
etag: "9f54ad7660f2d91:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 25471

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 198 KB
53 KB 10ms
9ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 04 Oct 2023 14:13:28 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53356
x-xss-protection: 0
pragma: public
x-fb-debug: kC/VpobPqjrm6kaExj8Zei/oFjTGOMZ6ECoVahIxk4rxsAgs6KvUBl5RL7T9/pjo9T0gIUYlrBnDRM4Zk1PSLA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 142972.js Show response
js.hs-scripts.com/ 1 KB
1 KB 94ms
47ms Script
application/javascript 2606:4700::6810:bd59
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/142972.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:bd59 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80ddd78c05e44e1dca22e4539fc4999f1e5bda248a3a692f568eb378b387aab0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: 94c12936-eb8a-4953-87bd-af6a6a9e91fa
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=1427
age: 0
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 94c12936-eb8a-4953-87bd-af6a6a9e91fa
cf-bgj: minify
last-modified: Wed, 04 Oct 2023 14:13:28 GMT
server: cloudflare
x-trace: 2B67A81FB5BB0EBB1776A8C3AD9B37CD180019D092000000000000000000
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.varonis.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5b5c96c966-rmgdk
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 810e0697289b994e-FRA
expires: Wed, 04 Oct 2023 14:14:28 GMT

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 145ms
18ms Script
application/javascript 2606:4700::6811:4341
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4341 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-request-id: 5YYTHJRBB1PJWM24
age: 4245
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 4uz2INy8q50sLd+/ireJhh3/emj5VxaoGQJuJ2NuYZKWTVe4CJVaf/ohvH5EuvOAeBBg1bE0UGMVGfceRCpo4g==
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
server: cloudflare
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=14400
cf-ray: 810e0697ccebbbeb-FRA
expires: Wed, 04 Oct 2023 18:13:28 GMT

GET
H2 200 events.js Show response
tags.srv.stackadapt.com/ 18 KB
7 KB 198ms
99ms Script
text/javascript 3.124.54.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/events.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.124.54.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-54-211.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8ce41692b497c498d51bf57532743f3086343a37a9a43d739ad6b049a0a0e208

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 14:13:29 GMT
cache-control: max-age=5
content-encoding: gzip
content-type: text/javascript

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 103ms
5ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230068-FRA

GET
H2 200 6si.min.js Show response
j.6sc.co/ 51 KB
15 KB 122ms
31ms Script
application/javascript 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Aug 2023 22:29:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64e7d9dd-cc38"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14993
expires: Wed, 04 Oct 2023 14:13:28 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 79ms
14ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 05 Sep 2023 13:41:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=75759
accept-ranges: bytes
content-length: 3822

GET
H2 200 bat.js Show response
bat.bing.com/ 44 KB
13 KB 88ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 04 Oct 2023 14:13:28 GMT
last-modified: Wed, 06 Sep 2023 22:41:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 441EB749AC3C43279C0475DF44549B2D Ref B: FRAEDGE2011 Ref C: 2023-10-04T14:13:28Z
etag: "09cc4613e1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12981

GET
H2 200 cse.js Show response
cse.google.com/ 9 KB
3 KB 83ms
81ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

a062d200b24848ae48e03dca7898c23a33b6e321378ac4c08cf2f416a9261b0b

Security Headers

Name	Value
Content-Security-Policy	object-src 'none';base-uri 'self';script-src 'nonce-nT9Ciy5L_kHCursf3_cfAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-nT9Ciy5L_kHCursf3_cfAQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding: br
date: Wed, 04 Oct 2023 14:13:28 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2981
x-xss-protection: 0
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
server: gws
x-frame-options: SAMEORIGIN
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private
permissions-policy: unload=()
origin-trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires: Wed, 04 Oct 2023 14:13:28 GMT

GET
H/1.1 200
OK ktxevents.v1.js Show response
trackit.ktxlytics.io/ 98 KB
98 KB 70ms
15ms Script
application/javascript 13.32.121.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://trackit.ktxlytics.io/ktxevents.v1.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-31.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date: Wed, 04 Oct 2023 03:32:39 GMT
x-amz-version-id: 8nobErucU.TGbL_HVc3JJOzAiDrdj9pU
Via: 1.1 ec85113c6ed859938b3fcfa19bc035f8.cloudfront.net (CloudFront)
Last-Modified: Wed, 23 Oct 2019 19:11:31 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P1
Age: 38450
ETag: "5350ce54b7969cfe1e9a0314b25964b6"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 99889
X-Amz-Cf-Id: EwDYv3n7xHiMRAe39CIFhoAYJQKNOY8ZHBtzKJ1iDKI78woCwk5TCA==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 289 KB
93 KB 61ms
59ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMGCX7V

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

faebc799c5c9ba08721a680a4d47935e8a3e802c579b81b69cc3b4df58ac6aca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95476
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 04 Oct 2023 14:13:28 GMT

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1629798&seg=31639437&t=2&gtmcb=833645257
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D833645257

43 B
843 B

20ms
20ms

Image
image/gif

185.89.210.82
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D833645257

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Server

185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
an-x-request-uuid: 0e08de25-a2b5-437f-9c03-6497ec2083c0
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 185.213.155.175; 185.213.155.175; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:28 GMT
an-x-request-uuid: 44d6f801-1809-4855-a530-f1f01766eb96
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1629798%26seg%3D31639437%26t%3D2%26gtmcb%3D833645257
cache-control: no-store, no-cache, private
x-proxy-origin: 185.213.155.175; 185.213.155.175; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 /
insight.adsrvr.org/track/pxl/ 70 B
149 B 117ms
32ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=71679u3&ct=0:ms2x9ot&fmt=3&gtmcb=643224258
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 59ms
6ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1696428808790&id=t2_4ofecxl5&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=8652af75-99f8-4168-8f2d-d330c062407b&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_f5bd31b2
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:28 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

GET
H3 200 all.js Show response
connect.facebook.net/en_GB/ 306 KB
86 KB 37ms
11ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js?hash=388ec2b0d8959beb07f936c0ea67241a

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d1821a486051ec80ac6b6df976eff0fa4fb6cc2b3942550c03485ae26efe8a10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 04 Oct 2023 14:13:28 GMT
content-md5: 5gN1XTUKsHgpEp5JfgXjOA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87643
x-fb-debug: nu6o8NygGpYYiBsLVoO2+eCHNQnqkYNvwIr9lNAgOqXlon0bvD28l7LPqFYjdMheEuavgGVpgx4t1WaAYjSDuw==
x-fb-content-md5: 268386c7ddd6ef73a6735b9078a963b2
cross-origin-opener-policy: same-origin-allow-popups
etag: "d07fd22524da1e380f98742de0ae7627"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Thu, 03 Oct 2024 12:06:53 GMT

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame 1551 320 KB
104 KB 72ms
16ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.varonis.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/674C) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 55756
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Wed, 04 Oct 2023 14:13:28 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/674C)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 57ms
38ms Stylesheet
text/css 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=013425730632158569092:arjc2usbxyq

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:38:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2084
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Wed, 04 Oct 2023 14:28:44 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
245 B 54ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PCF2HBX32M&gtm=45je3a20&_p=1745933346&cid=541319125.1696428809&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1696428808&sct=1&seg=0&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&dt=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 179650485736885 Show response
connect.facebook.net/signals/config/ 136 KB
35 KB 127ms
121ms Script
application/x-javascript 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/179650485736885?v=2.9.132&r=stable&domain=www.varonis.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e9257b54b3d81dfce32af893a3abae4de8cde74b3a8015a8bf22c53b7f1a5b50

