www.netskope.com Open in urlscan Pro
141.193.213.21 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Submission: On September 27 via manual (September 27th 2023, 9:20:26 pm UTC) from US — Scanned from DE

Summary HTTP 52 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 8 domains to perform 52 HTTP transactions. The main IP is 141.193.213.21, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.netskope.com.
TLS certificate: Issued by GlobalSign Extended Validation CA - S... on September 8th 2023. Valid for: a year.

This is the only time www.netskope.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	141.193.213.21 141.193.213.21	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
2	2a02:26f0:350... 2a02:26f0:3500:18::1724:a29a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6812:1005	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2606:4700::68... 2606:4700::6812:1634	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:600... 2a04:4e42:600::644	54113 (FASTLY) (FASTLY)
1	2a02:26f0:710... 2a02:26f0:7100:8a3::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	104.17.73.206 104.17.73.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	104.16.94.80 104.16.94.80	13335 (CLOUDFLAR...) (CLOUDFLARENET)
52	11

26 141.193.213.21 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.netskope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:18::1724:a29a (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1005 (United States)

ASN13335 (CLOUDFLARENET, US)

js.qualified.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:1634 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::644 (Ascension Island)

ASN54113 (FASTLY, US)

fast.wistia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100:8a3::f09 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.17.73.206 (United States)

ASN13335 (CLOUDFLARENET, US)

go.netskope.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.94.80 (United States)

ASN13335 (CLOUDFLARENET, US)

app-sj09.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	netskope.com www.netskope.com go.netskope.com	1 MB
12	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 3436 ka-p.fontawesome.com — Cisco Umbrella Rank: 6228	241 KB
3	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 5755 consentcdn.cookiebot.com — Cisco Umbrella Rank: 6470	100 KB
1	marketo.com app-sj09.marketo.com	70 KB
1	gstatic.com www.gstatic.com	184 KB
1	google.com www.google.com — Cisco Umbrella Rank: 11	1 KB
1	wistia.net fast.wistia.net — Cisco Umbrella Rank: 18182	125 KB
1	qualified.com js.qualified.com — Cisco Umbrella Rank: 59580	88 KB
52	8

	Domain	Requested by
26	www.netskope.com	www.netskope.com
10	ka-p.fontawesome.com	kit.fontawesome.com www.netskope.com
6	go.netskope.com	www.netskope.com app-sj09.marketo.com go.netskope.com
2	kit.fontawesome.com	www.netskope.com kit.fontawesome.com
2	consent.cookiebot.com	www.netskope.com consent.cookiebot.com
1	app-sj09.marketo.com	www.netskope.com
1	www.gstatic.com	www.google.com
1	www.google.com	www.netskope.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	fast.wistia.net	www.netskope.com
1	js.qualified.com	www.netskope.com
52	11

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
www.amazon.com
www.beeswax.com
www.crazyegg.com
policies.google.com
www.linkedin.com
wpengine.com
www.appnexus.com
twitter.com
www.facebook.com
documents.marketo.com
privacy.microsoft.com
www.stackadapt.com
www.thetradedesk.com
netskopestage.wpengine.com
go.netskope.com
netskope.com
docs.netskope.com
community.netskope.com
support.netskope.com
trust.netskope.com
partners.netskope.com
github.com

Subject Issuer	Validity	Valid
netskope.com GlobalSign Extended Validation CA - SHA256 - G3	`2023-09-08` - `2024-10-09`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-06` - `2024-04-06`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2022-11-22` - `2023-12-23`	a year	crt.sh
fast.wistia.net GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-02` - `2024-08-02`	a year	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-17` - `2024-04-17`	a year	crt.sh
go.netskope.com Cloudflare Inc ECC CA-3	`2023-04-05` - `2024-04-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
app-sj09.marketo.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Frame ID: C38567252D13D3481257CCF2F3357BD3
Requests: 52 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: BDDC967D45B21494ECFB8948B7404D6B
Requests: 1 HTTP requests in this frame

Frame: https://go.netskope.com/index.php/form/XDFrame
Frame ID: 1C500819CFAE96D2413C6574409B301F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile - NetskopePowered by Cookiebot

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Marketo Forms (Widgets) Expand

Overall confidence: 100%
Detected patterns

marketo\.\w+/js/forms(?:[\d.]+)/js/forms([\d.]+)\.min\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

52
Requests

100 %
HTTPS

70 %
IPv6

8
Domains

11
Subdomains

11
IPs

3
Countries

2043 kB
Transfer

5991 kB
Size

4
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/en/what-is-behind-powered-by-cookiebot/
Title: Powered by Cookiebot

Search URL Search Domain Scan URL

URL: https://www.amazon.com/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=468496
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.beeswax.com/cookies/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/goto/privacy-policy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.crazyegg.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/legal/privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://wpengine.com/legal/privacy/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.appnexus.com/corporate-privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://twitter.com/en/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.facebook.com/policy.php/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://documents.marketo.com/legal/cookies/
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://privacy.microsoft.com/en-US/privacystatement
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.stackadapt.com/privacy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://www.thetradedesk.com/general/website-privacy-policy
Title: Learn more about this provider

