www.proofpoint.com Open in urlscan Pro
2a02:e980:d::87 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Submission: On August 17 via api (August 17th 2019, 5:35:04 am UTC) from US

Summary HTTP 100 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 33 IPs in 6 countries across 35 domains to perform 100 HTTP transactions. The main IP is 2a02:e980:d::87, located in United States and belongs to INCAPSULA - Incapsula Inc, US. The main domain is www.proofpoint.com.
TLS certificate: Issued by Thawte RSA CA 2018 on January 11th 2019. Valid for: a year.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
40	2a02:e980:d::87 2a02:e980:d::87	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
1	2606:4700::68... 2606:4700::6810:262f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	216.58.210.2 216.58.210.2	15169 (GOOGLE) (GOOGLE - Google LLC)
2	104.111.251.133 104.111.251.133	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	23.38.51.49 23.38.51.49	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	54.192.94.41 54.192.94.41	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:815::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6810:252f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2.18.232.15 2.18.232.15	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1 3	2a00:1450:400... 2a00:1450:4001:816::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
3	2a00:1450:400... 2a00:1450:4001:816::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	2a02:26f0:6c0... 2a02:26f0:6c00:293::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY - Fastly)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
2 4	52.214.122.164 52.214.122.164	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	159.122.87.153 159.122.87.153	36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.)
5	2606:4700::68... 2606:4700::6812:efe5	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:809::2013	15169 (GOOGLE) (GOOGLE - Google LLC)
1	54.192.94.239 54.192.94.239	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
2 2	37.252.173.27 37.252.173.27	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1	54.192.94.82 54.192.94.82	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 3	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1 1	2a00:1450:400... 2a00:1450:400c:c04::9d	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a00:1450:400... 2a00:1450:4001:80b::2013	15169 (GOOGLE) (GOOGLE - Google LLC)
1	54.246.124.187 54.246.124.187	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE - Google LLC)
100	33

40 2a02:e980:d::87 (United States)

ASN19551 (INCAPSULA - Incapsula Inc, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:262f (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.maxmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.251.133 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-251-133.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.38.51.49 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-51-49.deploy.static.akamaitechnologies.com

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.94.41 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-94-41.fra2.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:252f (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

geoip-js.maxmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.15 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-15.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:816::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:816::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:293::3adf (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.214.122.164 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-214-122-164.eu-west-1.compute.amazonaws.com

ads.avocet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.122.87.153 (Frankfurt am Main, Germany)

ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 99.57.7a9f.ip4.static.sl-reverse.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:efe5 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

visitor.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.94.239 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-94-239.fra2.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.173.27 (Ascension Island) 2 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 539.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.94.82 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-94-82.fra2.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.233.40 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9d (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

tracking.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.124.187 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-246-124-187.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 21.72.190.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	proofpoint.com www.proofpoint.com	5 MB
5	g2crowd.com tracking.g2crowd.com
4	adroll.com 1 redirects s.adroll.com d.adroll.com	13 KB
4	avocet.io 2 redirects ads.avocet.io	2 KB
3	reactful.com visitor.reactful.com tracking.reactful.com	104 KB
3	facebook.net connect.facebook.net	96 KB
3	google.de www.google.de	951 B
3	google.com 1 redirects www.google.com	1 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net stats.g.doubleclick.net	4 KB
3	google-analytics.com 1 redirects www.google-analytics.com	43 KB
2	facebook.com www.facebook.com	258 B
2	adnxs.com 2 redirects secure.adnxs.com	2 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	908 B
2	bing.com bat.bing.com	8 KB
2	gstatic.com fonts.gstatic.com	22 KB
2	googleapis.com fonts.googleapis.com	2 KB
2	marketo.net munchkin.marketo.net	6 KB
2	googleadservices.com www.googleadservices.com	18 KB
2	maxmind.com js.maxmind.com geoip-js.maxmind.com	3 KB
1	rlcdn.com id.rlcdn.com	62 B
1	ml-api.io attr.ml-api.io	481 B
1	ml-attr.com 1 redirects s.ml-attr.com	280 B
1	company-target.com api.company-target.com segments.company-target.com Failed	1 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	bizographics.com sjs.bizographics.com	5 KB
1	ytimg.com s.ytimg.com	10 KB
1	addthis.com s7.addthis.com	110 KB
1	youtube.com www.youtube.com	1 KB
1	demandbase.com scripts.demandbase.com	18 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
1	typography.com cloud.typography.com
0	t.co Failed t.co Failed
0	gwmtracking.com Failed gwmtracking.com Failed
0	hotjar.com Failed static.hotjar.com Failed
0	mktoresp.com Failed 309-rhv-619.mktoresp.com Failed
100	35

	Domain	Requested by
40	www.proofpoint.com	www.proofpoint.com
5	tracking.g2crowd.com	www.proofpoint.com
4	ads.avocet.io	2 redirects www.proofpoint.com
3	s.adroll.com	1 redirects www.googletagmanager.com www.proofpoint.com
3	connect.facebook.net	www.proofpoint.com connect.facebook.net
3	www.google.de	www.proofpoint.com
3	www.google.com	1 redirects www.proofpoint.com
3	www.google-analytics.com	1 redirects www.proofpoint.com www.google-analytics.com
2	www.facebook.com	www.proofpoint.com connect.facebook.net
2	secure.adnxs.com	2 redirects
2	visitor.reactful.com	www.proofpoint.com visitor.reactful.com
2	dev.visualwebsiteoptimizer.com	www.proofpoint.com
2	bat.bing.com	www.googletagmanager.com www.proofpoint.com
2	fonts.gstatic.com	www.proofpoint.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	fonts.googleapis.com	www.proofpoint.com
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	www.googleadservices.com	www.proofpoint.com www.googletagmanager.com
1	id.rlcdn.com	www.proofpoint.com
1	d.adroll.com	s.adroll.com
1	tracking.reactful.com	visitor.reactful.com
1	stats.g.doubleclick.net	1 redirects
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	api.company-target.com	www.proofpoint.com scripts.demandbase.com
1	static.ads-twitter.com	www.googletagmanager.com
1	sjs.bizographics.com	www.googletagmanager.com
1	s.ytimg.com	www.youtube.com
1	s7.addthis.com	www.proofpoint.com
1	geoip-js.maxmind.com	js.maxmind.com
1	www.youtube.com	www.proofpoint.com
1	scripts.demandbase.com	www.proofpoint.com
1	www.googletagmanager.com	www.proofpoint.com
1	cloud.typography.com	www.proofpoint.com
1	js.maxmind.com	www.proofpoint.com
0	segments.company-target.com Failed	www.proofpoint.com
0	t.co Failed	www.proofpoint.com
0	gwmtracking.com Failed	www.proofpoint.com
0	static.hotjar.com Failed	www.googletagmanager.com
0	309-rhv-619.mktoresp.com Failed	munchkin.marketo.net
100	40

This site contains links to these domains. Also see Links.

Domain
proofpointcommunities.force.com
suite.nexgate.com
emaildefense.proofpoint.com
threatintel.proofpoint.com
mobiledefense.proofpoint.com
us1.proofpointessentials.com
partners.proofpoint.com
investors.proofpoint.com
ipcheck.proofpoint.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
proofpoint.com Thawte RSA CA 2018	`2019-01-11` - `2020-02-06`	a year	crt.sh
*.maxmind.com COMODO RSA Organization Validation Secure Server CA	`2018-10-15` - `2020-11-06`	2 years	crt.sh
www.googleadservices.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
*.typography.com DigiCert SHA2 Secure Server CA	`2019-03-23` - `2020-06-21`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
*.demandbase.com Go Daddy Secure Certificate Authority - G2	`2018-09-20` - `2020-11-19`	2 years	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
*.google.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-06-06` - `2020-09-04`	a year	crt.sh
www.google.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
www.google.de Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2018-04-13` - `2020-04-17`	2 years	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-06-06` - `2019-09-04`	3 months	crt.sh
*.avocet.io Amazon	`2019-07-06` - `2020-08-06`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2017-06-30` - `2020-07-06`	3 years	crt.sh
*.g2crowd.com COMODO ECC Domain Validation Secure Server CA	`2018-09-05` - `2019-09-28`	a year	crt.sh
*.reactful.com Go Daddy Secure Certificate Authority - G2	`2019-03-10` - `2020-05-09`	a year	crt.sh
*.company-target.com Go Daddy Secure Certificate Authority - G2	`2019-06-19` - `2021-08-18`	2 years	crt.sh
*.ml-api.io Amazon	`2019-02-22` - `2020-03-22`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2018-12-19` - `2020-03-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Frame ID: AB32CC71EF4654EA3A7E5ED3C476A2CF
Requests: 111 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: D654A271A1111D8960F57149675081FA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Drupal (CMS) Expand

Overall confidence: 100%
Detected patterns

meta generator /^Drupal(?:\s([\d.]+))?/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

meta generator /^Drupal(?:\s([\d.]+))?/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /^\/\/static\.hotjar\.com\/c\/hotjar-/i

Page Statistics

100
Requests

92 %
HTTPS

57 %
IPv6

35
Domains

40
Subdomains

33
IPs

6
Countries

5212 kB
Transfer

7326 kB
Size

0
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://proofpointcommunities.force.com/community/s/
Title: Support Log-in

Search URL Search Domain Scan URL

URL: https://suite.nexgate.com/users/sign_in
Title: Digital Risk Portal

Search URL Search Domain Scan URL

URL: https://emaildefense.proofpoint.com/login.php
Title: Email Fraud Defense

Search URL Search Domain Scan URL

URL: https://threatintel.proofpoint.com/
Title: ET Intelligence

Search URL Search Domain Scan URL

URL: https://mobiledefense.proofpoint.com/
Title: Mobile Defense

Search URL Search Domain Scan URL

URL: https://us1.proofpointessentials.com/app/login.php
Title: Proofpoint Essentials

Search URL Search Domain Scan URL

URL: https://proofpointcommunities.force.com/community
Title: Sendmail Support Log-in

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/?eid=partnerLocator
Title: Find a Channel Partner

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/?eid=register
Title: Become a Channel Partner

Search URL Search Domain Scan URL

URL: https://partners.proofpoint.com/
Title: Channel Partner Portal

Search URL Search Domain Scan URL

URL: https://investors.proofpoint.com/
Title: Investor Center View Proofpoint investor relations information, including press releases, financial results and events.