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 04 Oct 2023 14:13:29 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: lwQ2m+KiIpZKRMKysoaFZjAnupGsVvZ9Q3Z83h6XCiT40u4Pllcs4yd1SIFB93G/51onh0r0lz2dtWV6Cb0H3g==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 widget Show response
www.varonis.com/_hcms/livechat/ 294 B
2 KB 288ms
287ms XHR
application/json 45.60.154.169
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.varonis.com/_hcms/livechat/widget?portalId=142972&conversations-embed=static-1.14288&mobile=false&messagesUtk=9ac8e6a30dd84737b65d9a5873a7ca2b&traceId=9ac8e6a30dd84737b65d9a5873a7ca2b

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.154.169 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0bc6ab0429aba031f99821f6ade232f11c1b3cc6d344d4a0213599c6aa2d3db

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-cdn: Imperva
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 33eb8d73-e95c-464e-b58e-257561e0891d
x-iinfo: 7-102224749-102224793 PNNy RT(1696428807335 1142) q(0 2 2 -1) r(3 3) U24
x-envoy-upstream-service-time: 20
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 33eb8d73-e95c-464e-b58e-257561e0891d
server: cloudflare
x-trace: 2B28B191975E275DD2AE70AB67854FE2801A9776D3000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-5b5c96c966-2w6d7
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4za9l8JBgbsytU8wTNtkyfZyASJBXGiLBR7FDDjtdzax%2BQzVXCUvyfGA8JoIFgtExajVLtrh2ReQqEWnrxgYUCRjC39WagxKl7RDtrsXyhlJ1hdSyullkD1vUyJbkXzGA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 810e06993ed5085b-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 13:58:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 927
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 04 Oct 2023 14:58:02 GMT

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
326 B 21ms
18ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=17b44736560d4533886249a6dcd0aebc&_biz_s=786b8d&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&_biz_t=1696428809121&_biz_i=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&_biz_n=0&rnd=258446&cdn_o=a&_biz_z=1696428809123
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6760) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
last-modified: Wed, 04 Oct 2023 04:10:18 GMT
server: ECS (frb/6760)
age: 36191
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 u
cdn.bizibly.com/ 43 B
203 B 34ms
10ms Image
image/gif 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizibly.com/u?_biz_u=17b44736560d4533886249a6dcd0aebc&_biz_s=786b8d&_biz_l=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&_biz_t=1696428809128&_biz_i=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&rnd=33967&cdn_o=a&_biz_z=1696428809128
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6752) /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
last-modified: Sat, 30 Sep 2023 01:06:59 GMT
server: ECS (frb/6752)
age: 392790
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: -1

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 1551 869 B
658 B 163ms
117ms Fetch
application/json 104.244.42.72
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=c6927aaa5462658dcd18b15c475a2abe621ba09d

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.varonis.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.72 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-response-time: 110
date: Wed, 04 Oct 2023 14:13:28 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Wed, 04 Oct 2023 14:13:29 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 0e18471e89377f26
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: 1e5058937f6e0118793516703af6f616c004b0a79852654b2f44938166000ec1
content-length: 337

GET
H3 200 async-ads.js Show response
cse.google.com/adsense/search/ 144 KB
52 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/e992cd4de3c7044f/cse_element__en.js?usqp=CAI%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c60b510cdab369d5390dbbec6e9fc6c781584517eafafe5a77291c4dd665e91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
etag: "13707509393103616410"
vary: Accept-Encoding
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
accept-ranges: bytes
link: <https://www.adsensecustomsearchads.com>; rel="preconnect"
expires: Wed, 04 Oct 2023 14:13:29 GMT

GET
H2 204 generate_204
clients1.google.com/ 0
117 B 119ms
37ms Image
text/plain 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/1015553108/ 42 B
64 B 51ms
50ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1015553108/?random=1696428808693&cv=11&fst=1696428000000&bg=ffffff&guid=ON&async=1&gtm=45He3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&frm=0&tiba=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&fmt=3&is_vtc=1&random=476099273&rmt_tld=0&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1015553108/ 42 B
455 B 149ms
55ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1015553108/?random=1696428808693&cv=11&fst=1696428000000&bg=ffffff&guid=ON&async=1&gtm=45He3a20&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&frm=0&tiba=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&fmt=3&is_vtc=1&random=476099273&rmt_tld=1&ipr=y

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 147ms
146ms Fetch 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/142972/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-hubspot-correlation-id: ea7f22c7-c1d1-4c00-9e6f-0449abd693e0
x-envoy-upstream-service-time: 34
x-evy-trace-route-configuration: listener_http/all, listener_https/all
x-evy-trace-listener: listener_http, listener_https
x-request-id: ea7f22c7-c1d1-4c00-9e6f-0449abd693e0
server: cloudflare
x-trace: 2B9D3C21775BEE6D2D1647701E038D4E4937FAD376000000000000000000
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host: all, all
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-874b7f86f-2llt5, iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-8ghtd
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
access-control-max-age: 604800
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 810e069ac9ce19a9-FRA

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 133ms
112ms Preflight
application/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 810e069a192b19a9-FRA
content-length: 0
content-type: application/octet-stream
date: Wed, 04 Oct 2023 14:13:29 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-8ghtd
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 47c0bfbc-6676-40ed-9c91-c9934be3210f
x-request-id: 47c0bfbc-6676-40ed-9c91-c9934be3210f

GET
H2 200 adsct
t.co/1/i/ 43 B
378 B 168ms
117ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=cce6438f-55f5-4329-ac22-be16cb484076&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=356e86cf-8fcd-4815-809f-617f3a4cca02&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-response-time: 109
date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: bcd6c2cd7568e827
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: af9fe11794234765c28eca874716122c9c801f8636a953f6808690936411676f
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
724 B 189ms
117ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=cce6438f-55f5-4329-ac22-be16cb484076&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=356e86cf-8fcd-4815-809f-617f3a4cca02&tw_document_href=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tw_iframe_status=0&txn_id=o7owr&type=javascript&version=2.3.29

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-response-time: 109
date: Wed, 04 Oct 2023 14:13:28 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: d0edaba7f8f686e1
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 5c19da1bf7b1c517662b12dbb41ef6e30c75312e8d288fcb156b016103cf9f28
content-length: 43

GET
H2 200 Lato-Bold.woff2
js.hs-banner.com/v2/fonts/Lato/ 181 KB
182 KB 22ms
21ms Font
binary/octet-stream 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/fonts/Lato/Lato-Bold.woff2
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae88fc0d7a961832f809527d30bd3983a6866d42f66a56ade23f543681594db6

Request headers

Referer: https://www.varonis.com/
Origin: https://www.varonis.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
x-amz-version-id: sfEPVBYCXt80T0z5ul_KVf4SJIaFn86j
cf-cache-status: HIT
x-amz-request-id: WPM8NGNMW4G3BCNZ
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: d045e04a-fae1-42d8-9d42-6875a832cca6
age: 401449
x-envoy-upstream-service-time: 41
content-length: 184912
x-amz-id-2: KZMSpNm3bI8y0qlwNukMOSIHsEw1nxPy2Vor2UXLHNQx3ojfE+hckd/GTVbkQfN5ytsASWhvrJk=
x-evy-trace-listener: listener_https
x-request-id: d045e04a-fae1-42d8-9d42-6875a832cca6
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 12 Sep 2022 19:35:53 GMT
server: cloudflare
etag: "cccb897485813c7c256901dbca54ecf2"
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: binary/octet-stream
access-control-allow-origin: https://www.varonis.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
access-control-allow-credentials: true
cache-control: public, max-age=2592000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 810e069a596719a9-FRA
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-f4w7q

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
356 B 331ms
106ms XHR
application/json 54.147.237.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMTQ3NX0.iI-HhwOQ2R9nR36t6D2kwo7l09ByrLMU2A7_XHc4Ar0