Search URL Search Domain Scan URL

URL: https://netskopestage.wpengine.com/
Title: netskopestage.wpengine.com

Search URL Search Domain Scan URL

URL: https://go.netskope.com/
Title: go.netskope.com

Search URL Search Domain Scan URL

URL: https://netskope.com/
Title: netskope.com

Search URL Search Domain Scan URL

URL: https://www.cookiebot.com/
Title: Cookiebot

Search URL Search Domain Scan URL

URL: https://docs.netskope.com/
Title: Product Documentation

Search URL Search Domain Scan URL

URL: https://community.netskope.com/
Title: Customer Community

Search URL Search Domain Scan URL

URL: https://support.netskope.com/
Title: Support Portal

Search URL Search Domain Scan URL

URL: https://trust.netskope.com/
Title: Trust Portal

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/Products/ct-p/Netskope_Solution_Discussions
Title: Product Discussion Forums

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/grouphubs/page
Title: Join a User Group

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/Events/ct-p/events
Title: Community Events

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/Inside-Netskope-Security/bd-p/Inside_Netskope
Title: Inside Netskope Security

Search URL Search Domain Scan URL

URL: https://community.netskope.com/t5/Artificial-Intelligence-and/bd-p/AI-Machine-Learning
Title: AI and ML Forum

Search URL Search Domain Scan URL

URL: https://partners.netskope.com/
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile%27

Search URL Search Domain Scan URL

URL: https://twitter.com/share?text=%20Evasive%20Phishing%20Campaign%20Steals%20Cloud%20Credentials%20Using%20Cloudflare%20R2%20and%20Turnstile%20@Netskope&url=https%3A%2F%2Fwww.netskope.com%2Fblog%2Fevasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile%27

Search URL Search Domain Scan URL

URL: https://github.com/fingerprintjs/BotD
Title: Fingerprint BotD

Search URL Search Domain Scan URL

URL: https://partners.netskope.com/English/
Title: Partner portal

Search URL Search Domain Scan URL

URL: https://www.facebook.com/netskope

Search URL Search Domain Scan URL

URL: https://twitter.com/netskope

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/netskope

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile Show response
www.netskope.com/blog/ 945 KB
131 KB 2040ms
1595ms Document
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

0848d6fdc95d0b27cf2f4ad47f48fc75c95bc56cdb6143c8740da97f3e96dcca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: https://www.netskope.com
alt-svc: h3=":443"; ma=86400
cache-control: max-age=600, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 80d6ca3befd63620-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 27 Sep 2023 21:20:21 GMT
link: <https://www.netskope.com/wp-json/>; rel="https://api.w.org/" <https://www.netskope.com/wp-json/wp/v2/posts/52906>; rel="alternate"; type="application/json" <https://www.netskope.com/?p=52906>; rel=shortlink
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache: MISS
x-cache-group: normal
x-cacheable: SHORT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN SAMEORIGIN
x-powered-by: WP Engine

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 107 KB
33 KB 70ms
18ms Script
application/javascript 2a02:26f0:3500:18::1724:a29a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 02b9de7b7bf138e700920ae29919c78cf2188a5725d20499e79225860d164a67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: gzip
last-modified: Wed, 27 Sep 2023 07:15:18 GMT
etag: "4a4b65e12f1d91:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=166
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 33511
expires: Wed, 27 Sep 2023 21:23:07 GMT

GET
H2 200 qualified.js Show response
js.qualified.com/ 283 KB
88 KB 593ms
556ms Script
text/javascript 2606:4700::6812:1005
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.qualified.com/qualified.js?token=n7t9Zf7nr8m6n2fF

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1005 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

107fe973565517ff00e4df7b638a3d29bf60b8e5e1d814b5927353b03080fafc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:22 GMT
content-encoding: gzip
via: 1.1 spaces-router (devel)
strict-transport-security: max-age=63072000; includeSubDomains
cf-cache-status: MISS
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-xss-protection: 1; mode=block
x-request-id: cb8ff78b-11a0-cc7f-a123-183ae092e471
pragma: no-cache
x-runtime: 0.166582
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"107fe973565517ff00e4df7b638a3d29"
x-download-options: noopen
vary: Accept,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 80d6ca4808b73661-FRA
expires: Thu, 28 Sep 2023 01:20:22 GMT

GET
H2 200 dc00721a9f.js Show response
kit.fontawesome.com/ 11 KB
5 KB 147ms
128ms Script
text/javascript 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kit.fontawesome.com/dc00721a9f.js
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f337dcbe17fed990ae279d3658d4c5ff7b704e286e2190c06f86e9b4626efef0

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
content-type: text/javascript
cache-control: max-age=60, public, stale-while-revalidate=30
cf-ray: 80d6ca47ece4368b-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F3ewiKgSeSc4q3sEVrNC

GET
H2 200 netskope-logo-reverse.svg
www.netskope.com/wp-content/themes/netskope/images/v3/ 8 KB
3 KB 27ms
24ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/netskope-logo-reverse.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e0686135ec7cb7d0771d4e9374afc05027d7f466a2b37581f44ee2a4a8aaab8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
age: 53174
etag: W/"636053ab-204a"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48ce973620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 logo.svg
www.netskope.com/wp-content/themes/netskope/images/v3/ 8 KB
3 KB 28ms
25ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/logo.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f14e99a3ff851e017534967b4b9d140802c549c9454179e78a553f0375b116f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
age: 53174
etag: W/"636053ab-2089"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48ce9a3620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 Netskope_Blog_SocialIcons_Facebook_Default_40x40.svg
www.netskope.com/wp-content/themes/netskope/images/blogs/icons/ 907 B
600 B 31ms
29ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/blogs/icons/Netskope_Blog_SocialIcons_Facebook_Default_40x40.svg?_r=1123