Search URL Search Domain Scan URL

URL: http://investors.proofpoint.com/
Title: Investors Center

Search URL Search Domain Scan URL

URL: https://ipcheck.proofpoint.com/
Title: IP Address Blocked?

Search URL Search Domain Scan URL

URL: http://www.facebook.com/proofpoint
Title: Facebook

Search URL Search Domain Scan URL

URL: http://www.twitter.com/proofpoint
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/proofpoint
Title: linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCIvtJgsrUzFo90NKeiVozhQ
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j HTTP 302
https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&bounce=true&ty=j

Request Chain 84

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j HTTP 302
https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&bounce=true&ty=j

Request Chain 85

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=5358865536478001200

Request Chain 91

https://www.google-analytics.com/r/collect?v=1&_v=j78&aip=1&a=1202316689&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&ul=en-us&de=UTF-8&dt=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBAAEADQ~&jid=1495395351&gjid=2039748294&cid=1382573722.1566020070&tid=UA-2257074-1&_gid=1556422809.1566020070&_r=1&z=1988576900 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2257074-1&cid=1382573722.1566020070&jid=1495395351&_gid=1556422809.1566020070&gjid=2039748294&_v=j78&z=1988576900 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=1382573722.1566020070&jid=1495395351&_v=j78&z=1988576900 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=1382573722.1566020070&jid=1495395351&_v=j78&z=1988576900&slf_rd=1&random=4039601647

Request Chain 104

https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 107

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AAEkf066ryQAACHwn1BinA

100 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware Show response
www.proofpoint.com/us/threat-insight/post/ 68 KB
20 KB 357ms
338ms Document
text/html 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

4abb2c8ea5a2f842fe91d4a1daa87aa91cc2a42a95693db7a35e9a9efcaa052a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: www.proofpoint.com
:scheme: https
:path: /us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
server: nginx
date: Sat, 17 Aug 2019 05:34:29 GMT
content-type: text/html; charset=utf-8
x-drupal-cache: MISS
x-content-type-options: nosniff
etag: "1566013589-0"
expires: Sun, 18 Aug 2019 03:46:29 GMT
x-frame-options: SAMEORIGIN
content-language: en
x-generator: Drupal 7 (http://drupal.org)
link: <https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware>; rel="canonical",<https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware>; rel="shortlink"
cache-control: public, max-age=86400
last-modified: Sat, 17 Aug 2019 03:46:29 GMT
vary: Cookie,Accept-Encoding
content-encoding: gzip
x-request-id: v-98b761e2-c0a1-11e9-9f43-2bdacd911363
x-ah-environment: prod
age: 6479
via: varnish
x-cache: HIT
x-cache-hits: 5
accept-ranges: bytes
set-cookie: visid_incap_177663=DGXKTQXMS8mDCBzuGHzJeeSRV10AAAAAQUIPAAAAAAANuXIZzq/WQAzr9Oxtj8B4; expires=Sat, 15 Aug 2020 08:40:03 GMT; path=/; Domain=.proofpoint.com incap_ses_246_177663=e1nqU5ZcEipzk+7r4PdpA+WRV10AAAAAren9l2CJlDmMdioN8iCc2g==; path=/; Domain=.proofpoint.com
x-iinfo: 12-53792531-53792532 NNNN CT(0 0 0) RT(1566020068725 0) q(0 0 0 0) r(1 3) U18
x-cdn: Incapsula

GET
H2 200 css_rEI_5cK_B9hB4So2yZUtr5weuEV3heuAllCDE6XsIkI.css
www.proofpoint.com/sites/default/files/css/ 4 KB
1 KB 8ms
5ms Stylesheet
text/css 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/css/css_rEI_5cK_B9hB4So2yZUtr5weuEV3heuAllCDE6XsIkI.css
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: ac423fe5c2bf07d841e12a36c9952daf9c1eb8457785eb8096508313a5ec2242

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2019 21:17:20 GMT
x-cdn: Incapsula
etag: "a03afbf5"
content-type: text/css
status: 200
x-iinfo: 12-53792553-0 0CNN RT(1566020069068 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 1236
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 css_dflN4gznpSoqyE-fQqvdVodUm8IHE1_6p9W67RzHBgo.css
www.proofpoint.com/sites/default/files/css/ 21 KB
5 KB 9ms
6ms Stylesheet
text/css 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/css/css_dflN4gznpSoqyE-fQqvdVodUm8IHE1_6p9W67RzHBgo.css
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 75f94de20ce7a52a2ac84f9f42abdd5687549bc207135ffaa7d5baed1cc7060a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Thu, 18 Jul 2019 22:51:13 GMT
x-cdn: Incapsula
etag: "e1b80d0d"
content-type: text/css
status: 200
x-iinfo: 12-53792554-0 0CNN RT(1566020069070 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 4794
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 css_YvthmAHmOujLQtPnmuEtkfiby4EqNavjYNQ2dGZqvJg.css
www.proofpoint.com/sites/default/files/css/ 5 KB
2 KB 10ms
7ms Stylesheet
text/css 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/css/css_YvthmAHmOujLQtPnmuEtkfiby4EqNavjYNQ2dGZqvJg.css
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 62fb619801e63ae8cb42d3e79ae12d91f89bcb812a35abe360d43674666abc98

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2019 21:17:21 GMT
x-cdn: Incapsula
etag: "f67e2f41"
content-type: text/css
status: 200
x-iinfo: 12-53792555-0 0CNN RT(1566020069071 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 1532
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 styles.css
www.proofpoint.com/sites/all/themes/proofpoint/css/ 341 KB
47 KB 11ms
8ms Stylesheet
text/css 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/all/themes/proofpoint/css/styles.css?pwd29m
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 40c2df11fbebad9e05c5dfc4f9aad292a399642492254bc628e234089ec4e89b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 02 Aug 2019 23:10:22 GMT
x-cdn: Incapsula
content-type: text/css
status: 200
x-iinfo: 12-53792556-0 0CNN RT(1566020069072 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 47890
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 proofpoint.css
www.proofpoint.com/sites/all/themes/proofpoint/css/ 1008 B
544 B 16ms
13ms Stylesheet
text/css 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/all/themes/proofpoint/css/proofpoint.css?pwd29m
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: c6687d159fd14a00a4b187ecfa840c0e21d5a28f352003295d8508190fbdd826

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 07 Dec 2018 08:47:10 GMT
x-cdn: Incapsula
content-type: text/css
status: 200
x-iinfo: 12-53792557-0 0CNN RT(1566020069073 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 439
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 css_BrVgfOKhtkZMh1aQSbCs0fpt2AudRCY30O33nWe_hig.css
www.proofpoint.com/sites/default/files/css/ 197 KB
76 KB 16ms
14ms Stylesheet
text/css 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/css/css_BrVgfOKhtkZMh1aQSbCs0fpt2AudRCY30O33nWe_hig.css
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 06b5607ce2a1b6464c87569049b0acd1fa6dd80b9d442637d0edf79d67bf8628

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 16 Aug 2019 22:50:44 GMT
x-cdn: Incapsula
etag: "35d9f265"
content-type: text/css
status: 200
x-iinfo: 12-53792558-0 0CNN RT(1566020069074 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 77298
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 css_nQwtytNsztHNRD8oGYQyyja_LgjxLi44qLISIPyImuw.css
www.proofpoint.com/sites/default/files/css/ 113 B
228 B 26ms
24ms Stylesheet
text/css 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/css/css_nQwtytNsztHNRD8oGYQyyja_LgjxLi44qLISIPyImuw.css
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 9d0c2dcad36cced1cd443f28198432ca36bf2e08f12e2e38a8b21220fc889aec

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Mon, 12 Aug 2019 19:21:25 GMT
x-cdn: Incapsula
etag: "3c611d61"
content-type: text/css
status: 200
x-iinfo: 12-53792559-0 0CNN RT(1566020069075 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 113
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 js_jATlw3iucl8O1KM88pfP_buAg5xbrWmEgBVT94k-xFs.js Show response
www.proofpoint.com/sites/default/files/js/ 3 KB
2 KB 27ms
25ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_jATlw3iucl8O1KM88pfP_buAg5xbrWmEgBVT94k-xFs.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 8c04e5c378ae725f0ed4a33cf297cffdbb80839c5bad6984801553f7893ec45b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2019 21:17:24 GMT
x-cdn: Incapsula
etag: "d70c6bae"
content-type: text/javascript
status: 200
x-iinfo: 12-53792560-0 0CNN RT(1566020069076 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 1583
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js Show response
www.proofpoint.com/sites/default/files/js/ 286 KB
86 KB 27ms
25ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 49ddc4d7eb9b23cfe83c9ddea5478d80085d3c866c1c55b30e5fedf272fe6b49

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 26 Jul 2019 00:13:20 GMT
x-cdn: Incapsula
etag: "8d8cec88"
content-type: text/javascript
status: 200
x-iinfo: 12-53792561-0 0CNN RT(1566020069076 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201211, public
content-length: 87383
expires: Sat, 31 Aug 2019 03:14:40 GMT