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.147.237.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-237-138.compute-1.amazonaws.com

Software

Resource Hash

e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 41
x-request-id: e36eb97aa102b1f902e6b173a63ae124

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
15 KB 11ms
10ms Script
application/x-javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3ac17d461ee8b27503b79e7141b02cffef51873f0f27d5c18b4454ee16a0d97a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 01 Oct 2023 16:57:46 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=70714
accept-ranges: bytes
content-length: 14888

OPTIONS
H2 200 tp2
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ Frame 0
0 351ms
108ms Preflight 100.24.225.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.225.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-225-40.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.varonis.com
access-control-max-age: 600
content-length: 0
date: Wed, 04 Oct 2023 14:13:29 GMT
server: nginx

POST
H2 200 tp2 Show response
c2.ktxlytics.io/com.snowplowanalytics.snowplow/ 2 B
337 B 132ms
107ms XHR
text/plain 100.24.225.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.snowplow/tp2
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.24.225.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-225-40.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.varonis.com
date: Wed, 04 Oct 2023 14:13:29 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2

200

v1
c2.ktxlytics.io/com.snowplowanalytics.iglu/
Redirect Chain

https://ib.adnxs.com/getuid?https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=$UID
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&aid=6621358&dsp_type=adnxs&p=web&dsp_uid=8774940407839765704
https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=8774940407839765704&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs

43 B
387 B

108ms
108ms

Image
image/gif

100.24.225.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=8774940407839765704&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Server: 100.24.225.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-100-24-225-40.compute-1.amazonaws.com
Software: nginx /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:30 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 43

Redirect headers

date: Wed, 04 Oct 2023 14:13:29 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
location: https://c2.ktxlytics.io/com.snowplowanalytics.iglu/v1?dsp_uid=8774940407839765704&aid=6621358&n3pc=true&schema=iglu:io.kortx/dsp_sync/jsonschema/1-0-0&p=web&dsp_type=adnxs
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 0

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 19ms
6ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
309 B 63ms
7ms XHR
text/html 2a02:26f0:7100::5f64:87d0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100::5f64:87d0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b2e3fc362f86c882c8655f7d26cc8dde4c201cd22be17745cbff4357b2b8677d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.varonis.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a03:1b20:6:f011::5e
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1696428809604_1600423884_55746021_18_832_6_17_219";dur=1
content-length: 20
expires: Wed, 04 Oct 2023 14:13:29 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 221ms
200ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=5eaa85c0-b093-4790-809b-86b040a3d2bb&session=1a9e00ab-7962-4d35-8fc9-a8c9d2e60420&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2004%20Oct%202023%2014%3A13%3A29%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A13%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%2208f833d2e9af1f124e201163df927e7c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A13%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A13%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%22c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A13%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22%5Btrue%2Cnull%2C3%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2004%20Oct%202023%2014%3A13%3A29%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22How%20threat%20actors%20can%20use%20Microsoft%20Power%20Automate%20to%20automate%20data%20exfiltration%2C%20C2%20communication%2C%20lateral%20movement%2C%20and%20evade%20DLP%20solutions.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&pageViewId=4bebe67f-035e-47f0-8465-4144f1ce8dcc&v=1.1.6

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 sa.css
tags.srv.stackadapt.com/ 65 B
203 B 104ms
102ms Stylesheet
text/css 3.124.54.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.css
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.124.54.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-54-211.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d6398b300668eb7ed43afbd20f823484dd6a9f9b943bb642d584b1afd132e5d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 14:13:29 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 65
content-type: text/css

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 117ms
98ms Fetch
image/jpeg 3.124.54.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.124.54.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-54-211.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 14:13:29 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 sa.jpeg Show response
tags.srv.stackadapt.com/ 0
2 KB 117ms
99ms Fetch
image/jpeg 3.124.54.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/sa.jpeg
Requested by: Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.124.54.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-54-211.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 04 Oct 2023 14:13:29 GMT
cache-control: only-if-cached, no-transform, private, max-age=7776000
content-length: 651
content-type: image/jpeg

GET
H2 200 xdc.js Show response
cdn.bizible.com/ 116 B
325 B 100ms
99ms Script
text/javascript 152.195.15.58
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/xdc.js?_biz_u=17b44736560d4533886249a6dcd0aebc&_biz_h=-1906410348&cdn_o=a&jsVer=4.23.09.28
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.195.15.58 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6711) /
Resource Hash: 21b24fad0dc9b0e7028091667ce34de48efb52cba0d590c40647e29d32aa64c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
content-encoding: gzip
server: ECS (frb/6711)
etag: F3FB4CFB
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
content-length: 219

GET
H2 204 148008183.js Show response
bat.bing.com/p/action/ 0
116 B 31ms
30ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/148008183.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Wed, 04 Oct 2023 14:13:29 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D1BC00782EC34F5DB6F3121E2479F79B Ref B: FRAEDGE2011 Ref C: 2023-10-04T14:13:29Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 31ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=148008183&tm=gtm002&Ver=2&mid=12307f55-8756-44a6-a339-17df7a5ec5de&sid=315b2a8062c011ee99c295fd8e05835b&vid=315b508062c011ee9fef8d793a9f7704&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&p=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&r=&lt=797&evt=pageLoad&sv=1&rn=614019

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 04 Oct 2023 14:13:29 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E112D3ED522D4B0D8199BACD316FE105 Ref B: FRAEDGE2011 Ref C: 2023-10-04T14:13:29Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 32ms
10ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=179650485736885&ev=PageView&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&rl=&if=false&ts=1696428809700&sw=1600&sh=1200&v=2.9.132&r=stable&ec=0&o=30&fbp=fb.1.1696428809696.526478868&cs_est=true&ler=empty&it=1696428809004&coo=false&dpo=LDU&dpoco=0&dpost=0&exp=a0&rqm=GET

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 04 Oct 2023 14:13:29 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 242ms
242ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=08f833d2e9af1f124e201163df927e7c&svisitor=null&visitor=5eaa85c0-b093-4790-809b-86b040a3d2bb&session=1a9e00ab-7962-4d35-8fc9-a8c9d2e60420&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A5e%22%7D&isIframe=false&m=%7B%22description%22%3A%22How%20threat%20actors%20can%20use%20Microsoft%20Power%20Automate%20to%20automate%20data%20exfiltration%2C%20C2%20communication%2C%20lateral%20movement%2C%20and%20evade%20DLP%20solutions.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&pageViewId=4bebe67f-035e-47f0-8465-4144f1ce8dcc&v=1.1.6

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 16 B
36 B 49ms
48ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1745933346&t=pageview&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&ul=en-us&de=UTF-8&dt=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAEAjAAAAACAAI~&jid=2048676951&gjid=899322273&cid=541319125.1696428809&tid=UA-2019109-1&_gid=1792705706.1696428809&_r=1&_slc=1&gtm=45He3a20n81KMGCX7V&z=1644109157

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a04f7efa05c1f9212a79b715568b9976977a4d8e8f0c7ee571ab4f71bf32ccc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 64ms
8ms Preflight 35.156.227.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.227.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-227-238.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.varonis.com
access-control-max-age: 1800
date: Wed, 04 Oct 2023 14:13:29 GMT
server: nginx

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 986 B
743 B 49ms
31ms XHR
application/json 35.156.227.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.156.227.238 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-156-227-238.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ae7bbdcffb27bb95a21b4921872904447f4fb643534230fef98eea39904b9ba9

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
Authorization: Token c1b0175dc2b2ae319cf32b1dec3db9836bdaea3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
X-6s-CustomID: WebTag1.0 08f833d2e9af1f124e201163df927e7c

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
content-length: 558

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
700 B 178ms
131ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: F07145FFCEE54EEF92ADA920829B9667 Ref B: FRAEDGE1114 Ref C: 2023-10-04T14:13:29Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.varonis.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYG5JyZE++7PVi2FL39+Q==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1696428809788&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1696428809788&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&cookiesTest=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1696428809788&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&cookiesTest=true&e_ipv6=A...

