www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Submission Tags: falconsandbox
Submission: On January 12 via api (January 12th 2021, 2:58:41 pm UTC) from US

Summary HTTP 92 Redirects Behaviour Indicators

Summary

This website contacted 43 IPs in 7 countries across 44 domains to perform 92 HTTP transactions. The main IP is 2a02:e980:107::cf, located in United States and belongs to INCAPSULA, US. The main domain is www.proofpoint.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on January 8th 2021. Valid for: a year.

This is the only time www.proofpoint.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	2a02:e980:107... 2a02:e980:107::cf	19551 (INCAPSULA) (INCAPSULA)
1	2a00:1450:400... 2a00:1450:4001:81e::200a	15169 (GOOGLE) (GOOGLE)
1	216.58.205.226 216.58.205.226	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:aef	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.111.236.192 104.111.236.192	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	13.224.94.123 13.224.94.123	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:800::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
5	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:824::2002	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	13.225.80.24 13.225.80.24	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:295::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4 6	52.17.151.21 52.17.151.21	16509 (AMAZON-02) (AMAZON-02)
2	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6812:1abe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:820::2013	15169 (GOOGLE) (GOOGLE)
2	65.9.7.67 65.9.7.67	16509 (AMAZON-02) (AMAZON-02)
2 4	172.217.21.230 172.217.21.230	15169 (GOOGLE) (GOOGLE)
1	13.224.94.64 13.224.94.64	16509 (AMAZON-02) (AMAZON-02)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
1	65.9.7.80 65.9.7.80	16509 (AMAZON-02) (AMAZON-02)
1 6	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	34.120.207.148 34.120.207.148	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	13.224.94.37 13.224.94.37	16509 (AMAZON-02) (AMAZON-02)
1	13.224.94.36 13.224.94.36	16509 (AMAZON-02) (AMAZON-02)
11 14	34.248.22.101 34.248.22.101	16509 (AMAZON-02) (AMAZON-02)
1	54.197.143.221 54.197.143.221	14618 (AMAZON-AES) (AMAZON-AES)
1	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	52.59.102.119 52.59.102.119	16509 (AMAZON-02) (AMAZON-02)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
1	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	52.57.162.23 52.57.162.23	16509 (AMAZON-02) (AMAZON-02)
1 2	54.93.211.166 54.93.211.166	16509 (AMAZON-02) (AMAZON-02)
92	43

15 2a02:e980:107::cf (United States)

ASN19551 (INCAPSULA, US)

www.proofpoint.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.205.226 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s24-in-f226.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:aef (United States)

ASN13335 (CLOUDFLARENET, US)

geoip-js.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.236.192 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-236-192.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.123 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-123.zrh50.r.cloudfront.net

scripts.demandbase.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

309-rhv-619.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.80.24 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-24.fra2.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:295::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.17.151.21 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com

ads.avocet.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.96.102.137 (United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:1abe (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:820::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

visitor.reactful.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.7.67 (Seattle, United States)

ASN16509 (AMAZON-02, US)

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.21.230 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s13-in-f6.1e100.net

4788165.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
10487471.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.64 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-64.zrh50.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.220.145 (Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.7.80 (Seattle, United States)

ASN16509 (AMAZON-02, US)

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.233.40 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.207.148 (United States)

ASN15169 (GOOGLE, US)
PTR: 148.207.120.34.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.37 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-37.zrh50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.94.36 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-94-36.zrh50.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 34.248.22.101 (Dublin, Ireland) 11 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-22-101.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.197.143.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-197-143-221.compute-1.amazonaws.com

js.driftqa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.59.102.119 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-102-119.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7001 (United Kingdom) 1 redirects