GET
H2 200 js_5vQZfnw555SB_O3f6hT7WgFdY4KMR-8z4yzVohnQouU.js Show response
www.proofpoint.com/sites/default/files/js/ 32 KB
11 KB 34ms
32ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_5vQZfnw555SB_O3f6hT7WgFdY4KMR-8z4yzVohnQouU.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: e6f4197e7c39e79481fceddfea14fb5a015d63828c47ef33e32cd5a219d0a2e5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 26 Jul 2019 00:13:20 GMT
x-cdn: Incapsula
etag: "04b95502"
content-type: text/javascript
status: 200
x-iinfo: 12-53792562-0 0CNN RT(1566020069077 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 10968
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 js_oYQw43wAjKdM3p6nU1hLDI3mDgL3UfCyqPsngNU6GnY.js Show response
www.proofpoint.com/sites/default/files/js/ 2 KB
716 B 36ms
34ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_oYQw43wAjKdM3p6nU1hLDI3mDgL3UfCyqPsngNU6GnY.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: a18430e37c008ca74cde9ea753584b0c8de60e02f751f0b2a8fb2780d53a1a76

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Mon, 12 Aug 2019 19:21:26 GMT
x-cdn: Incapsula
etag: "f5226ed5"
content-type: text/javascript
status: 200
x-iinfo: 12-53792563-0 0CNN RT(1566020069077 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 600
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 js_zDz6OD0aee_SzC8Md9FNnnSFgxJWG22Pihtjt166tQA.js Show response
www.proofpoint.com/sites/default/files/js/ 78 KB
28 KB 36ms
35ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_zDz6OD0aee_SzC8Md9FNnnSFgxJWG22Pihtjt166tQA.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: cc3cfa383d1a79efd2cc2f0c77d14d9e74858312561b6d8f8a1b63b75ebab500

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 26 Jul 2019 00:14:34 GMT
x-cdn: Incapsula
etag: "3f7241c5"
content-type: text/javascript
status: 200
x-iinfo: 12-53792564-0 0CNN RT(1566020069078 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201476, public
content-length: 28482
expires: Sat, 31 Aug 2019 03:19:05 GMT

GET
H2 200 js_V59Lq7kRtaAiYM_YS8pC0OFMBYJk_jt8nNK4UA1wlGk.js Show response
www.proofpoint.com/sites/default/files/js/ 8 KB
2 KB 37ms
36ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_V59Lq7kRtaAiYM_YS8pC0OFMBYJk_jt8nNK4UA1wlGk.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 579f4babb911b5a02260cfd84bca42d0e14c058264fe3b7c9cd2b8500d709469

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 02 Aug 2019 23:10:38 GMT
x-cdn: Incapsula
etag: "240d3ade"
content-type: text/javascript
status: 200
x-iinfo: 12-53792565-0 0CNN RT(1566020069078 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 1934
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 geoip2.js Show response
js.maxmind.com/js/apis/geoip2/v2.1/ 4 KB
2 KB 36ms
17ms Script
application/javascript 2606:4700::6810:262f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:262f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69666124ea4313cf5b2da94871c86acd68bcbc4d50b360fdebc4dc3b977dde21

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 15 Aug 2019 18:06:10 GMT
server: cloudflare
age: 1505
etag: W/"5d559f12-f39"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=43200
cf-ray: 5079477b0d232724-FRA
expires: Sat, 17 Aug 2019 17:34:29 GMT

GET
H2 200 js_W5fEOeIW0TWunhDVrtJI2tfSDJsF5U0-qYgg5VUhN50.js Show response
www.proofpoint.com/sites/default/files/js/ 13 KB
4 KB 37ms
36ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_W5fEOeIW0TWunhDVrtJI2tfSDJsF5U0-qYgg5VUhN50.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 5b97c439e216d135ae9e10d5aed248dad7d20c9b05e54d3ea98820e55521379d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Mon, 12 Aug 2019 19:21:26 GMT
x-cdn: Incapsula
etag: "d82693c3"
content-type: text/javascript
status: 200
x-iinfo: 12-53792566-0 0CNN RT(1566020069079 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201210, public
content-length: 3712
expires: Sat, 31 Aug 2019 03:14:39 GMT

GET
H2 200 js_QYIwceR_SVGaqvz86mmMZdtTBRKXyXKeCBDanqK3AoM.js Show response
www.proofpoint.com/sites/default/files/js/ 146 KB
43 KB 38ms
38ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_QYIwceR_SVGaqvz86mmMZdtTBRKXyXKeCBDanqK3AoM.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 41823071e47f49519aaafcfcea698c65db53051297c9729e0810da9ea2b70283

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 16 Aug 2019 22:50:44 GMT
x-cdn: Incapsula
etag: "3ecef68e"
content-type: text/javascript
status: 200
x-iinfo: 12-53792567-0 0CNN RT(1566020069079 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201211, public
content-length: 43727
expires: Sat, 31 Aug 2019 03:14:40 GMT

GET
H2 200 logo-reg.svg
www.proofpoint.com/sites/all/themes/proofpoint/ 3 KB
1 KB 42ms
41ms Image
image/svg+xml 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proofpoint.com/sites/all/themes/proofpoint/logo-reg.svg
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 07 Dec 2018 08:47:10 GMT
x-cdn: Incapsula
etag: "13fdd2ef"
content-type: image/svg+xml
status: 200
x-iinfo: 12-53792568-0 0CNN RT(1566020069080 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1209597, public
content-length: 1124
expires: Sat, 31 Aug 2019 05:34:26 GMT

GET
H2 200 cybersecurity-guide.png
www.proofpoint.com/sites/all/themes/proofpoint/images/ 120 KB
120 KB 38ms
38ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proofpoint.com/sites/all/themes/proofpoint/images/cybersecurity-guide.png
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 3140e03d8dd88ddfc2a9eefc88a3ae4b233c3f6182423775f83e22e16d072cd5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
last-modified: Wed, 24 Apr 2019 16:02:59 GMT
x-cdn: Incapsula
etag: "a3bc78f0"
content-type: image/png
status: 200
x-iinfo: 12-53792569-0 0CNN RT(1566020069080 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201211, public
content-length: 123158
expires: Sat, 31 Aug 2019 03:14:40 GMT

GET
H2 200 home.svg
www.proofpoint.com/sites/all/themes/proofpoint/images/ 784 B
647 B 6ms
6ms Image
image/svg+xml 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proofpoint.com/sites/all/themes/proofpoint/images/home.svg
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Tue, 18 Jun 2019 16:19:41 GMT
x-cdn: Incapsula
etag: "4c25cdee"
content-type: image/svg+xml
status: 200
x-iinfo: 12-53792582-0 0CNN RT(1566020069240 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1209598, public
content-length: 477
expires: Sat, 31 Aug 2019 05:34:27 GMT

GET
H2 200 ta544-buffet.png
www.proofpoint.com/sites/default/files/styles/image_1920_x_400/public/images/Blog/ 1 MB
1 MB 367ms
367ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/styles/image_1920_x_400/public/images/Blog/ta544-buffet.png?itok=S-Wzunt8&timestamp=1562253759

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

fee1032dab754253c36916b68e560f1da27d7f0834392a25e19f525313b59ff2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792583-53790672 2NNN RT(1566020069247 0) q(0 0 0 -1) r(4 4) U18
x-ah-environment: prod
content-length: 1189938
x-request-id: v-af40c462-c0b0-11e9-808a-6bf4cd2e61dc
last-modified: Thu, 04 Jul 2019 15:26:00 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:29 GMT

GET
H2 200 ta544picture1.png
www.proofpoint.com/sites/default/files/ 109 KB
110 KB 399ms
398ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/ta544picture1.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

3023bad19ae54879e10da1c38a9481f36a360403a3288a3c06b04a1e2195dd21

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792587-53791790 2NNN RT(1566020069476 0) q(0 0 0 -1) r(4 4) U18
x-ah-environment: prod
content-length: 112076
x-request-id: v-af639f64-c0b0-11e9-baae-5f855a7504db
last-modified: Thu, 04 Jul 2019 15:27:25 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:30 GMT

GET
H2 200 ta544picture2.png
www.proofpoint.com/sites/default/files/ 96 KB
97 KB 345ms
344ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/ta544picture2.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

afcbd2a86b73e86835160b9060ea5e98f743094b82d197fc6fdbd7cfe0fe096f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792588-53791733 2NNN RT(1566020069477 0) q(0 0 0 -1) r(4 4) U18
x-ah-environment: prod
content-length: 98735
x-request-id: v-af629d94-c0b0-11e9-8e23-c7eca6b1d768
last-modified: Thu, 04 Jul 2019 16:48:42 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:30 GMT

GET
H2 200 ta544picture3.png
www.proofpoint.com/sites/default/files/ 111 KB
112 KB 390ms
389ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/ta544picture3.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

f949a352c152199cd6809af0ff6c846bbcacc7dc8bfc8bd191d273a3c7ebc728

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792589-53790951 2NNN RT(1566020069477 0) q(0 0 0 -1) r(4 4) U18
x-ah-environment: prod
content-length: 113778
x-request-id: v-af630e6e-c0b0-11e9-bc5a-3768838649d8
last-modified: Thu, 04 Jul 2019 16:50:03 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:30 GMT

GET
H2 200 ta544picture5.png
www.proofpoint.com/sites/default/files/ 531 KB
534 KB 698ms
697ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/ta544picture5.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

f4680a9c1ff0ef54e040617cc5da503bdd12a29170778e935c22a9088406f2e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792590-53792591 2NNN RT(1566020069479 0) q(0 0 0 -1) r(0 7) U18
x-ah-environment: prod
content-length: 543611
x-request-id: v-af97da54-c0b0-11e9-a947-23026395fcaf
last-modified: Thu, 04 Jul 2019 16:56:01 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:30 GMT

GET
H2 200 ta544picture6.png
www.proofpoint.com/sites/default/files/ 1 MB
1 MB 348ms
348ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/ta544picture6.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