0
481 B

225ms
200ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1696428809788&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&cookiesTest=true&e_ipv6=AQLwkuvA4dzZFwAAAYr7CWAGap44L7-NgPYjlHmxGYrzzMHAKNYISO3kA9_UX-SJqRzT274-
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:30 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 998E4C7AF17F4247B42C6157DAF9EE52 Ref B: FRAEDGE1405 Ref C: 2023-10-04T14:13:30Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type: application/javascript
x-li-fabric: prod-ltx1
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYG5JyhxlwmHrbGnaD0Fw==

Redirect headers

date: Wed, 04 Oct 2023 14:13:30 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CD6D20B4004E4F7498BE5EE0AB81973B Ref B: FRAEDGE1114 Ref C: 2023-10-04T14:13:30Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=23300%2C4766249&time=1696428809788&url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&tm=gtmv2&cookiesTest=true&e_ipv6=AQLwkuvA4dzZFwAAAYr7CWAGap44L7-NgPYjlHmxGYrzzMHAKNYISO3kA9_UX-SJqRzT274-
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYG5Jye5JTbchy2K73RnA==

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
465 B 120ms
109ms XHR
application/json 54.147.237.138
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.147.237.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-147-237-138.compute-1.amazonaws.com

Software

Resource Hash

fa345691002e4c6b7f0acc01fa0238a1567c6f940eebb9e4ae53198a23b26853

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.varonis.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
content-length: 48
x-request-id: 9b538e8e02ad0530103fdd5efb3fd94c

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 65ms
18ms XHR
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-2019109-1&cid=541319125.1696428809&jid=2048676951&gjid=899322273&_gid=1792705706.1696428809&_u=aCDAAEAiAAAAACAAI~&z=827693309

Requested by

Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 04 Oct 2023 14:13:29 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 260 KB
85 KB 71ms
65ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

47d51cfb7763a2e8e2c8c97a75123ca1f3fc931caca84a39813a663343f0220e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:29 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 04 Oct 2023 14:13:29 GMT

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 116 B
310 B 102ms
98ms XHR
text/plain 3.124.54.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=_9vH_OIoGoaDi4-zdBz9Vg&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&t=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&tip=yvFqGkUAhSPdPI-gR9Mbj4eXxmUV35lDZCOzRG5M-ak&host=https%3A%2F%2Fwww.varonis.com&sa_conv_data_css_value=%270-641c05a9-c763-5753-40a2-e012ef5b146a%27&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9641c05a9c763575340a2e012ef5b146ab9d59baf&sa-user-id-v3=s%253AAQAKIEdrFDFVwjEmp6ngJ-DjpxKpRs2VEhoUhoYvdq1gxwwkEHwYBCCI5vWoBjABOgRLGKL4QgRqDPOe.ht%252BuWX17asRK2n42sLYy4XIkC%252B80BOY6AsjwYaQFofM&sa-user-id-v2=s%253AZBwFqcdjV1NAouAS71sUarnVm68.YufG5lkaYfFhMi1rHWimlXjz3ask80NlTC73ZjEbZB0&sa-user-id=s%253A0-641c05a9-c763-5753-40a2-e012ef5b146a.dTWBV3kXiKmDqRQQmBx1GTBRaT842NMBt4Oi2vtncr4
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.124.54.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-54-211.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: https://www.varonis.com
date: Wed, 04 Oct 2023 14:13:29 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 116
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H2 200 saq_pxl Show response
tags.srv.stackadapt.com/ 138 B
332 B 131ms
127ms XHR
text/plain 3.124.54.211
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.srv.stackadapt.com/saq_pxl?uid=7DZRzfkZdpma72wkdfbzjA&is_js=true&landing_url=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&t=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&tip=yvFqGkUAhSPdPI-gR9Mbj4eXxmUV35lDZCOzRG5M-ak&host=https%3A%2F%2Fwww.varonis.com&sa_conv_data_css_value=&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd9641c05a9c763575340a2e012ef5b146ab9d59baf&sa-user-id-v3=s%253AAQAKIEdrFDFVwjEmp6ngJ-DjpxKpRs2VEhoUhoYvdq1gxwwkEHwYBCCI5vWoBjABOgRLGKL4QgRqDPOe.ht%252BuWX17asRK2n42sLYy4XIkC%252B80BOY6AsjwYaQFofM&sa-user-id-v2=s%253AZBwFqcdjV1NAouAS71sUarnVm68.YufG5lkaYfFhMi1rHWimlXjz3ask80NlTC73ZjEbZB0&sa-user-id=s%253A0-641c05a9-c763-5753-40a2-e012ef5b146a.dTWBV3kXiKmDqRQQmBx1GTBRaT842NMBt4Oi2vtncr4
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.124.54.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-54-211.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-origin: https://www.varonis.com
date: Wed, 04 Oct 2023 14:13:29 GMT
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 138
access-control-allow-methods: GET
content-type: text/plain; charset=utf-8

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 88ms
87ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2019109-1&cid=541319125.1696428809&jid=2048676951&_u=aCDAAEAiAAAAACAAI~&z=611259969

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 82ms
81ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-2019109-1&cid=541319125.1696428809&jid=2048676951&_u=aCDAAEAiAAAAACAAI~&z=611259969

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 26ms
20ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-36XYNTY1LS&_ono=1&gtm=45je3a20&_p=1745933346&_gaz=1&ul=en-us&sr=1600x1200&cid=541319125.1696428809&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&dt=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&sid=1696428810&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 25ms
19ms Ping
text/plain 2a00:1450:400c:c07::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ono=1&tid=G-36XYNTY1LS&cid=541319125.1696428809&gtm=45je3a20&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-36XYNTY1LS&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 64ms
62ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ono=1&tid=G-36XYNTY1LS&cid=541319125.1696428809&gtm=45je3a20&aip=1&z=508318300

Requested by

Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zi-tag.js Show response
js.zi-scripts.com/ 8 KB
3 KB 55ms
7ms Script
application/javascript 52.222.236.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: www.varonis.com
URL: https://www.varonis.com/blog/power-automate-data-exfiltration
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-102.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c365a59132dd34b492cb3a77d534078dd35cbbf75dbb2eabbe328642b74a291b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

x-amz-version-id: Rt6XPSKiJ8UdHSAhNzDbvtFnl_cNNgVn
content-encoding: br
via: 1.1 3431ec594cac61983aae2d9ffaf23980.cloudfront.net (CloudFront)
date: Wed, 04 Oct 2023 13:40:22 GMT
last-modified: Mon, 24 Jul 2023 07:50:42 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P4
age: 22814
etag: W/"4eb0c668e820abe414d19a11b92dd0fa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: -saC2nm5WlPKdS5qmAVZymHGlgJ82WaMqHg2q7YqBQrMZZ3UAGiJrg==

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
612 B 156ms
147ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1666088104&v=1.1&a=142972&pi=65326053274&ct=blog-post&ccu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&cpi=65326053274&cgi=740355147&lpi=65326053274&lvi=65326053274&lvc=en&pu=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&t=Using+Power+Automate+for+Covert+Data+Exfiltration+in+Microsoft+365&cts=1696428810549&rv=1&vi=a5438ad54c7c399d3072a1d535879dee&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a44bdd4b-1dd4-465c-92d3-84a5b412a0b5
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 19
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a44bdd4b-1dd4-465c-92d3-84a5b412a0b5
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=npIQyOevDgBWVT4%2BDLZwNUW6Sb%2BbgfAkcXHcxPhXaDxQbalIqcpvfmRrpxbn6t97MeechZ4d5OorgjYbSQ74Sp7Z0xaXMaaMF8o3zLRAD1U%2BIHObneJzF7APDRJU6KqetjAAdOC2TR8XBqdKcTBg"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-674b9fb979-lsbhc
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 810e06a20b709b34-FRA
x-robots-tag: none