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a07020e8098ad53c318c05a6897bbd0abd4c2d615c60879f92595e273784e6af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
age: 53174
etag: W/"636053ab-38b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48ce9c3620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 Netskope_Blog_SocialIcons_Facebook_Hover_40x40.svg
www.netskope.com/wp-content/themes/netskope/images/blogs/icons/ 856 B
605 B 41ms
39ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/blogs/icons/Netskope_Blog_SocialIcons_Facebook_Hover_40x40.svg?_r=1123

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a2ff31bb495806492c50a70b2dd20a142b5f10ad31bfaa709da8feaa78799c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
age: 53174
etag: W/"636053ab-358"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48ce9f3620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 Netskope_Blog_SocialIcons_Twitter_Default_40x40.svg
www.netskope.com/wp-content/themes/netskope/images/blogs/icons/ 1008 B
652 B 35ms
33ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/blogs/icons/Netskope_Blog_SocialIcons_Twitter_Default_40x40.svg?_r=1123

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f83e9d636ec98c39dd835e74732d7eca14b11cc5c8a1a94cded0b0893c97a486

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
age: 53174
etag: W/"636053ab-3f0"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48cea03620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 Netskope_Blog_SocialIcons_Twitter_Hover_40x40.svg
www.netskope.com/wp-content/themes/netskope/images/blogs/icons/ 957 B
661 B 36ms
34ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/blogs/icons/Netskope_Blog_SocialIcons_Twitter_Hover_40x40.svg?_r=1123

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c2bab74fd2a15b647e56a46dcc8719ef55cc2d982b13448980b78d464ec90702

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
age: 53174
etag: W/"636053ab-3bd"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48cea13620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 Netskope_Blog_SocialIcons_Linkedin_Default_40x40.svg
www.netskope.com/wp-content/themes/netskope/images/blogs/icons/ 915 B
648 B 24ms
23ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/blogs/icons/Netskope_Blog_SocialIcons_Linkedin_Default_40x40.svg?_r=1123

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3ebf7aebbf9f36c5eb0168d638fdd54b40e03afa2bd709b4b92c9412b2cb315

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
age: 53174
etag: W/"636053ab-393"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48cea23620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 Netskope_Blog_SocialIcons_Linkedin_Hover_40x40.svg
www.netskope.com/wp-content/themes/netskope/images/blogs/icons/ 843 B
541 B 36ms
34ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/blogs/icons/Netskope_Blog_SocialIcons_Linkedin_Hover_40x40.svg?_r=1123

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a88d4b35aacff295c21774de42047ca62e077047e041b0bcb0a07c8de1bf1a15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
age: 53174
etag: W/"636053ab-34b"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48cea33620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 card-shape5.svg
www.netskope.com/wp-content/themes/netskope/dist/assets/images/ 3 KB
1 KB 28ms
26ms Image
image/svg+xml 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/assets/images/card-shape5.svg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a53f42b1a16d810c64140b8e704850bc798a12ffaf7ed158643517846fb1fa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 31 Oct 2022 23:12:28 GMT
server: cloudflare
age: 53170
etag: W/"6360565c-d2e"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48cea53620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 email-decode.min.js Show response
www.netskope.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
817 B 8ms
8ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 25 Sep 2023 16:02:33 GMT
server: cloudflare
etag: W/"6511af19-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 80d6ca48be8c3620-FRA
expires: Fri, 29 Sep 2023 21:20:21 GMT

GET
H2 200 E-v1.js Show response
fast.wistia.net/assets/external/ 733 KB
125 KB 34ms
7ms Script
text/javascript 2a04:4e42:600::644
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://fast.wistia.net/assets/external/E-v1.js

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::644 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

fe9d2cf21843438917ba32818254c19f915657d1dc6b45c33be7de9d1a964538

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=0
age: 367
x-amz-server-side-encryption: AES256
x-cache: HIT, HIT
content-length: 127649
x-served-by: cache-iad-kiad7000051-IAD, cache-fra-eddf8230118-FRA
x-browser-version: 117
last-modified: Wed, 27 Sep 2023 19:12:58 GMT
server: AmazonS3
x-timer: S1695849622.908096,VS0,VE0
etag: "b5db75b634a749b7fbb7849a4d7ee797"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
x-browser: chrome
asset-version: 1628652f46b2435ffb938a897513bfb91b1f5e87
x-ecma-v: modern
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 21, 8

GET
H2 200 icon-facebook.png
www.netskope.com/wp-content/themes/netskope/images/v3/ 460 B
649 B 40ms
38ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/icon-facebook.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e722a8291194433982bea9cd8428977d444dd08e3df322988862922d797edb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53174
cf-polished: origFmt=png, origSize=990
content-disposition: inline; filename="icon-facebook.webp"
alt-svc: h3=":443"; ma=86400
content-length: 460
cf-bgj: imgq:100,h2pri
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-3de"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48cea73620-FRA

GET
H2 200 icon-facebook-hover.png
www.netskope.com/wp-content/themes/netskope/images/v3/ 532 B
716 B 54ms
52ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/icon-facebook-hover.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b33183b8cfbf313ada0180d55e3c417964beccbac3e4bd445aa85995f9c1722b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53174
cf-polished: origFmt=png, origSize=1268
content-disposition: inline; filename="icon-facebook-hover.webp"
alt-svc: h3=":443"; ma=86400
content-length: 532
cf-bgj: imgq:100,h2pri
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-4f4"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48cea83620-FRA