96bd48632c4d64af670460f1f6eb31561cf54f53489101810704e163c5bc009e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792592-53792593 2NNN RT(1566020069479 0) q(0 0 0 -1) r(0 4) U18
x-ah-environment: prod
content-length: 1436179
x-request-id: v-af637c28-c0b0-11e9-b253-679481dbc837
last-modified: Thu, 04 Jul 2019 16:56:45 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:30 GMT

GET
H2 200 ta544picture7.png
www.proofpoint.com/sites/default/files/ 221 KB
223 KB 1019ms
1018ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/ta544picture7.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

aa0a54389bd2f1377c5cedb4e6d4cbb8a8018d9cef836d82178628ae304932e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792594-53791790 2NNN RT(1566020069480 0) q(0 9 9 -1) r(10 10) U18
x-ah-environment: prod
content-length: 226578
x-request-id: v-afe217b8-c0b0-11e9-ab90-27052e0d2093
last-modified: Thu, 04 Jul 2019 16:57:41 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:30 GMT

GET
H2 200 ta544picture8.png
www.proofpoint.com/sites/default/files/ 215 KB
217 KB 1316ms
1316ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/ta544picture8.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

92e9b12b7af891ed8c8dc61c318f954b6f407f88b062b21c21a6041a549a4934

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:31 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792596-53783907 2NNN RT(1566020069481 0) q(0 10 10 -1) r(10 13) U18
x-ah-environment: prod
content-length: 220517
x-request-id: v-aff7a6b4-c0b0-11e9-83b0-c343d1451d02
last-modified: Thu, 04 Jul 2019 16:58:42 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:31 GMT

GET
H2 200 ta544picture9.png
www.proofpoint.com/sites/default/files/ 236 KB
238 KB 1207ms
1207ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/default/files/ta544picture9.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

0a27495fe793ed91ee92cd819f0a542ff70b4e06b6d929bf41342d238b758df4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:31 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 0
x-cache: MISS
status: 200
x-iinfo: 12-53792597-53790951 2NNN RT(1566020069482 0) q(0 11 11 -1) r(12 12) U18
x-ah-environment: prod
content-length: 241600
x-request-id: v-afff8122-c0b0-11e9-9d2a-27b0b43d277c
last-modified: Thu, 04 Jul 2019 16:59:26 GMT
server: nginx
content-type: image/png
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 05:34:31 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 24 KB
10 KB 113ms
44ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

94880f4d8b391421ea1a5447903697dbc761d879cf9ec89faa637d0bf2f331c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 9355
x-xss-protection: 0
server: cafe
etag: 4252369854121413696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 17 Aug 2019 05:34:29 GMT

GET
H2 200 js_VGWVxZzZSi3YQD4B3uHe9fBD5c_2NSz4TEx3cL9dx1Q.js Show response
www.proofpoint.com/sites/default/files/js/ 78 KB
19 KB 6ms
6ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_VGWVxZzZSi3YQD4B3uHe9fBD5c_2NSz4TEx3cL9dx1Q.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 546595c59cd94a2dd8403e01dee1def5f043e5cff6352cf84c4c7770bf5dc754

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 26 Jul 2019 00:13:20 GMT
x-cdn: Incapsula
etag: "e5a57fbc"
content-type: text/javascript
status: 200
x-iinfo: 12-53792572-0 0CNN RT(1566020069123 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201211, public
content-length: 19613
expires: Sat, 31 Aug 2019 03:14:40 GMT

GET
H2 200 js_pLyroj8w56o5oEuhy9M3_UPhli8Yg1Zq5LxhrROPoWs.js Show response
www.proofpoint.com/sites/default/files/js/ 11 KB
4 KB 6ms
6ms Script
text/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/default/files/js/js_pLyroj8w56o5oEuhy9M3_UPhli8Yg1Zq5LxhrROPoWs.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: a4bcaba23f30e7aa39a04ba1cbd337fd43e1962f1883566ae4bc61ad138fa16b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Fri, 26 Jul 2019 00:13:44 GMT
x-cdn: Incapsula
etag: "7b7608a9"
content-type: text/javascript
status: 200
x-iinfo: 12-53792574-0 0CNN RT(1566020069130 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201476, public
content-length: 4376
expires: Sat, 31 Aug 2019 03:19:05 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 343ms
43ms Script
application/x-javascript 104.111.251.133
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-251-133.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 17 Aug 2019 05:34:29 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 script.js Show response
www.proofpoint.com/sites/all/themes/proofpoint/js/ 23 KB
6 KB 6ms
6ms Script
application/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/sites/all/themes/proofpoint/js/script.js?pwd29m
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: c42a41f50ddc0d98adce6ed747e7a4ccef6278990d7f7413ecde1284ecb9d530

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:29 GMT
content-encoding: gzip
last-modified: Wed, 14 Aug 2019 00:14:19 GMT
x-cdn: Incapsula
content-type: application/javascript
status: 200
x-iinfo: 12-53792581-0 0CNN RT(1566020069231 0) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=1201211, public
content-length: 5890
expires: Sat, 31 Aug 2019 03:14:40 GMT

GET
H2 200 css
fonts.googleapis.com/ 12 KB
725 B 30ms
17ms Stylesheet
text/css 2a00:1450:4001:806::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

7772e3d0bc6fba46755057c1ca0154dfda1100214439321c2702fa8ad468158b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 17 Aug 2019 05:34:29 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Sat, 17 Aug 2019 05:34:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
x-xss-protection: 0
expires: Sat, 17 Aug 2019 05:34:29 GMT

GET
H/1.1 404
Not Found fonts.css
cloud.typography.com/7639856/7486392/css/ 0
0 349ms
295ms Stylesheet
text/html 23.38.51.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cloud.typography.com/7639856/7486392/css/fonts.css
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.51.49 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-51-49.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 17 Aug 2019 05:34:29 GMT
Cache-Control: must-revalidate, private
Server: Apache
Connection: keep-alive
Content-Length: 16
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 css
fonts.googleapis.com/ 3 KB
892 B 29ms
16ms Stylesheet
text/css 2a00:1450:4001:806::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fjalla+One|Roboto+Condensed

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

74166c3ce466a4afbab3fee3dc53106c377de2217ddb142774eb4b59fe65c6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 17 Aug 2019 05:34:29 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Sat, 17 Aug 2019 05:34:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
x-xss-protection: 0
expires: Sat, 17 Aug 2019 05:34:29 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
18 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

cec3748d0c3da4700300d5424aaea375b03550b0ee8b3dd38e242c4022261446

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 29 Jul 2019 21:35:27 GMT
server: Golfe2
age: 7080
date: Sat, 17 Aug 2019 03:36:30 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 17724
expires: Sat, 17 Aug 2019 05:36:30 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 149 KB
35 KB 28ms
16ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d3296d651831055b3b820704b0ea74a23c6a782299f92b42ea53f28925460ce8

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
content-encoding: br
last-modified: Sat, 17 Aug 2019 03:00:00 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 35860
x-xss-protection: 0
expires: Sat, 17 Aug 2019 05:34:30 GMT

GET
H2 200 MP9Jyqtx.min.js Show response
scripts.demandbase.com/ 75 KB
18 KB 7182ms
49ms Script
application/javascript 54.192.94.41
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.192.94.41 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-192-94-41.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ced8617ac173ee6b127b7acae3718d2732c25a2dd9cd07c52b91ef716e43d6c7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 16 Aug 2019 00:59:45 GMT
content-encoding: gzip
last-modified: Fri, 16 Aug 2019 00:52:09 GMT
server: AmazonS3
age: 3598
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: _c3xPLm6tp.c8JYTvpsgBjOMopsTU0cz
status: 200
cache-control: public, max-age=3600
x-amz-cf-pop: FRA2
content-type: application/javascript
x-amz-cf-id: Vt7Gz4mjebSIthsZugTFvGdyD2Em0cgSbALSnDan_4V3m85Bfwh7kg==
via: 1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
2 KB 31ms
18ms Script
text/javascript 2a00:1450:4001:81d::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1566020069993&cv=9&fst=1566020069993&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&tiba=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

708b6617c9f5396ebc33bc3f8df37367fda4d48a3473f7ea41bb142cb842d7db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 1042
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 25ms
24ms Script
application/x-javascript 104.111.251.133
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-251-133.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 17 Aug 2019 05:34:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: Apache
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Mon, 25 Nov 2019 05:34:30 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 33ms
20ms Script
application/javascript 2a00:1450:4001:808::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/all/themes/proofpoint/js/script.js?pwd29m

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

4ba24b3b0893a8ee74bc043ece4c52e17f4b1a4574ee36545821ac7e4f91711c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 EST

GET
DATA 200
OK truncated
/ 251 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 46454a26b3142dec4540c21c9c156f2b3e570488667f1bbcf81854e27925f2a4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 263 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 479f333c6cdf10724e19b33079cab821bb37b0a463170ea9943dcbc0c6d9dc67

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91221ebe7decdf80fc3cfddffa7595ff915be4af1a9a5620fc9c138bf6cc0363

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 562 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8bac03a9bf9bff1a50a992ffe70257f2c6a24e0cc79ba4c268baf19c9ca2880

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 588 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 047ef44b759411ac70b47ffb1c29a2814d34ec9aa7cf12a927340128500bc9fe

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e7e6695bf782bd4b52cc817b8adba3d03973c348cea7622ecb06ab94165c4d0f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1006 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: df7b034e11f350b02f383677a2c37d598922ad494d0e0241ad5740313332a5c8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e675880ebe2bfb0c3364d32f0ea5569eb1d50d4b18fd15c644cf67ce098e04ed

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3886459ca89f9ca7588cc412ddb3b279947acec2258c42c065bc044ce67276c0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6015b6cdafa09835ca9f65f2d9e211f3e120f8da2760401c7ba5e9520a260c37