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 194ms
194ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

OPTIONS
H2 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 224ms
208ms Preflight 52.222.236.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-102.fra56.r.cloudfront.net
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-headers: *
access-control-allow-methods: *
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: MR7ptjcTPHcESXA=
date: Wed, 04 Oct 2023 14:13:30 GMT
vary: Access-Control-Request-Headers
via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
x-amz-cf-id: BdS3I7kgFvSjhKvfiYhtyGxuRJDjzqRr7zWuh1fGLBhiDrlzha9LSQ==
x-amz-cf-pop: FRA56-P4
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H2 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ 146 B
511 B 161ms
160ms Fetch
application/json 52.222.236.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.236.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-236-102.fra56.r.cloudfront.net
Software: / Express
Resource Hash: f44d3280db5f1ea523daef59942ede4b9d8c49b1d822e22836ff694d634c338c

Request headers

Content-Type: application/json
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
accept-language: de-DE,de;q=0.9
Authorization: Bearer f17f1ae9341679920418
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
visited_url: https://www.varonis.com/blog/power-automate-data-exfiltration

Response headers

date: Wed, 04 Oct 2023 14:13:30 GMT
via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
x-powered-by: Express
etag: W/"92-yqWgSomLce9LineMKD2Dmr/VFpk"
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
content-length: 146
apigw-requestid: MR7pwgW3PHcESqw=
x-amz-cf-id: JsZs5i5UrRzMvzLHQu8D2LIY_XMAddit8rwPQn9WCEqqxscpVK4vMQ==

GET
H3 200 / Show response
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ 3 KB
2 KB 221ms
193ms Fetch
text/javascript 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

736e7941b123bcbff9e7ca417324a979d8c4577ccd201e14f60ef7bf34f3af06

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
_vtok: MTg1LjIxMy4xNTUuMTc1
_zitok: 30978b82b571484832a91696428810
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type: text/javascript

Response headers

date: Wed, 04 Oct 2023 14:13:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://www.varonis.com
access-control-allow-credentials: true
cf-ray: 810e06a60e269bb3-FRA
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
alt-svc: h3=":443"; ma=86400

OPTIONS
H2 200 /
ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/ Frame 0
0 179ms
150ms Preflight
text/html 2606:4700::6810:890f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/DNPOKtRYpkAfQBCiqMLF/?iszitag=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:890f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type
Access-Control-Request-Method: GET
Origin: https://www.varonis.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok
access-control-allow-origin: https://www.varonis.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 810e06a4eb5c2c2e-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 04 Oct 2023 14:13:31 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 196ms
196ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:31 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 195ms
194ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:32 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
485 B 223ms
223ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:33 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 250ms
250ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:34 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
45 B 19ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PCF2HBX32M&gtm=45je3a20&_p=1745933346&cid=541319125.1696428809&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=2&sid=1696428808&sct=1&seg=0&dl=https%3A%2F%2Fwww.varonis.com%2Fblog%2Fpower-automate-data-exfiltration&dt=Using%20Power%20Automate%20for%20Covert%20Data%20Exfiltration%20in%20Microsoft%20365&en=6sense&ep.employee_count=7&_et=889&up.company_name=Stadtjugendring%20Suhl%20E.%20V.&up.country=Germany&up.city=Suhl&up.zip=98528&up.employee_range=0%20-%209&up.revenue_range=%241%20-%20%241M&up.confidence=Low
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PCF2HBX32M&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 04 Oct 2023 14:13:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.varonis.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 226ms
226ms Image
image/gif 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-193.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.varonis.com/blog/power-automate-data-exfiltration
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date: Wed, 04 Oct 2023 14:13:35 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