GET
H2 200 icon-twitter.png
www.netskope.com/wp-content/themes/netskope/images/v3/ 538 B
668 B 33ms
32ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/icon-twitter.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1123a2be911e87b7b78567c5a7a9e375cf100b3b9def2b06ca7ddb340faed8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53174
cf-polished: origFmt=png, origSize=1120
content-disposition: inline; filename="icon-twitter.webp"
alt-svc: h3=":443"; ma=86400
content-length: 538
cf-bgj: imgq:100,h2pri
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-460"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48cea93620-FRA

GET
H2 200 icon-twitter-hover.png
www.netskope.com/wp-content/themes/netskope/images/v3/ 636 B
771 B 37ms
36ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/icon-twitter-hover.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

851f04ac40dd4d1b9194594d8f19625d3ce69cd35e87e416793740539db4cf3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53174
cf-polished: origFmt=png, origSize=1467
content-disposition: inline; filename="icon-twitter-hover.webp"
alt-svc: h3=":443"; ma=86400
content-length: 636
cf-bgj: imgq:100,h2pri
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-5bb"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48ceab3620-FRA

GET
H2 200 icon-linkedin.png
www.netskope.com/wp-content/themes/netskope/images/v3/ 562 B
693 B 34ms
33ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/icon-linkedin.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f8abbd974423cd0459cde3c1c02a40555364003827c1314d17d22fca8e3f97a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53174
cf-polished: origFmt=png, origSize=1161
content-disposition: inline; filename="icon-linkedin.webp"
alt-svc: h3=":443"; ma=86400
content-length: 562
cf-bgj: imgq:100,h2pri
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-489"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48cead3620-FRA

GET
H2 200 icon-linkedin-hover.png
www.netskope.com/wp-content/themes/netskope/images/v3/ 628 B
808 B 28ms
27ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/themes/netskope/images/v3/icon-linkedin-hover.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

128693e4c3ec1200f4b303e3a928daa207077c873a56e4d03473a3de28d0126d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53174
cf-polished: origFmt=png, origSize=1428
content-disposition: inline; filename="icon-linkedin-hover.webp"
alt-svc: h3=":443"; ma=86400
content-length: 628
cf-bgj: imgq:100,h2pri
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-594"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48ceae3620-FRA

GET
H2 200 autoptimize_3a5081b0a8ba4c309ae9b7dfab8210c1.js Show response
www.netskope.com/wp-content/cache/autoptimize/js/ 1 MB
274 KB 46ms
45ms Script
application/javascript 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_3a5081b0a8ba4c309ae9b7dfab8210c1.js

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b77077a003017ce6ff8d4699e362615920cc821a51b6da15f993eb58cdee7f4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 27 Sep 2023 05:50:29 GMT
server: cloudflare
age: 53224
etag: W/"6513c2a5-10d623"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
content-encoding: br
cache-control: public, max-age=31536000
cf-ray: 80d6ca48ceaf3620-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 cc.js Show response
consent.cookiebot.com/4b140262-ec1c-4bad-9de3-68c17c1566cb/ 288 KB
66 KB 56ms
55ms Script
application/x-javascript 2a02:26f0:3500:18::1724:a29a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/4b140262-ec1c-4bad-9de3-68c17c1566cb/cc.js?renew=false&referer=www.netskope.com&dnt=false&init=false
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29a , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 7348c61df293ca7efd5d79dae984c95b169fdaef6efb5d20cae43e957bfb42a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: gzip
last-modified: Wed, 27 Sep 2023 21:20:21 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: private, max-age=1200
cross-origin-resource-policy: cross-origin
content-length: 67706
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v6.4.2/css/ 653 KB
116 KB 26ms
17ms Fetch
text/css 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/css/pro.min.css?token=dc00721a9f
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/dc00721a9f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ed627e51269f865425780547b0958d134c45d201b29ae31c990e1208158c7b03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:07:57 GMT
server: cloudflare
age: 4835335
etag: "64c9580d-1cdb4"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca48ce08368b-FRA
content-length: 118196

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v6.4.2/css/ 27 KB
4 KB 34ms
26ms Fetch
text/css 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/css/pro-v4-shims.min.css?token=dc00721a9f
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/dc00721a9f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38c955b1da8fd9beae7ef0b45020e81d0140fbc070ffc85cdc7fe05ea7e652b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
server: cloudflare
age: 4835335
etag: "64c9580c-10e7"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca48ce0d368b-FRA
content-length: 4327

GET
H2 200 pro-v5-font-face.min.css Show response
ka-p.fontawesome.com/releases/v6.4.2/css/ 54 KB
7 KB 34ms
26ms Fetch
text/css 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/css/pro-v5-font-face.min.css?token=dc00721a9f
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/dc00721a9f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24c18540ed9c6c6e79ee26e2ea2c90b9f52e1bf033f26f932d8497be0bb7e786

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
server: cloudflare
age: 4835335
etag: "64c9580c-1c20"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca48ce0b368b-FRA
content-length: 7200

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v6.4.2/css/ 7 KB
2 KB 34ms
25ms Fetch
text/css 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/css/pro-v4-font-face.min.css?token=dc00721a9f
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/dc00721a9f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0195cd81f03b3096ca0fee614152f1c21426db36ff2dc2dce9ba0e299f59564

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
server: cloudflare
age: 4835335
etag: "64c9580c-6dc"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca48ce0c368b-FRA
content-length: 1756

GET
H2 200 kit-upload.css Show response
kit.fontawesome.com/dc00721a9f/96570671/ 0
163 B 18ms
18ms Fetch
text/css 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/dc00721a9f/96570671/kit-upload.css