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Proofpoint-logo-reg-Reversed.png
www.proofpoint.com/sites/all/themes/proofpoint/images/ 45 KB
45 KB 1145ms
1145ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proofpoint.com/sites/all/themes/proofpoint/images/Proofpoint-logo-reg-Reversed.png
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/sites/all/themes/proofpoint/css/styles.css?pwd29m
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
last-modified: Fri, 07 Dec 2018 08:47:10 GMT
x-cdn: Incapsula
etag: "c8a80c4c"
content-type: image/png
status: 200
x-iinfo: 12-53792599-53770771 2CNN RT(1566020069497 0) q(0 12 12 -1) r(12 12) U18
cache-control: max-age=1201211, public
content-length: 46089
expires: Sat, 31 Aug 2019 03:14:41 GMT

GET
H2 200 earth.svg
www.proofpoint.com/sites/all/themes/proofpoint/images/ 3 KB
1 KB 1299ms
1299ms Image
image/svg+xml 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/all/themes/proofpoint/images/earth.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/sites/all/themes/proofpoint/css/styles.css?pwd29m
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:31 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 8447
x-cache: HIT
status: 200
x-iinfo: 12-53792600-53792653 PNNN RT(1566020069498 0) q(0 12 12 -1) r(13 13) U18
x-cache-hits: 391
x-ah-environment: prod
content-encoding: gzip
x-request-id: v-04bef6de-c09d-11e9-880e-8fcd9d125820
last-modified: Wed, 24 Apr 2019 16:02:59 GMT
server: nginx
content-type: image/svg+xml
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 03:13:43 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2
fonts.gstatic.com/s/robotocondensed/v18/ 11 KB
11 KB 19ms
5ms Font
font/woff2 2a00:1450:4001:815::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v18/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

49a1b4e1296645aa2f513c87a0e5fe56a305a7ed678c2f6499631ec1f3b35856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Fjalla+One|Roboto+Condensed
Origin: https://www.proofpoint.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 12 Aug 2019 16:06:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:48:22 GMT
server: sffe
age: 394078
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 10968
x-xss-protection: 0
expires: Tue, 11 Aug 2020 16:06:32 GMT

GET
H2 200 BebasNeue-Bold.woff2
www.proofpoint.com/sites/all/themes/proofpoint/fonts/ 13 KB
13 KB 647ms
647ms Font
text/plain 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/all/themes/proofpoint/fonts/BebasNeue-Bold.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

e2eb28c4292664b548ad2c8ecf855b1f425a08966c5b413a4a0184b6ff52a509

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.proofpoint.com/sites/all/themes/proofpoint/css/styles.css?pwd29m
Origin: https://www.proofpoint.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 8447
x-cache: HIT
status: 200
x-iinfo: 12-53792601-53792532 PNNN RT(1566020069499 0) q(0 5 5 -1) r(7 7) U18
x-cache-hits: 383
x-ah-environment: prod
content-length: 13140
x-request-id: v-04c03076-c09d-11e9-b7c3-23fb4f7235de
last-modified: Fri, 07 Dec 2018 08:47:10 GMT
server: nginx
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 03:13:43 GMT

GET
H2 200 Yq6R-LCAWCX3-6Ky7FAFrOF6kjouQb4.woff2
fonts.gstatic.com/s/fjallaone/v7/ 11 KB
12 KB 19ms
7ms Font
font/woff2 2a00:1450:4001:815::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/fjallaone/v7/Yq6R-LCAWCX3-6Ky7FAFrOF6kjouQb4.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

529e77ee17cf48e9ccbb5a64a0e59a1bbda0d9c011ee061f40b1aa189e8fabb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Fjalla+One|Roboto+Condensed
Origin: https://www.proofpoint.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 12 Aug 2019 21:52:00 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2019 23:50:02 GMT
server: sffe
age: 373350
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 11668
x-xss-protection: 0
expires: Tue, 11 Aug 2020 21:52:00 GMT

GET
H2 200 proofpoint.woff2
www.proofpoint.com/sites/all/themes/proofpoint/fonts/ 18 KB
18 KB 814ms
814ms Font
text/plain 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/all/themes/proofpoint/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.proofpoint.com/sites/all/themes/proofpoint/css/styles.css?pwd29m
Origin: https://www.proofpoint.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 8447
x-cache: HIT
status: 200
x-iinfo: 12-53792602-53792532 PNNN RT(1566020069501 0) q(0 6 6 -1) r(8 8) U18
x-cache-hits: 388
x-ah-environment: prod
content-length: 18296
x-request-id: v-04c3c902-c09d-11e9-8b1d-73e463d64e66
last-modified: Fri, 07 Dec 2018 08:45:31 GMT
server: nginx
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 03:13:43 GMT

GET
H2 200 BebasNeue-Regular.woff2
www.proofpoint.com/sites/all/themes/proofpoint/fonts/ 27 KB
27 KB 1003ms
1003ms Font
text/plain 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/all/themes/proofpoint/fonts/BebasNeue-Regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

94761f99487dcae4d91af9d25f37227af94965157adee62bd2f503645ded4fc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.proofpoint.com/sites/all/themes/proofpoint/css/styles.css?pwd29m
Origin: https://www.proofpoint.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 8447
x-cache: HIT
status: 200
x-iinfo: 12-53792603-53792653 NNNN CT(0 0 0) RT(1566020069506 0) q(0 6 6 -1) r(8 10) U18
x-cache-hits: 252
x-ah-environment: prod
content-length: 27220
x-request-id: v-04c58b2a-c09d-11e9-9fe2-83fa8df3a399
last-modified: Fri, 07 Dec 2018 08:47:10 GMT
server: nginx
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 03:13:43 GMT

GET
H2 200 _Incapsula_Resource Show response
www.proofpoint.com/ 114 KB
16 KB 10ms
10ms Script
application/javascript 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to

Full URL: https://www.proofpoint.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=759107087
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: f4741057c46b05fcfe3cdd7ab0c7042fa4d301e830791beed476a17848b58416

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
content-encoding: gzip
cache-control: no-cache
content-length: 16516
content-type: application/javascript

GET
H2 200 me Show response
geoip-js.maxmind.com/geoip/v2.1/country/ 741 B
1 KB 102ms
82ms XHR
application/vnd.maxmind.com-country+json 2606:4700::6810:252f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip-js.maxmind.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com
Requested by: Host: js.maxmind.com
URL: https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:252f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75edf4d221f70057e9fdd63654d8d05ecef1bb224235ed80bd5d1cd6400195f5

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 5079477dffa7648b-FRA
content-length: 741

GET
DATA 200
OK truncated
/ 562 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5fde80b0aaf01a7fe4f8de3dbb671abadb59a30f6143e828b8000ac4fa9a45ec

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 344 KB
110 KB 8682ms
56ms Script
application/javascript 2.18.232.15
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s7.addthis.com/js/300/addthis_widget.js?_=1566020070060
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/js/js_Sd3E1-ubI8_oPJ3epUeNgAhdPIZsHFWzDl_t8nL-a0k.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.15 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-15.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 20788a06293ee82af16b16a8030dc6fd7a15fb17b56734f0778e88d6b0c6f2ae

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:38 GMT
content-encoding: gzip
last-modified: Wed, 31 Jul 2019 17:18:47 GMT
etag: "5d41cd77-561b5"
vary: Accept-Encoding
x-distribution: 98
content-type: application/javascript
status: 200
cache-control: public, max-age=600
x-host: s7.addthis.com
accept-ranges: bytes

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 77 KB
26 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-KKGL4NZ&cid=1382573722.1566020070&aip=true

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e1083807ee7342f7641eef9a2b0fda54475b40c3345df9ad0570b17d0cc3928b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 25899
x-xss-protection: 0
expires: Sat, 17 Aug 2019 05:34:30 GMT

GET visitWebPage
309-rhv-619.mktoresp.com/webevents/ 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
421 B 34ms
22ms Image
image/gif 2a00:1450:4001:816::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1566020069993&cv=9&fst=1566018000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&tiba=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&fmt=3&cdct=2&is_vtc=1&random=3134064985&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
421 B 32ms
20ms Image
image/gif 2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1566020069993&cv=9&fst=1566018000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&tiba=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&fmt=3&cdct=2&is_vtc=1&random=3134064985&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _Incapsula_Resource
www.proofpoint.com/ 1 B
34 B 5ms
5ms Image
text/plain 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proofpoint.com/_Incapsula_Resource?SWKMTFSR=1&e=0.9589677139286141
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
cache-control: no-cache
content-length: 1
content-type: text/plain

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfl_QvS8o/ 26 KB
10 KB 19ms
6ms Script
text/javascript 2a00:1450:4001:81d::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl_QvS8o/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

743cc926a4314f25d09ad7fa042ddc4dbbb81c7f28fa11be70af367ee3015ecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 15 Aug 2019 12:38:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 147333
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 9985
x-xss-protection: 0
last-modified: Thu, 15 Aug 2019 02:11:52 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 23 Aug 2019 12:38:57 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 23 KB
9 KB 44ms
44ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

481f13ab1dfe784d7b9b778dd53b342c34434da9bc8680b1ce6dea0da8c1d95f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 8968
x-xss-protection: 0
server: cafe
etag: 9750442966221409587
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 17 Aug 2019 05:34:30 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 79ms
49ms Script
application/javascript 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: 6b4c72b8214beaceed57a85c54eed2c61cfc4911b3d677db9a6e00849ef6be05

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
content-encoding: gzip
last-modified: Fri, 02 Aug 2019 18:53:49 GMT
x-msedge-ref: Ref A: 8728BF848CA14D49BC1D365125DC896B Ref B: VIEEDGE0316 Ref C: 2019-08-17T05:34:30Z
status: 200
etag: "809cac9e6349d51:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7133