119 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

59 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.varonis.com/	1970-01-20 15:13:50	Name: __cf_bm Value: yXspvrhiXb1zSfMpihuNb8BMmHT7yLBfxjs4bzbh4o4-1696428808-0-AQZzBXSAZrYKTTFKm41la2NO41jbcTf5UvD5RBZNZfhJqhA5RG6aIw33388Jd6ROd3ZIEPLwGJdCx7mV9NRxDyY=
.www.varonis.com/	1969-12-31 23:59:59	Name: __cfruid Value: a0f38a3a4d478d0c4e590b90372b00f94725b91f-1696428808
.varonis.com/	1970-01-20 23:58:27	Name: visid_incap_2074238 Value: 9DK3wSy9SsqlpIspxshcqAdzHWUAAAAAQUIPAAAAAAC5hTFL4oPRwqYIFczAuJsH
.varonis.com/	1969-12-31 23:59:59	Name: nlbi_2074238 Value: tcTOSHQQRy+s1LKtV8um7wAAAABZv2D5x65uNPeCYRG2j4r/
.varonis.com/	1969-12-31 23:59:59	Name: incap_ses_259_2074238 Value: qKKJAovKAiCyOsXoUSiYAwdzHWUAAAAAUEYZlKfA+o0riGvE+PXoJg==
.info.varonis.com/	1969-12-31 23:59:59	Name: __cfruid Value: a0f38a3a4d478d0c4e590b90372b00f94725b91f-1696428808
.info.varonis.com/	1970-01-20 15:13:50	Name: __cf_bm Value: 6PKt4dQCbCIEWZ7Hzlo.R_TfNzccD1uLvG2MDcf7WAM-1696428808-0-AWdnOoRCjx3RRWNUTBKpSXhSQRBlSUfbcBEq3h8SDtUVsVRT2mMeDFDRr3aGsoMSLQwtYYigb+2tlSKcKspKp/E=
.varonis.com/	1970-01-20 17:23:24	Name: _gcl_au Value: 1.1.1992271619.1696428809
.varonis.com/	1970-01-20 17:23:24	Name: _rdt_uuid Value: 1696428808788.8652af75-99f8-4168-8f2d-d330c062407b
.doubleclick.net/	1970-01-20 15:13:49	Name: test_cookie Value: CheckForPermission
.hubspot.com/	1970-01-20 15:13:50	Name: __cf_bm Value: 6Cg85cItm_0l7eXXgPRtyXWAjdHhXb82BGr2w0Kx0yI-1696428808-0-ASlwCXn2CZ5ckTsfMPpdDJ3GahUof8BP0pgYLPIbU/9Kh/k+pGG8piHUFdbX2TDIjgYNM5G6x8/4dDWgnHirHOE=
.adnxs.com/	1970-01-20 17:23:24	Name: uuid2 Value: 8774940407839765704
tags.srv.stackadapt.com/	1970-01-20 23:59:24	Name: sa-user-id Value: s%3A0-641c05a9-c763-5753-40a2-e012ef5b146a.dTWBV3kXiKmDqRQQmBx1GTBRaT842NMBt4Oi2vtncr4
.srv.stackadapt.com/	1970-01-20 23:59:24	Name: sa-user-id Value: s%3A0-641c05a9-c763-5753-40a2-e012ef5b146a.dTWBV3kXiKmDqRQQmBx1GTBRaT842NMBt4Oi2vtncr4
tags.srv.stackadapt.com/	1970-01-20 23:59:24	Name: sa-user-id-v2 Value: s%3AZBwFqcdjV1NAouAS71sUarnVm68.YufG5lkaYfFhMi1rHWimlXjz3ask80NlTC73ZjEbZB0
.srv.stackadapt.com/	1970-01-20 23:59:24	Name: sa-user-id-v2 Value: s%3AZBwFqcdjV1NAouAS71sUarnVm68.YufG5lkaYfFhMi1rHWimlXjz3ask80NlTC73ZjEbZB0
tags.srv.stackadapt.com/	1970-01-20 23:59:24	Name: sa-user-id-v3 Value: s%3AAQAKIEdrFDFVwjEmp6ngJ-DjpxKpRs2VEhoUhoYvdq1gxwwkEHwYBCCI5vWoBjABOgRLGKL4QgRqDPOe.ht%2BuWX17asRK2n42sLYy4XIkC%2B80BOY6AsjwYaQFofM
.srv.stackadapt.com/	1970-01-20 23:59:24	Name: sa-user-id-v3 Value: s%3AAQAKIEdrFDFVwjEmp6ngJ-DjpxKpRs2VEhoUhoYvdq1gxwwkEHwYBCCI5vWoBjABOgRLGKL4QgRqDPOe.ht%2BuWX17asRK2n42sLYy4XIkC%2B80BOY6AsjwYaQFofM
.varonis.com/	1970-01-21 00:49:48	Name: _ga Value: GA1.2.541319125.1696428809
.varonis.com/	1970-01-20 15:15:15	Name: _gid Value: GA1.2.1792705706.1696428809
.adnxs.com/	1970-01-20 17:23:24	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2C'!go43P!]tbP6j2F-XstGt!@DgQ$qJ_(
.varonis.com/	1970-01-20 23:59:24	Name: _biz_uid Value: 17b44736560d4533886249a6dcd0aebc
.varonis.com/	1970-01-20 15:13:50	Name: _biz_sid Value: 786b8d
.varonis.com/	1970-01-20 23:59:24	Name: _biz_nA Value: 1
.bizible.com/	1970-01-20 23:59:24	Name: _BUID Value: 17b44736560d4533886249a6dcd0aebc
.bizibly.com/	1970-01-20 23:59:24	Name: _BUID Value: 0069da0656f07a3e99e733948cccbb46
.t.co/	1970-01-21 00:49:48	Name: muc_ads Value: 874b4734-4441-4c94-bdc3-bca8a3f4e538
.twitter.com/	1970-01-21 00:49:48	Name: guest_id_marketing Value: v1%3A169642880941650636
.twitter.com/	1970-01-21 00:49:48	Name: guest_id_ads Value: v1%3A169642880941650636
.twitter.com/	1970-01-21 00:49:48	Name: personalization_id Value: "v1_ekfblbCblF7L6sdtAv7u4Q=="
.twitter.com/	1970-01-21 00:49:48	Name: guest_id Value: v1%3A169642880941650636
.varonis.com/	1970-01-20 15:13:50	Name: _sp_ses.1082 Value: *
.varonis.com/	1970-01-21 00:49:48	Name: _sp_id.1082 Value: f8db67b7-a46a-43d6-8483-2f1142ecf408.1696428810.1.1696428810.1696428810.30179191-99a5-474d-9811-c6d9d5eadef4
www.varonis.com/	1970-01-21 00:49:48	Name: _gd_visitor Value: 5eaa85c0-b093-4790-809b-86b040a3d2bb
www.varonis.com/	1970-01-20 15:14:03	Name: _gd_session Value: 1a9e00ab-7962-4d35-8fc9-a8c9d2e60420
www.varonis.com/	1970-01-20 23:59:24	Name: sa-user-id Value: s%253A0-641c05a9-c763-5753-40a2-e012ef5b146a.dTWBV3kXiKmDqRQQmBx1GTBRaT842NMBt4Oi2vtncr4
www.varonis.com/	1970-01-20 23:59:24	Name: sa-user-id-v2 Value: s%253AZBwFqcdjV1NAouAS71sUarnVm68.YufG5lkaYfFhMi1rHWimlXjz3ask80NlTC73ZjEbZB0
www.varonis.com/	1970-01-20 23:59:24	Name: sa-user-id-v3 Value: s%253AAQAKIEdrFDFVwjEmp6ngJ-DjpxKpRs2VEhoUhoYvdq1gxwwkEHwYBCCI5vWoBjABOgRLGKL4QgRqDPOe.ht%252BuWX17asRK2n42sLYy4XIkC%252B80BOY6AsjwYaQFofM
.varonis.com/	1970-01-20 23:59:24	Name: _biz_pendingA Value: %5B%5D
.varonis.com/	1970-01-20 15:15:15	Name: _uetsid Value: 315b2a8062c011ee99c295fd8e05835b
.varonis.com/	1970-01-21 00:35:24	Name: _uetvid Value: 315b508062c011ee9fef8d793a9f7704
.bing.com/	1970-01-21 00:35:24	Name: MUID Value: 09BD6696D3F66C5E07687536D2246DE1
.varonis.com/	1970-01-20 17:23:24	Name: _fbp Value: fb.1.1696428809696.526478868
.varonis.com/	1970-01-20 15:13:48	Name: _gat_UA-2019109-1 Value: 1
www.varonis.com/	1970-01-20 15:23:53	Name: slireg Value: https://scout.us1.salesloft.com
.varonis.com/	1970-01-20 23:59:24	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22ViewThrough%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.varonis.com/	1970-01-21 00:49:48	Name: _ga_PCF2HBX32M Value: GS1.1.1696428808.1.0.1696428809.0.0.0
.6sc.co/	1970-01-21 00:49:48	Name: 6suuid Value: bd641102153c3c0009731d659f03000040934100
www.varonis.com/	1970-01-20 23:59:24	Name: sliguid Value: 11bfdbee-9875-4404-b95b-0bf7474a3498
www.varonis.com/	1970-01-20 23:59:24	Name: slirequested Value: true
.linkedin.com/	1970-01-20 17:23:24	Name: li_sugr Value: 3944e91e-8a09-4886-bf29-204f329c58fe
.linkedin.com/	1970-01-20 23:59:24	Name: bcookie Value: "v=2&130d54a5-8be9-4647-8942-2b4b22f11366"
.linkedin.com/	1970-01-20 15:15:15	Name: lidc Value: "b=TGST05:s=T:r=T:a=T:p=T:g=2844:u=1:x=1:i=1696428809:t=1696515209:v=2:sig=AQHByHe6dmi4il17DVFM6n3Iocmnzr0d"
.ktxlytics.io/	1970-01-20 23:59:24	Name: sp Value: 2cb9ff11-d442-4d30-9134-44c54cdcfef6
.varonis.com/	1970-01-21 00:49:48	Name: _ga_36XYNTY1LS Value: GS1.2.1696428810.1.0.1696428810.60.0.0
.linkedin.com/	1970-01-20 19:33:00	Name: li_gc Value: MTswOzE2OTY0Mjg4MTA7MjswMjGeTVQJQPLAo1Qt3WWTytddvhfPlQSsVBZblqdFvgjWXQ==
.www.varonis.com/	1970-01-21 00:49:48	Name: _zitok Value: 30978b82b571484832a91696428810
.zoominfo.com/	1970-01-20 15:13:50	Name: __cf_bm Value: ATR_2jkjZjvBR20SrFXzENQos82n6pIRqAgUzoYIAYE-1696428811-0-AXxrRFsoxHC/NaLAa8FB6Q8y9lL3DxIjZwn8ypUrcw4tzrxCQHdxtNNMd+q1zUxuoX3SaXFCHtWkHqWQfoBAZL4=
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: DVkeehQbOsUckr1Lzrcu5lc8.gjKzCrdZRjtxtJcipY-1696428811381-0-604800000