Requested by

Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/dc00721a9f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; preload
cf-cache-status: HIT
age: 10375926
content-length: 0
x-request-id: F2QBZUnZdMSvShcAgK9i
server: cloudflare
etag: 54af53b207eef226d6511e0a88e3038e
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
accept-ranges: bytes
cf-ray: 80d6ca48bdfc368b-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 1920-White-Hero-Background.jpg
www.netskope.com/wp-content/uploads/2020/04/ 91 KB
91 KB 35ms
35ms Image
image/jpeg 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2020/04/1920-White-Hero-Background.jpg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b7142b73692775e2abfa27f125de3e8c61b9c7e73887da7276a15bf367da88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 49530
cf-polished: origSize=134691, status=vary_header_present
alt-svc: h3=":443"; ma=86400
content-length: 92900
cf-bgj: imgq:100,h2pri
last-modified: Mon, 31 Oct 2022 23:00:53 GMT
server: cloudflare
etag: "636053a5-20e23"
vary: Accept, Accept-Encoding
content-type: image/jpeg
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 80d6ca48deb83620-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Graphik-Regular.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 121 KB
121 KB 51ms
51ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Regular.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2d97ceaa48cf6574b5c9f91d3b43d7b4c3dcc0ab52379143c1e28144593e2f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53045
alt-svc: h3=":443"; ma=86400
content-length: 123672
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-1e318"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48dbb41ac5-FRA

GET
H3 200 Graphik-Bold.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 128 KB
129 KB 21ms
21ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Bold.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4a9fd00f61dfc85e1e200efc6c3aa2d0e624be65aa5e7bd26b8e7fa2a28a12c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53045
alt-svc: h3=":443"; ma=86400
content-length: 131544
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-201d8"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48dbbb1ac5-FRA

GET
H3 200 Graphik-Medium-Web.woff2
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 33 KB
33 KB 43ms
43ms Font
font/woff2 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Medium-Web.woff2

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b40e2981d50f54f5ec3df6fbacf3b328ed9b5f653485e4980dfefae02fb7b80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53045
alt-svc: h3=":443"; ma=86400
content-length: 33401
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-8279"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca48dbbc1ac5-FRA

GET
H2 200 bc-v4.min.html Show response
consentcdn.cookiebot.com/sdk/ Frame BDDC 627 B
810 B 166ms
9ms Document
text/html 2a02:26f0:7100:8a3::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:7100:8a3::f09 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer: https://www.netskope.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=31236899
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 27 Sep 2023 21:20:22 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Mon, 23 Sep 2024 10:15:21 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1695849621972_34603332_40139355_23_883_5_121_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H3 200 1920-cta-background.jpg
www.netskope.com/wp-content/uploads/2022/05/ 5 KB
6 KB 23ms
23ms Image
image/webp 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2022/05/1920-cta-background.jpg

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3570163585bac938916c6534b08bf93c4b1af8bfdacdac060ad7aa3884fb8cf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 52238
alt-svc: h3=":443"; ma=86400
content-length: 5496
last-modified: Mon, 31 Oct 2022 23:01:03 GMT
server: cloudflare
etag: "636053af-1578"
vary: Accept, Accept-Encoding
content-type: image/webp
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 80d6ca494c3b1ac5-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 Graphik-Semibold.otf
www.netskope.com/wp-content/themes/netskope/dist/fonts/ 127 KB
128 KB 24ms
23ms Font
application/octet-stream 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-content/themes/netskope/dist/fonts/Graphik-Semibold.otf

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

da4a5e89a01b2570a9a81157bec8661348bfd80f3048f474354bf11f4ea2640e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53045
alt-svc: h3=":443"; ma=86400
content-length: 130516
last-modified: Mon, 31 Oct 2022 23:00:59 GMT
server: cloudflare
etag: "636053ab-1fdd4"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 80d6ca494c3c1ac5-FRA

GET
H2 200 pro-fa-solid-900-0.woff2
ka-p.fontawesome.com/releases/v6.4.2/webfonts/ 11 KB
11 KB 17ms
17ms Font
font/woff2 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/webfonts/pro-fa-solid-900-0.woff2
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: adef62602f3fefd4e6f1d58bef7ff97640f6a52b55cc379d67ee4a283f3ac0b6

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:22 GMT
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:25:39 GMT
server: cloudflare
age: 4817022
etag: "64c95c33-2c74"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca49ff62368b-FRA
content-length: 11380

GET
H2 200 pro-fa-regular-400-12.woff2
ka-p.fontawesome.com/releases/v6.4.2/webfonts/ 13 KB
13 KB 17ms
17ms Font
font/woff2 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/webfonts/pro-fa-regular-400-12.woff2
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e69b6276430ec7c2ce67f6c8ab9f72905f93a795242ba76c7b366c9babab419

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:22 GMT
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:25:35 GMT
server: cloudflare
age: 4835336
etag: "64c95c2f-3468"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca49ff63368b-FRA
content-length: 13416

GET
H2 200 pro-fa-regular-400-0.woff2
ka-p.fontawesome.com/releases/v6.4.2/webfonts/ 14 KB
14 KB 20ms
19ms Font
font/woff2 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/webfonts/pro-fa-regular-400-0.woff2
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab1d861f40e0b7a2773c61b30eaa39ba2af3d479aebd83dd7e03161de0e25298

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:22 GMT
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:25:35 GMT
server: cloudflare
age: 4835336
etag: "64c95c2f-368c"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca49ff67368b-FRA
content-length: 13964