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 15 KB
5 KB 21ms
6ms Script
application/x-javascript 2a02:26f0:6c00:293::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:293::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 17 Aug 2019 05:34:30 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=65579
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 81ms
27ms Script
application/javascript 151.101.12.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
content-encoding: gzip
age: 76892
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-fra19126-FRA
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1566020070.214756,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET hotjar-933369.js
static.hotjar.com/c/ 0
0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 85 KB
23 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

c7ffb5c7a2fcc93bf5553df1f27de7c5b2dbd4affcb74fd0bef82371e4e22caa

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 22680
x-xss-protection: 0
pragma: public
x-fb-debug: Ct2mnkfL/08fWJli50kOg39YZmwoE2/AUVnX89kv0BWZzO0oEPOIhib7ta8jQ2fLhN4g10PJyn+O2HL1PQFQKA==
x-fb-trip-id: 365799557
x-frame-options: DENY
date: Sat, 17 Aug 2019 05:34:30 GMT
vary: Origin, Accept-Encoding
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1

200
OK

s Show response
ads.avocet.io/
Redirect Chain

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&bounce=true&ty=j

0
417 B

155ms
38ms

Script
application/javascript

52.214.122.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&bounce=true&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.122.164 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-122-164.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 17 Aug 2019 05:34:49 GMT
Connection: keep-alive
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 0
Content-Type: application/javascript

Redirect headers

Location: /s?add=5aba5f53ab79f7f51390a95a&bounce=true&ty=j
Date: Sat, 17 Aug 2019 05:34:49 GMT
Connection: keep-alive
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 79
Content-Type: text/html; charset=utf-8

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 899 B
671 B 19322ms
54ms Script
application/javascript 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=359897&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&r=0.3555689053056985
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.122.87.153 Frankfurt am Main, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),
Reverse DNS: 99.57.7a9f.ip4.static.sl-reverse.com
Software: dacdn2 /
Resource Hash: e8a3406f8d7199f3a77547cd7502e714f589349ff5f776b1a03e06dfdf3e2356

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Sat, 17 Aug 2019 05:34:49 GMT
content-encoding: gzip
server: dacdn2
content-type: application/javascript; charset=UTF-8

GET
H2 403 1594.js
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 36ms
17ms Script
text/html 2606:4700::6812:efe5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&e=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:efe5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 403 1644.js
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 35ms
24ms Script
text/html 2606:4700::6812:efe5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&e=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:efe5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 403 1645.js
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 35ms
26ms Script
text/html 2606:4700::6812:efe5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&e=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:efe5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 403 1646.js
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 11ms
11ms Script
text/html 2606:4700::6812:efe5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&e=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:efe5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 403 1647.js
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 13ms
13ms Script
text/html 2606:4700::6812:efe5
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&e=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:efe5 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

GET
H2 200 main.rtfl.js Show response
visitor.reactful.com/dist/ 256 KB
99 KB 56ms
23ms Script
application/javascript 2a00:1450:4001:809::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/dist/main.rtfl.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 483c7cd4f6f04ce1b1e2bb6469073b0b9b48a428927f5e3df5c422f76835c891

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:31:50 GMT
content-encoding: gzip
server: Google Frontend
age: 160
etag: "0eoOrA"
content-type: application/javascript; charset=UTF-8
status: 200
x-cloud-trace-context: 2e0fafa9ecc3e0fd3c81788b748559bc
cache-control: public, max-age=600
content-length: 101028
expires: Sat, 17 Aug 2019 05:41:50 GMT

GET
H2 200 ip.json Show response
api.company-target.com/api/v2/ 1 KB
1 KB 2182ms
106ms XHR
application/json 54.192.94.239
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?key=8d20076343394d24eb8250e933d1560c
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.192.94.239 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-192-94-239.fra2.r.cloudfront.net
Software: nginx /
Resource Hash: 2954c2a9e0fb7cc4ce521e3c09516508f6e0d42cc60b1487f010e64fd060e5c7

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:32 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2
x-cache: Miss from cloudfront
status: 200
access-control-max-age: 1728000
request-id: 1ce74720-1717-4d3d-8433-24850321d49c
content-length: 556
x-amz-cf-id: BcOVHum579At0ZDb8o1DW9aM3mdGprhaO-o_KwOqI5LA7shFxxFJbg==
pragma: no-cache
access-control-allow-origin: https://www.proofpoint.com
server: nginx
vary: Accept-Encoding, Origin
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 1a483cde6df004748f3e5c80dc46df26.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
identification-source: STANDARD
expires: Fri, 16 Aug 2019 05:34:32 GMT

GET
H/1.1

200
OK

s Show response
ads.avocet.io/
Redirect Chain

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j
https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&bounce=true&ty=j

0
417 B

157ms
38ms

Script
application/javascript

52.214.122.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&bounce=true&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.214.122.164 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-122-164.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 17 Aug 2019 05:34:49 GMT
Connection: keep-alive
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 0
Content-Type: application/javascript

Redirect headers

Location: /s?add=5d1dcad3b00320110090d553&bounce=true&ty=j
Date: Sat, 17 Aug 2019 05:34:49 GMT
Connection: keep-alive
P3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 79
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=5358865536478001200

4 B
481 B

9806ms
207ms

Image
image/jpeg

54.192.94.82
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=5358865536478001200
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.192.94.82 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-54-192-94-82.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 17 Aug 2019 05:34:45 GMT
Via: 1.1 ea71ce4ac4724c3ed76f4816ddddaa6c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2
x-amzn-RequestId: b850a2a3-c0b0-11e9-82e5-2967a6546f11
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-5d5791f5-23cfee7f9610c8bc3a2c6982;Sampled=0
Connection: keep-alive
x-amz-apigw-id: ejO-SHc1IAMFSYQ=
Content-Length: 4
X-Amz-Cf-Id: nYaUUlWSTY-2gJ2VUC0xkC5v0_L5kvNBivotrDZrr8GBbhuvoJ_rYg==

Redirect headers

Pragma: no-cache
Date: Sat, 17 Aug 2019 05:34:37 GMT
X-Proxy-Origin: 82.102.19.132; 82.102.19.132; 539.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.166:80
AN-X-Request-Uuid: 022ca9e3-cf0a-472f-9914-fba4bcdfb317
Server: nginx/1.13.4
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=proofpoint.com&pId=5358865536478001200
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET img
gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/ 0
0

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 34 KB
11 KB 4108ms
26ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 38e6bcaede2a5ccf63ffcbe7ba8bd921d669bd6a2ca55da74c6c17915e3b03fb

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: M5BFY6lE2LGQOaSrGXQlCv5JJo0t.Dre
Content-Encoding: gzip
ETag: "79681edb978f8daef53a1d94e4433191"
x-amz-request-id: F33CE7C02CD8DFBA
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 10591
x-amz-id-2: /Hl2l6J8kmGGi72LHSNMrJ0OeIWCJqGvwBT8REhl6v8f/mIgC9mjewxAgSJJWSR+RsFD1OMTcG0=
Last-Modified: Thu, 15 Aug 2019 21:33:05 GMT
Server: AmazonS3
Date: Sat, 17 Aug 2019 05:34:34 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 DE.png
www.proofpoint.com/sites/all/modules/custom/pp_cdn/images/ 3 KB
3 KB 1017ms
1017ms Image
image/png 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.proofpoint.com/sites/all/modules/custom/pp_cdn/images/DE.png
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),
Reverse DNS
Software: /
Resource Hash: 013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:30 GMT
last-modified: Wed, 17 Jul 2019 18:26:11 GMT
x-cdn: Incapsula
etag: "cc0c264c"
content-type: image/png
status: 200
x-iinfo: 12-53792616-53791790 2CNN RT(1566020069646 0) q(0 10 10 -1) r(10 10) U18
cache-control: max-age=1201211, public
content-length: 3329
expires: Sat, 31 Aug 2019 03:14:41 GMT

GET
DATA 200
OK truncated
/ 571 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89cfdadb23c7206b508ca2007f1e8c183f609fd283a91b03e19b64ee2f03a288

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 close_button.svg
www.proofpoint.com/sites/all/themes/proofpoint/images/ 433 B
575 B 1037ms
1036ms Image
image/svg+xml 2a02:e980:d::87
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/sites/all/themes/proofpoint/images/close_button.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:d::87 , United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

nginx /

Resource Hash

ba2fc3f7fc4e3de678f7071c05e967705f407dd069e2488b9845c6eb55fb240f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/sites/all/themes/proofpoint/css/styles.css?pwd29m
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:31 GMT
via: varnish
x-content-type-options: nosniff
x-cdn: Incapsula
age: 8389
x-cache: HIT
status: 200
x-iinfo: 12-53792617-53792654 NNNN CT(159 159 0) RT(1566020069649 0) q(0 6 9 -1) r(10 10) U18
x-cache-hits: 8
x-ah-environment: prod
content-encoding: gzip
x-request-id: v-2771344e-c09d-11e9-a4e2-33191465c6e1
last-modified: Wed, 17 Jul 2019 18:26:10 GMT
server: nginx
content-type: image/svg+xml
cache-control: max-age=1209600
accept-ranges: bytes
expires: Sat, 31 Aug 2019 03:14:41 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j78&aip=1&a=1202316689&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geogra...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-2257074-1&cid=1382573722.1566020070&jid=1495395351&_gid=1556422809.1566020070&gjid=2039748294&_v=j78&z=1988576900
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=1382573722.1566020070&jid=1495395351&_v=j78&z=1988576900
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=1382573722.1566020070&jid=1495395351&_v=j78&z=1988576900&slf_rd=1&random=4039601647

42 B
109 B

18ms
18ms

Image
image/gif

2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=1382573722.1566020070&jid=1495395351&_v=j78&z=1988576900&slf_rd=1&random=4039601647