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

142972.fs1.hubspotusercontent-na1.net
alb.reddit.com
analytics.twitter.com
app.hubspot.com
b.6sc.co
bat.bing.com
c.6sc.co
c2.ktxlytics.io
cdn.bizible.com
cdn.bizibly.com
cdn2.hubspot.net
cdnjs.cloudflare.com
clients1.google.com
connect.facebook.net
cse.google.com
epsilon.6sense.com
fonts.googleapis.com
googleads.g.doubleclick.net
ib.adnxs.com
info.varonis.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.usemessages.com
js.zi-scripts.com
platform.linkedin.com
platform.twitter.com
plausible.io
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
region1.google-analytics.com
scout-cdn.salesloft.com
scout.salesloft.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
tags.srv.stackadapt.com
track.hubspot.com
trackit.ktxlytics.io
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.redditstatic.com
www.varonis.com
100.24.225.40
104.244.42.133
104.244.42.195
104.244.42.72
13.107.42.14
13.32.121.31
146.75.116.157
151.101.65.140
152.195.15.58
185.89.210.82
2.17.100.193
2001:4860:4802:32::36
2400:52e0:1e00::1081:1
2606:2800:234:59:254c:406:2366:268c
2606:4700:4400::ac40:9284
2606:4700:4400::ac40:991b
2606:4700::6810:4cba
2606:4700::6810:70d1
2606:4700::6810:890f
2606:4700::6810:bd59
2606:4700::6811:190e
2606:4700::6811:4341
2606:4700::6811:c060
2606:4700::6811:f8a8
2606:4700::6813:9a53
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:801::2002
2a00:1450:4001:802::200e
2a00:1450:4001:80e::200e
2a00:1450:4001:811::2008
2a00:1450:4001:811::200e
2a00:1450:4001:812::2003
2a00:1450:4001:828::200a
2a00:1450:4001:82b::2004
2a00:1450:400c:c07::9a
2a02:26f0:3500:16::215:148d
2a02:26f0:7100::5f64:87d0
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42::396
3.124.54.211
35.156.227.238
45.60.154.169
52.222.236.102
52.223.40.198
54.147.237.138
00278a453914097eee273e1a0b21a14d0a54603c66f7f6d80d518458284a7da8
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
0233342795c86e2079f7406bce72c481918b9ce416aedeb6b37044abae50fc8d
0420b36738d9457c3f40a67c69135b170861becd9bac983563b3aeada5287aa4
042466aaf7512d3e4a31ea6f78adfe639e92ded8c67cf4ae98ecd3e2e741e3c6
07d241ae62c2c40e9c20c169b35cf9bda9b3e99cba1e5ad4f86351364156c290
0b4639302db82b725feb2fb5b7c2f16d1ef8abe70409c496fe0dc777e143f45d
0c60b510cdab369d5390dbbec6e9fc6c781584517eafafe5a77291c4dd665e91
0d514e3fc3d638136890b4a1f61d2f861af3bbd8f997ca15685efbd22554538c
0f8a6ba9454c6b2c6745f52a84861a7ec34586cd90dfda729484f2fabd65e7c3
10426b160a932ef2b98908d2f32aca756777f9d0a90ee2d7bc334cb1629e0ddd
12feece8311f076308c2bbd3d8de66155192ea9df9a705a486f8e4684c45c5c5
143a76ea0c14e9a8a7a4d08df5c01cd055e4753c0ab5d2335026731a1d1c1c2b
1591a0e465e82e1b7788da1638637a73094e7b1c80b6ca499b0080629b901390
18f280481cc1c76e8fee899434c6cfb687a18d2431a8c1cb671b6f22d79a1a2d
1dc5ff8e8d54854daa72a30a2bf8345b75255597251028dad23e18510e635b98
1f31e1ce1202bc0ee8105deb5885a4b7b389b2cf936bff83f05032c8a2cafd0a
1f5e45ba0c943167a203ccff2d9b3065c7767b1c32c33e6b21af38da1738b8a7
21b24fad0dc9b0e7028091667ce34de48efb52cba0d590c40647e29d32aa64c2
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
27a90bf1857542b28af8513896c678324d731f9ce4033731bd1b3d58f827c7c0
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
2a38c79765c38d4a14119e917bdfba2e764f2f4ee05ac1df4faada581e4399cd
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2ef71ca3de1b4e89664ec102fe490b2abfbc80350253421c50a31bd3b22b9722
2f24b7fa64d8f44ddd36d64d9a647d13caea3756513d97abd40e3c8754efc63b
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
376e1b5d343786c1978dbad9ea7a0e23088947732993a91dcbad995883c96ceb
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4
3ac17d461ee8b27503b79e7141b02cffef51873f0f27d5c18b4454ee16a0d97a
3daf9b6a39281fdc04a57bdabe589d9aa970719d22733e04fc1ab799b7a5db49
3f08978088fd2635efee64efe38bdf155d6258f8b547fca43381435d0048ce46
3ffd7ab24503a28bb9eb6137b4d1e1664ed138dca5d1ced6d1a98ff841a24541
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
42222ea51046de258be17a4b61f802c94c29d8feeacaaa4ae194c590198ad002
4528e78b77fe65b0d6c730e7bc11691455d19dcefb698ebc14931cab40b8423a
456766b19e4bca3d3e998e25a416376f2158061b925f28f32527aee2ff1e28db
45c7614c18a99d6d92d12cd7f4f06a07ce88256882a8889574d265fc32eace0b
47d51cfb7763a2e8e2c8c97a75123ca1f3fc931caca84a39813a663343f0220e
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9e9037912adf4cb7724b3782cb690b0c90d8d31a5c54a6bfa3f6fc60063de8
4c44f2530c3ac21026f573063037fb4c549666d7ac9887ece6671852cfcd8f67
4cbb0c49cf1ed22b88acfb387f9a6a2631d5bb65e1c184b69f647d755d02708e
4e2924c80f612bf59a0cb21d31b05f0575ed143922e412e3e061bf02f5d5960a
50888059b627a1e32ceb04646cc5a617e4747e3d9003e1cc051d33e3bcc14589
53226c274959b617e4cb0dacbb16ec1da2448a0c94bc09a89063ee549342df70
5669edd3b221f82c626766804db887678c78c575a973d38b098753ec73a42b49
579b9f734819f583199cd70b03c4e919430a74dd7698921ef16465b41d934769
57d53ae04ceffb7c3cb588d188562a6311ccc7dfc5f1063488c9a644d0f085d9
5a074c8ee602a0b3416f69defbab28371abb92ce73f934afa6e58ecec72b9256
5db5a02e960dde70bbf77fb6d28c61d4f6b5c291b3dd08d76a678d17c2d96420
5ea31af1ae38b9f8194f93234449262a79af7a7bdac0938c740c62f0eae9d85b
5f7807f53ce6922a5ef5423078085b2e018df0f1665c2cc229a58dac0a0226c3
6436621be2b65e2d3d5edba4f50a3b6d85aa87c26f5e7bdf6e1a40783d3e562e
643cf3c8306417b9973a1c4f157ab3f899618b74b778c9e5f78370aafa157bad
6a1f86c63c2ee772b07a6f678e7f8cd51b3aea064d83423eb213fb1df9d6b34c
6bc3c3712e26de83ecb08d0360e70ff826b4fda86e8348a3ee2208b4ab2ebad1
6e9eeec668eca70ecaaabf43de47a7332a84fa9b89172479f39c57bbd1c8582a
736e7941b123bcbff9e7ca417324a979d8c4577ccd201e14f60ef7bf34f3af06
73eb8a0d1b2a2ede2c0268edad90e2ec9fa7936a4dce3d39180628436b129c97