GET
H2 200 pro-fa-light-300-11.woff2
ka-p.fontawesome.com/releases/v6.4.2/webfonts/ 29 KB
29 KB 20ms
20ms Font
font/woff2 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/webfonts/pro-fa-light-300-11.woff2
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b9011da166428afd8d9a28c05293e8f77f51f64ab811cdcd1b8a9a8dcc5d677

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:22 GMT
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:25:34 GMT
server: cloudflare
age: 4835335
etag: "64c95c2e-74dc"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca49ff6a368b-FRA
content-length: 29916

GET
H2 200 pro-fa-regular-400-11.woff2
ka-p.fontawesome.com/releases/v6.4.2/webfonts/ 27 KB
27 KB 25ms
25ms Font
font/woff2 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/webfonts/pro-fa-regular-400-11.woff2
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 757321b9bc9bdcfb96b6ae97d44bac0628c51cd7872a09615bd5a7ddc6a0c194

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:22 GMT
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:25:35 GMT
server: cloudflare
age: 4765682
etag: "64c95c2f-6a30"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 80d6ca4a0f71368b-FRA
content-length: 27184

GET
DATA 200
OK truncated
/ 338 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cba0af6ded7d4daf9ab3ffd18fe667588edb8c5c3e3d427b2f3867596da382d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pro-fa-solid-900-1.woff2
ka-p.fontawesome.com/releases/v6.4.2/webfonts/ 13 KB
13 KB 16ms
16ms Font
font/woff2 2606:4700::6812:1634
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v6.4.2/webfonts/pro-fa-solid-900-1.woff2
Requested by: Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1634 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7c5f02b9dc1353e2fe5c53eb2a01c91fe40e891acc57f22b6bc7fb94d08097f

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:22 GMT
cf-cache-status: HIT
last-modified: Tue, 01 Aug 2023 19:25:39 GMT
server: cloudflare
age: 4835335
etag: "64c95c33-3444"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
cf-ray: 80d6ca4a2fa1368b-FRA
content-length: 13380

GET
DATA 200
OK truncated
/ 293 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Evasive-Phishing-Campaign-1-768x759.png
www.netskope.com/wp-content/uploads/2023/08/ 216 KB
217 KB 267ms
267ms Image
image/png 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.netskope.com/wp-content/uploads/2023/08/Evasive-Phishing-Campaign-1-768x759.png

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f82f7e24e845c2edcebde3c55cc051bd4d781104958ea6b70ed34e05ae8aada

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 14 Aug 2023 13:54:17 GMT
server: cloudflare
etag: "64da3209-3616a"
vary: Accept, Accept-Encoding
content-type: image/png
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 80d6ca4b8f5d1ac5-FRA
alt-svc: h3=":443"; ma=86400
content-length: 221546
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 teknkl-formsplus-1.0.5.js Show response
go.netskope.com/rs/665-KFP-612/images/ 41 KB
11 KB 369ms
220ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/rs/665-KFP-612/images/teknkl-formsplus-1.0.5.js?_=1695849622129

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_3a5081b0a8ba4c309ae9b7dfab8210c1.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
last-modified: Sat, 09 Sep 2023 01:54:39 GMT
server: cloudflare
etag: "cf6-a291-604e360401b26"
vary: Accept-Encoding
content-type: application/x-javascript
accept-ranges: bytes
cf-ray: 80d6ca4eec3437eb-FRA
content-length: 11024

POST
H3 200 admin-ajax.php Show response
www.netskope.com/wp-admin/ 30 B
415 B 387ms
387ms XHR
text/html 141.193.213.21
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.netskope.com/wp-admin/admin-ajax.php

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_3a5081b0a8ba4c309ae9b7dfab8210c1.js

Protocol

Security

QUIC, , AES_128_GCM

Server

141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / WP Engine

Resource Hash

101fbf5a0bb7a528da8e4efaa9d8a8f5ab76793f24dfb35ebca153bb3b76f38d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN, SAMEORIGIN

Request headers

Accept: */*
Referer: https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Wed, 27 Sep 2023 21:20:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff, nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-powered-by: WP Engine
alt-svc: h3=":443"; ma=86400
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN, SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.netskope.com, https://www.netskope.com
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
x-robots-tag: noindex
cf-ray: 80d6ca4e0b381ac5-FRA
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 40ms
16ms Script
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?_=1695849622130

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_3a5081b0a8ba4c309ae9b7dfab8210c1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c84a93bd9c5300c1d75a733958664acf817d565d2ed6a33857582ebc4702beb5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Wed, 27 Sep 2023 21:20:23 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Ai7lOI0zKMDPHxlv62g7oMoJ/ 456 KB
184 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Ai7lOI0zKMDPHxlv62g7oMoJ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?_=1695849622130

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9af3aa843ca57a0c7b85eae7c3c66feae378f1329dd6484caf2efc98f595c4e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.netskope.com/
Origin: https://www.netskope.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 20:53:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1631
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187854
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 04:01:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 26 Sep 2024 20:53:12 GMT

GET
H2 200 forms2.min.js Show response
app-sj09.marketo.com/js/forms2/js/ 208 KB
70 KB 1381ms
1284ms Script
application/x-javascript 104.16.94.80
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1695849622131

Requested by

Host: www.netskope.com
URL: https://www.netskope.com/wp-content/cache/autoptimize/js/autoptimize_3a5081b0a8ba4c309ae9b7dfab8210c1.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63113904
last-modified: Thu, 07 Sep 2023 05:56:12 GMT
server: cloudflare
cf-cache-status: MISS
etag: "101742-34099-604be84687700"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 80d6ca5148945bdd-FRA
expires: Thu, 28 Sep 2023 01:20:24 GMT