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-2257074-1&cid=1382573722.1566020070&jid=1495395351&_v=j78&z=1988576900&slf_rd=1&random=4039601647
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 143852102935619 Show response
connect.facebook.net/signals/config/ 301 KB
72 KB 55ms
54ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/143852102935619?v=2.9.2&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

c36385fddfc942bb807e1ab245c921dc35ef4814df29556cf0b5bac8e6201971

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-xss-protection: 0
pragma: public
x-fb-debug: QLo39KqXKA5QjHa5hYcRJ8bpNw+2CEbuvyBfeWI+lMPRcKb9+5Ybue9GJa+dj/X2KwC7aG0SeEHaL9Z07gBxzg==
x-fb-trip-id: 365799557
x-frame-options: DENY
date: Sat, 17 Aug 2019 05:34:30 GMT
vary: Origin, Accept-Encoding
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
2 KB 55ms
44ms Script
text/javascript 2a00:1450:4001:81d::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1566020070199&cv=9&fst=1566020070199&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg874&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&tiba=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

986be30669520427f69bd99e6dba2aa3fad606636670efbc20cfadccc4a69756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43,39",quic=":443"; ma=2592000; v="46,43,39"
content-length: 1055
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
148 B 70ms
70ms Image
text/plain 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=17087961&Ver=2&mid=c932598b-b1e6-aeb7-2a6b-46fcb703d8eb&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&r=&lt=848&evt=pageLoad&msclkid=N&rn=93714
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 38274F4409F247EFA16385A36693E4B7 Ref B: VIEEDGE0316 Ref C: 2019-08-17T05:34:30Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET adsct
t.co/i/ 0
0

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
167 B 26ms
21ms Image
image/gif 2a00:1450:4001:816::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1566020070199&cv=9&fst=1566018000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg874&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&tiba=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&async=1&fmt=3&cdct=2&is_vtc=1&random=3445578669&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
421 B 32ms
21ms Image
image/gif 2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1566020070199&cv=9&fst=1566018000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg874&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&tiba=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&async=1&fmt=3&cdct=2&is_vtc=1&random=3445578669&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
visitor.reactful.com/config/879986/ 12 KB
4 KB 1209ms
1176ms XHR
text/html 2a00:1450:4001:809::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&hash=&referer=&user_id=&hshkgid=b3fff1f2-2ed8-4eb7-bd50-75e7b2a00a71&cb_rtfl=_rtfl_jsonp_0
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:809::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 0d5333f6e3c9c058899ff3885d091a11e6cbc450c531f606a0de154580dda830

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:31 GMT
content-encoding: gzip
server: Google Frontend
status: 200
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
access-control-allow-origin: https://www.proofpoint.com
x-cloud-trace-context: 22a39cf9fa4d6e56f0578254fee06380
cache-control: no-cache
access-control-allow-credentials: true
content-type: text/html; charset=utf-8
access-control-allow-headers: Six-Sense-Data,Custom-Vars-Data
content-length: 3857
expires: Sat, 17 Aug 2019 05:34:31 GMT

GET
H2 200 inferredEvents.js Show response
connect.facebook.net/signals/plugins/ 1 KB
897 B 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/inferredEvents.js?v=2.9.2

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 772
x-xss-protection: 0
pragma: public
x-fb-debug: GuCZC/egDEoGr+csiiBegcE041O58lh3gMhuR+f436Bz1c596k3gOJ3AT7VhJajV0kf5tMyZOyCpQzkVDp+/Qw==
x-fb-trip-id: 365799557
x-frame-options: DENY
date: Sat, 17 Aug 2019 05:34:30 GMT
vary: Origin, Accept-Encoding
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
258 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=143852102935619&ev=PageView&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&rl=&if=false&ts=1566020070703&sw=1600&sh=1200&v=2.9.2&r=stable&ec=0&o=30&fbp=fb.1.1566020070702.1847751922&it=1566020070186&coo=false&rqm=GET

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 17 Aug 2019 05:34:31 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Sat, 17 Aug 2019 05:34:31 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame D654 0
0 17ms
6ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 2273
pragma: no-cache
cache-control: no-cache
origin: https://www.proofpoint.com
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
accept-encoding: gzip, deflate, br
Origin: https://www.proofpoint.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Response headers

status: 200
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0
server: proxygen-bolt
date: Sat, 17 Aug 2019 05:34:31 GMT

GET
BLOB 200
OK 3b573495-5d9f-4d2a-89cf-b622fec5a594 Show response
https://www.proofpoint.com/ 12 KB
0 Script
text/html

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.proofpoint.com/3b573495-5d9f-4d2a-89cf-b622fec5a594
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: BLOB
Security: , ,
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d5333f6e3c9c058899ff3885d091a11e6cbc450c531f606a0de154580dda830

Request headers

Sec-Fetch-Mode: no-cors
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Length: 11965
Content-Type: text/html

POST
H2 200 / Show response
tracking.reactful.com/tracking/879986/ 6 B
192 B 174ms
140ms XHR
text/html 2a00:1450:4001:80b::2013
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.reactful.com/tracking/879986/
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a00:1450:4001:80b::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56

Request headers

Accept: */*
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: cors
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 17 Aug 2019 05:34:31 GMT
content-encoding: gzip
server: Google Frontend
status: 200
vary: Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: a53227687da295d4dde54801b5d5e58e
cache-control: no-cache
content-length: 26

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js
https://s.adroll.com/j/exp/index.js

29 B
681 B

24ms
24ms

Script
application/javascript

2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5c29b175a6d1f05484b053e12e2cdb182846568129d7b78eedff887c82f962df

Request headers

Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: ulDVAxPlJ63F02fAZBuYoNI6RfY45Imv
ETag: "b8d0bc64e754567e4196efbf1d764f4d"
x-amz-request-id: 19FC57269AD74253
x-amz-server-side-encryption: AES256
Connection: keep-alive
Content-Length: 29
x-amz-id-2: sP2ma/KQtbrD//6OLigwYYZqbwwB7/eBRet/AN3QXA6zoZozYeS3a1Cq7iM1IgOlGfOfrvrxt9U=
Last-Modified: Mon, 29 Jul 2019 19:09:03 GMT
Server: AmazonS3
Date: Sat, 17 Aug 2019 05:34:34 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Sat, 17 Aug 2019 05:34:34 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK 7YJ7XZCLMRHSVCXIHB5HIT Show response
d.adroll.com/consent/check/ 46 B
505 B 3198ms
39ms Script
application/javascript 54.246.124.187
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT?_s=ce532e9231fc5d5368a4f8dd167c3ce3
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.124.187 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-246-124-187.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: a0acc85c1ed383321e466a775c305f3e771ff70a392463b3157891d3ad332fb7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 17 Aug 2019 05:34:37 GMT
Server: nginx/1.14.1
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: application/javascript
Content-Length: 46

GET ip.json
api.company-target.com/api/v2/ 0
0

GET

log
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AAEkf066ryQAACHwn1BinA

0
0

GET
H2 204 464526.gif
id.rlcdn.com/ 0
62 B 16981ms
146ms Image
text/plain 35.190.72.21
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
date: Sat, 17 Aug 2019 05:34:54 GMT
via: 1.1 google
alt-svc: clear

GET YV5KYXXEJZATZCT37YRTMK
d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/ 0
0

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
237 B 4739ms
27ms Image
image/gif 159.122.87.153
SoftLayer Technol...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?a=359897&d=proofpoint.com&u=DB480DE7DD882E675484AAC42BBA0B790&h=46414d59ab41ff6b28c3b5663b5205ad&t=true&r=0.6715402909870671

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.122.87.153 Frankfurt am Main, Germany, ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US),

Reverse DNS

99.57.7a9f.ip4.static.sl-reverse.com

Software

dacdn2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta544-targets-geographies-italy-japan-range-malware
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 17 Aug 2019 05:34:54 GMT
x-content-type-options: nosniff
server: dacdn2
content-type: image/gif
status: 200
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 309-rhv-619.mktoresp.com
URL: https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1566020070108&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1566020070107-49448&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=

Domain: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-933369.js?sv=5

Domain: gwmtracking.com
URL: https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=1137503234

Domain: t.co
URL: https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nyk4d&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Domain: api.company-target.com
URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware&page_title=Threat%20Actor%20Profile%3A%20TA544%20targets%20geographies%20from%20Italy%20to%20Japan%20with%20a%20range%20of%20malware%20%7C%20Proofpoint&key=2e81efc731d57cb3e458d08fae112991&src=tag

Domain: segments.company-target.com
URL: https://segments.company-target.com/log?vendor=choca&user_id=AAEkf066ryQAACHwn1BinA

Domain: d.adroll.com
URL: https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=6a17caa230b5ed8c44503d951979e612-1566020077824&pv=55683973694.85305&cookie=&adroll_s_ref=&keyw=&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actor-profile-ta544-targets-geographies-italy-japan-range-malware