7980a1c1952f08195c1f3eddff5c7e91f8083d5d508b9c31cf05648f1c03467b
7a5034e01d5b47ec7eee2b3a45a23919684146c27b715f4fd863037b11b2abff
7c0fbbadde40aed1e86f4c46ea2fc1a26749994e48dc90a5bce7fd466712d99e
7f477a278930d1e26d63ab78d76d9809da84f1ff12adc6611d77d55c54f17238
7f6b8b612b0090fdd0032dfd7071745a0b99149bc01a55cd24b40086ede2b8d7
805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65
80ddd78c05e44e1dca22e4539fc4999f1e5bda248a3a692f568eb378b387aab0
832b293df58a7c02798c9417449e355ff2727650e932f9ea3dfab2c9b7d7539e
842abfe134599c5d48d4ddd88bde8d24bd36b32b22bea540837311364b7ce2c7
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
89a699a152461e445320bea3f3d031de51ddb19a946183f1a439a644173e8f99
89d78eaa84586f7037e80a478ac048adc5001647aec823161d99c6a82cd4ce3b
8a39c9a54d501af3dd7c8f12245da41406f0f6a1843fd660b5dce5e6d10971da
8c3d729459410d2b7b1860cb5facca15292c225b88f5f7c5671fddbd79a5d386
8ce41692b497c498d51bf57532743f3086343a37a9a43d739ad6b049a0a0e208
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e648da8a366d494100d90e0af69a2945f34e53a2c70432ea12c0303039f2351
91bd4ee0403ce9769019de7b1bfea7897e0104317714e8e0a0ffca13d4124733
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
957a85939578fa14d2371922b58dcbf67f9b769e459f38699ceee6a84751134d
95c37cf1f09574f5dbb61a679e2039cf3fc891acb3c5d8ad40a5a8133bd6afd4
9a10434d2c7b705270c162fd76edd7d3869eaf72c0d5a8a9576dbf5a3b09c286
9b15ab10a2a109c8e59d604cd4101cebe7aab42ec227f8f521398e063bfe0217
9ed2a2edca25cc1dd846e20cab22088d9c5b7991f52ff78f8ed21930fe92ad46
a04f7efa05c1f9212a79b715568b9976977a4d8e8f0c7ee571ab4f71bf32ccc3
a062d200b24848ae48e03dca7898c23a33b6e321378ac4c08cf2f416a9261b0b
a1a1846f2d4d1abd1379f703e256e92f3b4b138f6dc90fdd8c99c58b7ca43457
a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
a40943594d5eaaa010c66254e2dc4a83d8bc53104602afda2e3b622b8e78e2f0
a4450600125b5cdb5761654bbe725c5b4fcbc8e1a89f0a14b20f77157afc5715
a6cc38542df851f8b331cdd5ac0dbe9929c7968d347c62d93c22b91ef560a931
a8499144a67d70c01a19de99fb20ca5e7da3337e44814419b9a9c867da619b2e
a89418bb17ba5d40237a7c0f6b101fe9381afe7a618d2e1e4449e0ffc9c11d9f
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad6e4bd22817f7c57fba019ade1f5ce25d7e329977f8a1b210cd39c89f21fe60
ae7bbdcffb27bb95a21b4921872904447f4fb643534230fef98eea39904b9ba9
ae88fc0d7a961832f809527d30bd3983a6866d42f66a56ade23f543681594db6
ae925eb57e9822aec57086375bcf93fe910d7c6c0d83cf10bf448c5348aaf0b0
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0bc6ab0429aba031f99821f6ade232f11c1b3cc6d344d4a0213599c6aa2d3db
b2c5c92cd55477571c7e757c4105315c813e710586cf1f334f809e8c93d845c1
b2e3fc362f86c882c8655f7d26cc8dde4c201cd22be17745cbff4357b2b8677d
b40e79c5d412914e928d19e3cda375d940ed037dd6a1f6d7613b894e39898094
b5ec6b8d820581f2d04713d3bea37883b0e5c2881f7bb108e13a3d63249c4867
ba1b3f329ba47639a8586777bb19db73a9c3e37954b5e72ff97df8e0ea931062
bfa460081cd6d4b33b383902ed4854208b80b6eebcb75a7545ba76284f288012
c08ffc3f238414942b195ebfaa0516e524b4e6b6c5201c52b5174f5599282a23
c1d1b6370f1fb9e1e3476fe67d93e054011bd1b3a48fc4723f85c8f6c80006ba
c365a59132dd34b492cb3a77d534078dd35cbbf75dbb2eabbe328642b74a291b
c3811fb1027a0a283c76a65c78409b4e1c7e6657e18287317b7217fc5a5641b5
c81c42ac5e8263234baf4b6815a77d43db3d7b73ccb9d83d6c70947f9cc58e72
c91333bb881074a7d4a82886d21fb690ff3fc57394327d5ed12c9d9af05dcc0b
c965aefdb4c6acf10f46758dc1601a64d811dcf3a378bf9e90278916aa47508f
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ce52d3c9ed8217ae0ca3dd0479d5ced16baf2de6625e0c81166471aaa956136d
cf31d510ed313a8566d08e9b4fdbf94a0a51b35718372bc4bc75d6ff5c8282a5
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d1821a486051ec80ac6b6df976eff0fa4fb6cc2b3942550c03485ae26efe8a10
d43b25c0ef488f3f361c0aa0ce5b9168a0feb1005710e61a55391ae2d1dc3ad2
d6398b300668eb7ed43afbd20f823484dd6a9f9b943bb642d584b1afd132e5d5
d6565a1bd1d49a65db10a0462a849777279d835b0056c40df63882ad8f87ee98
d6db9d19306813748edcd3ad3e8cdc304c7bd5905609ba7915cddf435f023418
db1e2dc64218b7044da50d01d0ffb83bcdca49a35b1ab7ffcdef6736863986cc
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc49d2e85964794551744c178395ff6f1da72c3f0c2e9592227ba20df7fa8828
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e3626b8beaa5cf7df6877a12a65f320097ac8bde38f80fdb82fb060420783736
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5867ad740bc719bf1309b5f65537b7ba69f2cba5e9a193679859542d1bc7f95
e78c8571835c19bd1a941799d68bc14b99413f2679d3410c41d1d4d3a00f50f4
e7b88bddc6c757b2fc8cb113e2469801ab14a78ec1a8fada4d6391e3573f5f9f
e803e774c7b59fe74f71ed93acaa875cf9a99947ff8ed7615cd0c93c1667250f
e9257b54b3d81dfce32af893a3abae4de8cde74b3a8015a8bf22c53b7f1a5b50
ec16d96c6c70330ca6b4146cc1ddc555280de4b5b9f5499a94cc863481484a56
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0adb972147098e0e4d6abbd7b83952363c8eab82429760136816142d675e321
f44d3280db5f1ea523daef59942ede4b9d8c49b1d822e22836ff694d634c338c
fa345691002e4c6b7f0acc01fa0238a1567c6f940eebb9e4ae53198a23b26853
faebc799c5c9ba08721a680a4d47935e8a3e802c579b81b69cc3b4df58ac6aca
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.varonis.com Open in urlscan Pro 45.60.154.169 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

183 Requests

98 %HTTPS

64 %IPv6

38 Domains

55 Subdomains

48 IPs

3 Countries

5570 kBTransfer

8505 kBSize

59 Cookies

25 Outgoing links

Redirected requests

183 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.varonis.com Open in urlscan Pro
45.60.154.169 Public Scan

Screenshot
Live screenshot

Full Image

183
Requests

98 %
HTTPS

64 %
IPv6

38
Domains

55
Subdomains

48
IPs

3
Countries

5570 kB
Transfer

8505 kB
Size

59
Cookies

183 HTTP transactions
2 data transactions