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.162.23 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-162-23.eu-central-1.compute.amazonaws.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.93.211.166 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-211-166.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	adroll.com 11 redirects s.adroll.com d.adroll.com	27 KB
15	proofpoint.com www.proofpoint.com	2 MB
7	doubleclick.net 2 redirects googleads.g.doubleclick.net 4788165.fls.doubleclick.net 10487471.fls.doubleclick.net stats.g.doubleclick.net cm.g.doubleclick.net Failed	3 KB
5	g2crowd.com tracking.g2crowd.com	4 KB
5	google-analytics.com www.google-analytics.com	56 KB
4	avct.cloud 2 redirects ads.avct.cloud	1 KB
3	adnxs.com 2 redirects secure.adnxs.com ib.adnxs.com	3 KB
3	reactful.com visitor.reactful.com	105 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	61 KB
3	google.de www.google.de	262 B
3	google.com www.google.com	262 B
2	bidswitch.net 1 redirects x.bidswitch.net	868 B
2	3lift.com 1 redirects eb2.3lift.com	738 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	company-target.com api.company-target.com segments.company-target.com Failed	2 KB
2	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	2 KB
2	avocet.io 2 redirects ads.avocet.io	280 B
2	bing.com bat.bing.com	9 KB
2	marketo.net munchkin.marketo.net	7 KB
2	geoip-js.com geoip-js.com	3 KB
2	googleadservices.com www.googleadservices.com	24 KB
1	taboola.com sync.taboola.com	219 B
1	yahoo.com 1 redirects ads.yahoo.com	369 B
1	pubmatic.com simage2.pubmatic.com	886 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	advertising.com pixel.advertising.com	124 B
1	facebook.net connect.facebook.net	23 KB
1	driftqa.com js.driftqa.com	21 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	138 B
1	rlcdn.com id.rlcdn.com	42 B
1	t.co t.co	170 B
1	ml-api.io attr.ml-api.io	485 B
1	ml-attr.com 1 redirects s.ml-attr.com	279 B
1	driftt.com js.driftt.com	81 KB
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	mktoresp.com 309-rhv-619.mktoresp.com	311 B
1	demandbase.com scripts.demandbase.com	19 KB
1	googletagmanager.com www.googletagmanager.com	64 KB
1	googleapis.com fonts.googleapis.com	903 B
0	openx.net Failed us-u.openx.net Failed
0	outbrain.com Failed sync.outbrain.com Failed
0	linkedin.com Failed px.ads.linkedin.com Failed
0	gwmtracking.com Failed gwmtracking.com Failed
92	44

	Domain	Requested by
15	www.proofpoint.com	www.proofpoint.com
13	d.adroll.com	10 redirects www.proofpoint.com
6	s.adroll.com	1 redirects www.googletagmanager.com www.proofpoint.com s.adroll.com d.adroll.com
5	tracking.g2crowd.com	www.proofpoint.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.proofpoint.com
4	ads.avct.cloud	2 redirects www.proofpoint.com
3	visitor.reactful.com	www.proofpoint.com visitor.reactful.com
3	www.google.de	www.proofpoint.com
3	www.google.com	www.proofpoint.com
2	x.bidswitch.net	1 redirects www.proofpoint.com
2	eb2.3lift.com	1 redirects www.proofpoint.com
2	dsum-sec.casalemedia.com	1 redirects www.proofpoint.com
2	10487471.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	secure.adnxs.com	2 redirects
2	4788165.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	api.company-target.com	www.proofpoint.com scripts.demandbase.com
2	dev.visualwebsiteoptimizer.com	www.proofpoint.com
2	ads.avocet.io	2 redirects
2	bat.bing.com	www.googletagmanager.com www.proofpoint.com
2	googleads.g.doubleclick.net	www.googleadservices.com
2	munchkin.marketo.net	www.proofpoint.com munchkin.marketo.net
2	geoip-js.com	www.proofpoint.com geoip-js.com
2	www.googleadservices.com	www.proofpoint.com www.googletagmanager.com
1	ib.adnxs.com	www.proofpoint.com
1	sync.taboola.com	www.proofpoint.com
1	ads.yahoo.com	1 redirects
1	simage2.pubmatic.com	www.proofpoint.com
1	pixel.rubiconproject.com	www.proofpoint.com
1	pixel.advertising.com	www.proofpoint.com
1	connect.facebook.net	d.adroll.com connect.facebook.net
1	js.driftqa.com	www.proofpoint.com
1	d.adroll.mgr.consensu.org	1 redirects
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	id.rlcdn.com	www.proofpoint.com
1	t.co	www.proofpoint.com
1	attr.ml-api.io	www.proofpoint.com
1	s.ml-attr.com	1 redirects
1	js.driftt.com	www.proofpoint.com
1	snap.licdn.com	www.proofpoint.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	309-rhv-619.mktoresp.com	munchkin.marketo.net
1	scripts.demandbase.com	www.proofpoint.com
1	www.googletagmanager.com	www.proofpoint.com
1	fonts.googleapis.com	www.proofpoint.com
0	cm.g.doubleclick.net Failed	www.proofpoint.com
0	us-u.openx.net Failed	www.proofpoint.com
0	sync.outbrain.com Failed	www.proofpoint.com
0	segments.company-target.com Failed	www.proofpoint.com
0	px.ads.linkedin.com Failed	www.proofpoint.com
0	gwmtracking.com Failed	www.proofpoint.com
92	53

This site contains no links.