Verdicts & Comments Add Verdict or Comment

164 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

309-rhv-619.mktoresp.com
ads.avocet.io
api.company-target.com
attr.ml-api.io
bat.bing.com
cloud.typography.com
connect.facebook.net
d.adroll.com
dev.visualwebsiteoptimizer.com
fonts.googleapis.com
fonts.gstatic.com
geoip-js.maxmind.com
googleads.g.doubleclick.net
gwmtracking.com
id.rlcdn.com
js.maxmind.com
munchkin.marketo.net
s.adroll.com
s.ml-attr.com
s.ytimg.com
s7.addthis.com
scripts.demandbase.com
secure.adnxs.com
segments.company-target.com
sjs.bizographics.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tracking.g2crowd.com
tracking.reactful.com
visitor.reactful.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.proofpoint.com
www.youtube.com
309-rhv-619.mktoresp.com
api.company-target.com
d.adroll.com
gwmtracking.com
segments.company-target.com
static.hotjar.com
t.co
104.111.251.133
151.101.12.157
159.122.87.153
2.18.232.15
2.18.233.40
216.58.210.2
23.38.51.49
2606:4700::6810:252f
2606:4700::6810:262f
2606:4700::6812:efe5
2620:1ec:c11::200
2a00:1450:4001:806::200a
2a00:1450:4001:808::200e
2a00:1450:4001:809::2013
2a00:1450:4001:80b::2008
2a00:1450:4001:80b::200e
2a00:1450:4001:80b::2013
2a00:1450:4001:815::2003
2a00:1450:4001:816::2003
2a00:1450:4001:816::2004
2a00:1450:4001:81d::2002
2a00:1450:4001:81d::200e
2a00:1450:400c:c04::9d
2a02:26f0:6c00:293::3adf
2a02:e980:d::87
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
35.190.72.21
37.252.173.27
52.214.122.164
54.192.94.239
54.192.94.41
54.192.94.82
54.246.124.187
68.67.153.60
013ebc8682bafe775a56f93904cff8456974906327dad3524e2ab2fe0c0df700
047ef44b759411ac70b47ffb1c29a2814d34ec9aa7cf12a927340128500bc9fe
06b5607ce2a1b6464c87569049b0acd1fa6dd80b9d442637d0edf79d67bf8628
0a27495fe793ed91ee92cd819f0a542ff70b4e06b6d929bf41342d238b758df4
0d5333f6e3c9c058899ff3885d091a11e6cbc450c531f606a0de154580dda830
0e41e449d2997692fc3631d239e51c964577b35502ee9e138eead4a960682806
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1ee51b94d3a3346cbfb9f77ae1e629353494a22d41986fcf197aeae7ff530d70
20788a06293ee82af16b16a8030dc6fd7a15fb17b56734f0778e88d6b0c6f2ae
2954c2a9e0fb7cc4ce521e3c09516508f6e0d42cc60b1487f010e64fd060e5c7
3023bad19ae54879e10da1c38a9481f36a360403a3288a3c06b04a1e2195dd21
3140e03d8dd88ddfc2a9eefc88a3ae4b233c3f6182423775f83e22e16d072cd5
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
3886459ca89f9ca7588cc412ddb3b279947acec2258c42c065bc044ce67276c0
38e6bcaede2a5ccf63ffcbe7ba8bd921d669bd6a2ca55da74c6c17915e3b03fb
40c2df11fbebad9e05c5dfc4f9aad292a399642492254bc628e234089ec4e89b
41823071e47f49519aaafcfcea698c65db53051297c9729e0810da9ea2b70283
46454a26b3142dec4540c21c9c156f2b3e570488667f1bbcf81854e27925f2a4
479f333c6cdf10724e19b33079cab821bb37b0a463170ea9943dcbc0c6d9dc67
481f13ab1dfe784d7b9b778dd53b342c34434da9bc8680b1ce6dea0da8c1d95f
483c7cd4f6f04ce1b1e2bb6469073b0b9b48a428927f5e3df5c422f76835c891
49a1b4e1296645aa2f513c87a0e5fe56a305a7ed678c2f6499631ec1f3b35856
49ddc4d7eb9b23cfe83c9ddea5478d80085d3c866c1c55b30e5fedf272fe6b49
4abb2c8ea5a2f842fe91d4a1daa87aa91cc2a42a95693db7a35e9a9efcaa052a
4ba24b3b0893a8ee74bc043ece4c52e17f4b1a4574ee36545821ac7e4f91711c
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd
529e77ee17cf48e9ccbb5a64a0e59a1bbda0d9c011ee061f40b1aa189e8fabb8
546595c59cd94a2dd8403e01dee1def5f043e5cff6352cf84c4c7770bf5dc754
579f4babb911b5a02260cfd84bca42d0e14c058264fe3b7c9cd2b8500d709469
5b97c439e216d135ae9e10d5aed248dad7d20c9b05e54d3ea98820e55521379d
5c29b175a6d1f05484b053e12e2cdb182846568129d7b78eedff887c82f962df
5fde80b0aaf01a7fe4f8de3dbb671abadb59a30f6143e828b8000ac4fa9a45ec
6015b6cdafa09835ca9f65f2d9e211f3e120f8da2760401c7ba5e9520a260c37
62fb619801e63ae8cb42d3e79ae12d91f89bcb812a35abe360d43674666abc98
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
69666124ea4313cf5b2da94871c86acd68bcbc4d50b360fdebc4dc3b977dde21
6b4c72b8214beaceed57a85c54eed2c61cfc4911b3d677db9a6e00849ef6be05
708b6617c9f5396ebc33bc3f8df37367fda4d48a3473f7ea41bb142cb842d7db
74166c3ce466a4afbab3fee3dc53106c377de2217ddb142774eb4b59fe65c6e8
743cc926a4314f25d09ad7fa042ddc4dbbb81c7f28fa11be70af367ee3015ecd
75edf4d221f70057e9fdd63654d8d05ecef1bb224235ed80bd5d1cd6400195f5
75f94de20ce7a52a2ac84f9f42abdd5687549bc207135ffaa7d5baed1cc7060a
7772e3d0bc6fba46755057c1ca0154dfda1100214439321c2702fa8ad468158b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
88b3102f2889489e2db30d672885b580d0275e944baacebc652c90ce2263d7ab
89cfdadb23c7206b508ca2007f1e8c183f609fd283a91b03e19b64ee2f03a288
8c04e5c378ae725f0ed4a33cf297cffdbb80839c5bad6984801553f7893ec45b
91221ebe7decdf80fc3cfddffa7595ff915be4af1a9a5620fc9c138bf6cc0363
92e9b12b7af891ed8c8dc61c318f954b6f407f88b062b21c21a6041a549a4934
94761f99487dcae4d91af9d25f37227af94965157adee62bd2f503645ded4fc7
94880f4d8b391421ea1a5447903697dbc761d879cf9ec89faa637d0bf2f331c4
96bd48632c4d64af670460f1f6eb31561cf54f53489101810704e163c5bc009e
986be30669520427f69bd99e6dba2aa3fad606636670efbc20cfadccc4a69756
9d0c2dcad36cced1cd443f28198432ca36bf2e08f12e2e38a8b21220fc889aec
a0acc85c1ed383321e466a775c305f3e771ff70a392463b3157891d3ad332fb7
a18430e37c008ca74cde9ea753584b0c8de60e02f751f0b2a8fb2780d53a1a76
a4bcaba23f30e7aa39a04ba1cbd337fd43e1962f1883566ae4bc61ad138fa16b
a8bac03a9bf9bff1a50a992ffe70257f2c6a24e0cc79ba4c268baf19c9ca2880
aa0a54389bd2f1377c5cedb4e6d4cbb8a8018d9cef836d82178628ae304932e5
ac423fe5c2bf07d841e12a36c9952daf9c1eb8457785eb8096508313a5ec2242
afcbd2a86b73e86835160b9060ea5e98f743094b82d197fc6fdbd7cfe0fe096f
b7eab4c7c851a155bd46eb51790debc67d6f4b076d8b7070da3bb77abab18448
ba2fc3f7fc4e3de678f7071c05e967705f407dd069e2488b9845c6eb55fb240f
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
c36385fddfc942bb807e1ab245c921dc35ef4814df29556cf0b5bac8e6201971
c42a41f50ddc0d98adce6ed747e7a4ccef6278990d7f7413ecde1284ecb9d530
c6687d159fd14a00a4b187ecfa840c0e21d5a28f352003295d8508190fbdd826
c7ffb5c7a2fcc93bf5553df1f27de7c5b2dbd4affcb74fd0bef82371e4e22caa
cc3cfa383d1a79efd2cc2f0c77d14d9e74858312561b6d8f8a1b63b75ebab500
cd1c301a8e7960a1786e2a959226b0b78b56dbea284bd114265f1662d6ca280e
cec3748d0c3da4700300d5424aaea375b03550b0ee8b3dd38e242c4022261446
ced8617ac173ee6b127b7acae3718d2732c25a2dd9cd07c52b91ef716e43d6c7
cf8646fc48648f5a6d806df8f757007e6398a55ddccc3d8c2046a4c014cf1b56
d3296d651831055b3b820704b0ea74a23c6a782299f92b42ea53f28925460ce8
df7b034e11f350b02f383677a2c37d598922ad494d0e0241ad5740313332a5c8
e1083807ee7342f7641eef9a2b0fda54475b40c3345df9ad0570b17d0cc3928b
e2eb28c4292664b548ad2c8ecf855b1f425a08966c5b413a4a0184b6ff52a509
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e675880ebe2bfb0c3364d32f0ea5569eb1d50d4b18fd15c644cf67ce098e04ed
e6f4197e7c39e79481fceddfea14fb5a015d63828c47ef33e32cd5a219d0a2e5
e7e6695bf782bd4b52cc817b8adba3d03973c348cea7622ecb06ab94165c4d0f
e8a3406f8d7199f3a77547cd7502e714f589349ff5f776b1a03e06dfdf3e2356
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f4680a9c1ff0ef54e040617cc5da503bdd12a29170778e935c22a9088406f2e5
f4741057c46b05fcfe3cdd7ab0c7042fa4d301e830791beed476a17848b58416
f949a352c152199cd6809af0ff6c846bbcacc7dc8bfc8bd191d273a3c7ebc728
fee1032dab754253c36916b68e560f1da27d7f0834392a25e19f525313b59ff2

www.proofpoint.com Open in urlscan Pro 2a02:e980:d::87 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

100 Requests

92 %HTTPS

57 %IPv6

35 Domains

40 Subdomains

33 IPs

6 Countries

5212 kBTransfer

7326 kBSize

0 Cookies

17 Outgoing links

Redirected requests

100 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.proofpoint.com Open in urlscan Pro
2a02:e980:d::87 Public Scan

Screenshot
Live screenshot

Full Image

100
Requests

92 %
HTTPS

57 %
IPv6

35
Domains

40
Subdomains

33
IPs

6
Countries

5212 kB
Transfer

7326 kB
Size

0
Cookies

100 HTTP transactions
12 data transactions