GET
H2 200 getForm Show response
go.netskope.com/index.php/form/ 17 KB
4 KB 79ms
79ms Script
application/javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.netskope.com/index.php/form/getForm?munchkinId=665-KFP-612&form=1953&url=https%3A%2F%2Fwww.netskope.com%2Fblog%2Fevasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile&callback=jQuery112405271519488993428_1695849624697&_=1695849624698
Requested by: Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1695849622131
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.17.73.206 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d4137159dcdf9c125238cd13d232624c71670135b837895963b8e545b30cb79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:24 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 80d6ca5a686537eb-FRA
cached: true
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 forms2.css
go.netskope.com/js/forms2/css/ 13 KB
3 KB 189ms
189ms Stylesheet
text/css 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/css/forms2.css

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1695849622131

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 07 Sep 2023 05:56:12 GMT
server: cloudflare
etag: "1a344d-3437-604be84687700"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 80d6ca5ae92437eb-FRA
content-length: 2623
expires: Thu, 28 Sep 2023 01:20:24 GMT

GET
H2 200 forms2-theme-simple.css
go.netskope.com/js/forms2/css/ 826 B
407 B 179ms
179ms Stylesheet
text/css 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/css/forms2-theme-simple.css

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1695849622131

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.netskope.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 07 Sep 2023 05:56:12 GMT
server: cloudflare
etag: "1a3449-33a-604be84687700"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 80d6ca5ae92537eb-FRA
content-length: 242
expires: Thu, 28 Sep 2023 01:20:24 GMT

GET
H2 200 XDFrame Show response
go.netskope.com/index.php/form/ Frame 1C50 2 KB
766 B 181ms
181ms Document
text/html 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/index.php/form/XDFrame

Requested by

Host: app-sj09.marketo.com
URL: https://app-sj09.marketo.com/js/forms2/js/forms2.min.js?_=1695849622131

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bddfc987ea51699d719251711334a03045ef0691faf81c225e6c208cbd5f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.netskope.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=3600
cf-cache-status: DYNAMIC
cf-ray: 80d6ca5c6acc37eb-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 27 Sep 2023 21:20:25 GMT
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 forms2.min.js Show response
go.netskope.com/js/forms2/js/ Frame 1C50 208 KB
69 KB 196ms
196ms Script
application/x-javascript 104.17.73.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://go.netskope.com/js/forms2/js/forms2.min.js

Requested by

Host: go.netskope.com
URL: https://go.netskope.com/index.php/form/XDFrame

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.73.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.netskope.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date: Wed, 27 Sep 2023 21:20:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 07 Sep 2023 05:56:12 GMT
server: cloudflare
etag: "18154c-34099-604be84687700"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=14400
cf-ray: 80d6ca5dac0537eb-FRA
expires: Thu, 28 Sep 2023 01:20:25 GMT

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.netskope.com/	1970-01-21 00:40:09	Name: __q_state_n7t9Zf7nr8m6n2fF Value: eyJ1dWlkIjoiZjI5NTBlNTYtM2I5OC00ODFkLTllOWItNTMzYzg5NTRmNjQ0IiwiY29va2llRG9tYWluIjoibmV0c2tvcGUuY29tIn0=
go.netskope.com/	1969-12-31 23:59:59	Name: BIGipServersj09web-nginx-app_https Value: !qqWICi8QKnzJRBG6vCJNuEQ8FVxgEBnt9LzU6qZWp6QXH5AsMmb39rfTU93ohYPkn0T71OC+7gJG8Q==
.go.netskope.com/	1970-01-20 15:04:11	Name: __cf_bm Value: ImSvWUmQlmTrG6MJSNIRAkluxra5Bd6AXAIe.T1FqwI-1695849623-0-AdIIhWzH9KL5UqSSWgBSf34ERwiA9IBwtqw/eCGFUzQ9X5tPmOjJa9bhh0y92zQM3LSPTHh2JHmWZR3Yn5ONmpY=
.app-sj09.marketo.com/	1970-01-20 15:04:11	Name: __cf_bm Value: YuBdd4rcfpFvFOwGbzZOtfkL.M6RkEMwY_wSlyuEp1I-1695849624-0-AV/Y7cYQMZc1UoWzxqyr7Vyb4eUPjh1ivag+JbDKo7ziMbAy8yWmH7bEWgf0QUXvXRDP39ySUmG+k+v/p4JHbCU=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-sj09.marketo.com
consent.cookiebot.com
consentcdn.cookiebot.com
fast.wistia.net
go.netskope.com
js.qualified.com
ka-p.fontawesome.com
kit.fontawesome.com
www.google.com
www.gstatic.com
www.netskope.com
104.16.94.80
104.17.73.206
141.193.213.21
2606:4700::6812:1005
2606:4700::6812:1634
2a00:1450:4001:802::2004
2a00:1450:4001:811::2003
2a02:26f0:3500:18::1724:a29a
2a02:26f0:7100:8a3::f09
2a04:4e42:600::644
02b9de7b7bf138e700920ae29919c78cf2188a5725d20499e79225860d164a67
0848d6fdc95d0b27cf2f4ad47f48fc75c95bc56cdb6143c8740da97f3e96dcca
0e69b6276430ec7c2ce67f6c8ab9f72905f93a795242ba76c7b366c9babab419
0f82f7e24e845c2edcebde3c55cc051bd4d781104958ea6b70ed34e05ae8aada
101fbf5a0bb7a528da8e4efaa9d8a8f5ab76793f24dfb35ebca153bb3b76f38d
107fe973565517ff00e4df7b638a3d29bf60b8e5e1d814b5927353b03080fafc
1123a2be911e87b7b78567c5a7a9e375cf100b3b9def2b06ca7ddb340faed8b5
128693e4c3ec1200f4b303e3a928daa207077c873a56e4d03473a3de28d0126d
14c8c62dc692fd8faa04434e3fed25e7c23d596b732f9db88f6e9f9ff5dfa61c
1cba0af6ded7d4daf9ab3ffd18fe667588edb8c5c3e3d427b2f3867596da382d
24c18540ed9c6c6e79ee26e2ea2c90b9f52e1bf033f26f932d8497be0bb7e786
256e42104f48a5fa80b031da12dc56acde224fba3f9810f8f8192b39136d365a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
3570163585bac938916c6534b08bf93c4b1af8bfdacdac060ad7aa3884fb8cf8
37bddfc987ea51699d719251711334a03045ef0691faf81c225e6c208cbd5f21
38c955b1da8fd9beae7ef0b45020e81d0140fbc070ffc85cdc7fe05ea7e652b4
3d4137159dcdf9c125238cd13d232624c71670135b837895963b8e545b30cb79
3f8abbd974423cd0459cde3c1c02a40555364003827c1314d17d22fca8e3f97a
4a2ff31bb495806492c50a70b2dd20a142b5f10ad31bfaa709da8feaa78799c4
4b40e2981d50f54f5ec3df6fbacf3b328ed9b5f653485e4980dfefae02fb7b80
4e722a8291194433982bea9cd8428977d444dd08e3df322988862922d797edb4
731fcb30d45f2e35aaa139a7a964410a7c2bcdbfbb48a837c9d56dec7cc3732f
7348c61df293ca7efd5d79dae984c95b169fdaef6efb5d20cae43e957bfb42a2
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
757321b9bc9bdcfb96b6ae97d44bac0628c51cd7872a09615bd5a7ddc6a0c194
7a53f42b1a16d810c64140b8e704850bc798a12ffaf7ed158643517846fb1fa6
7b9011da166428afd8d9a28c05293e8f77f51f64ab811cdcd1b8a9a8dcc5d677
8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979
851f04ac40dd4d1b9194594d8f19625d3ce69cd35e87e416793740539db4cf3a
8e0686135ec7cb7d0771d4e9374afc05027d7f466a2b37581f44ee2a4a8aaab8
91b7142b73692775e2abfa27f125de3e8c61b9c7e73887da7276a15bf367da88
9af3aa843ca57a0c7b85eae7c3c66feae378f1329dd6484caf2efc98f595c4e0
a0195cd81f03b3096ca0fee614152f1c21426db36ff2dc2dce9ba0e299f59564
a07020e8098ad53c318c05a6897bbd0abd4c2d615c60879f92595e273784e6af
a88d4b35aacff295c21774de42047ca62e077047e041b0bcb0a07c8de1bf1a15
ab1d861f40e0b7a2773c61b30eaa39ba2af3d479aebd83dd7e03161de0e25298
adef62602f3fefd4e6f1d58bef7ff97640f6a52b55cc379d67ee4a283f3ac0b6
b33183b8cfbf313ada0180d55e3c417964beccbac3e4bd445aa85995f9c1722b
b77077a003017ce6ff8d4699e362615920cc821a51b6da15f993eb58cdee7f4a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c2bab74fd2a15b647e56a46dcc8719ef55cc2d982b13448980b78d464ec90702
c84a93bd9c5300c1d75a733958664acf817d565d2ed6a33857582ebc4702beb5
d3ebf7aebbf9f36c5eb0168d638fdd54b40e03afa2bd709b4b92c9412b2cb315
d7c5f02b9dc1353e2fe5c53eb2a01c91fe40e891acc57f22b6bc7fb94d08097f
da4a5e89a01b2570a9a81157bec8661348bfd80f3048f474354bf11f4ea2640e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4a9fd00f61dfc85e1e200efc6c3aa2d0e624be65aa5e7bd26b8e7fa2a28a12c
ed627e51269f865425780547b0958d134c45d201b29ae31c990e1208158c7b03
f14e99a3ff851e017534967b4b9d140802c549c9454179e78a553f0375b116f8
f244fcb6b0aeadba8f41f30a7f451c0aaa06445ec854c3d9bbef1c485a036424
f2d97ceaa48cf6574b5c9f91d3b43d7b4c3dcc0ab52379143c1e28144593e2f1
f337dcbe17fed990ae279d3658d4c5ff7b704e286e2190c06f86e9b4626efef0
f83e9d636ec98c39dd835e74732d7eca14b11cc5c8a1a94cded0b0893c97a486
fe9d2cf21843438917ba32818254c19f915657d1dc6b45c33be7de9d1a964538

www.netskope.com Open in urlscan Pro 141.193.213.21 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

52 Requests

100 %HTTPS

70 %IPv6

8 Domains

11 Subdomains

11 IPs

3 Countries

2043 kBTransfer

5991 kBSize

4 Cookies

37 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.netskope.com Open in urlscan Pro
141.193.213.21 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

100 %
HTTPS

70 %
IPv6

8
Domains

11
Subdomains

11
IPs

3
Countries

2043 kB
Transfer

5991 kB
Size

4
Cookies

52 HTTP transactions
3 data transactions