Subject Issuer	Validity	Valid
proofpoint.com Sectigo RSA Organization Validation Secure Server CA	`2021-01-08` - `2022-01-08`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-17` - `2021-08-17`	a year	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
tag.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-14` - `2021-11-15`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2020-10-27` - `2021-04-27`	6 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2020-08-14` - `2021-08-19`	a year	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.avct.cloud Let's Encrypt Authority X3	`2020-11-03` - `2021-02-01`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2020-06-19` - `2022-07-06`	2 years	crt.sh
*.g2crowd.com Sectigo ECC Domain Validation Secure Server CA	`2020-08-30` - `2021-09-28`	a year	crt.sh
*.reactful.com Go Daddy Secure Certificate Authority - G2	`2020-03-12` - `2021-05-09`	a year	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2020-10-09` - `2021-10-28`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
drift.com Amazon	`2020-09-21` - `2021-10-23`	a year	crt.sh
*.ml-api.io Amazon	`2020-02-06` - `2021-03-06`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-02-18` - `2021-02-06`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.google.de GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2020-10-08` - `2021-11-07`	a year	crt.sh
driftqa.com Amazon	`2020-06-18` - `2021-07-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2020-10-04` - `2021-03-31`	6 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.pubmatic.com Sectigo RSA Organization Validation Secure Server CA	`2019-02-22` - `2021-02-21`	2 years	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.3lift.com Amazon	`2020-07-04` - `2021-08-05`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh

This page contains 4 frames:

Primary Page: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Frame ID: 286762DBA4C4EB412FA7D1ACA16A5936
Requests: 104 HTTP requests in this frame

Frame: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNC66P3Tlu4CFQPIuwgdt7MDbA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495
Frame ID: E556E1867CB85912FEB4961504BF5B95
Requests: 1 HTTP requests in this frame

Frame: https://10487471.fls.doubleclick.net/activityi;dc_pre=CJ6g6f3Tlu4CFS1d5QodWqkDwA;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks
Frame ID: FDE247F9BB15975B1727AD26485B1F55
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 5392DF4790F6F89E5CDED9A30651A635
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Page Statistics

92
Requests

91 %
HTTPS

36 %
IPv6

44
Domains

53
Subdomains

43
IPs

7
Countries

2114 kB
Transfer

5072 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j HTTP 301
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j HTTP 302
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

Request Chain 54

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j HTTP 301
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j HTTP 302
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

Request Chain 55

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495 HTTP 302
https://4788165.fls.doubleclick.net/activityi;dc_pre=CNC66P3Tlu4CFQPIuwgdt7MDbA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495

Request Chain 57

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=proofpoint.com&pId=4299838325352436843

Request Chain 60

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks HTTP 302
https://10487471.fls.doubleclick.net/activityi;dc_pre=CJ6g6f3Tlu4CFS1d5QodWqkDwA;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks

Request Chain 65

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1610463481313&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%26time%3D1610463481313%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252Fus%252Fexploring-bergard-old-malware-new-tricks%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1610463481313&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&liSync=true

Request Chain 68

https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
https://segments.company-target.com/log?vendor=choca&user_id=AALTF06_-3IAABAaGIgYOA HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AALTF06_-3IAABAaGIgYOA&verifyHash=82d5200a09db832c19ef22344d22fbdb88e65924

Request Chain 85

https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 87

https://d.adroll.mgr.consensu.org/consent/iabcheck/7YJ7XZCLMRHSVCXIHB5HIT?_s=4f80d4d91247458211a4fe5765f43d2e&_b=2 HTTP 302
https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=4f80d4d91247458211a4fe5765f43d2e&_b=2

Request Chain 89

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&pv=79275656854.84477&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

Request Chain 93

https://d.adroll.com/cm/aol/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://pixel.advertising.com/ups/55980/sync?uid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 94

https://d.adroll.com/cm/index/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expiration=1641999481 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expiration=1641999481&C=1

Request Chain 95

https://d.adroll.com/cm/n/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expires=365

Request Chain 96

https://d.adroll.com/cm/outbrain/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

Request Chain 97

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 98

https://d.adroll.com/cm/r/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 99

https://d.adroll.com/cm/taboola/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

Request Chain 100

https://d.adroll.com/cm/triplelift/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

Request Chain 101

https://d.adroll.com/cm/b/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

Request Chain 102

https://d.adroll.com/cm/x/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

Request Chain 104

https://d.adroll.com/cm/o/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=eb20c10267f82a52ed9eb8f0960cfb10

Request Chain 105

https://d.adroll.com/cm/g/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=6yDBAmf4KlLtnrjwlgz7EA

92 HTTP transactions
16 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request Cookie set exploring-bergard-old-malware-new-tricks
www.proofpoint.com/us/ 47 KB
16 KB 907ms
874ms Document
text/html 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.proofpoint.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Tue, 12 Jan 2021 14:58:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=86400, public
X-Drupal-Dynamic-Cache: UNCACHEABLE
Link: <https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks>; rel="shortlink", <https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks>; rel="canonical" <https://www.proofpoint.com/us/page-not-found>; rel="alternate"; hreflang="en-us" <https://www.proofpoint.com/uk/page-not-found>; rel="alternate"; hreflang="en-gb" <https://www.proofpoint.com/fr/page-not-found>; rel="alternate"; hreflang="fr" <https://www.proofpoint.com/de/page-not-found>; rel="alternate"; hreflang="de" <https://www.proofpoint.com/es/page-not-found>; rel="alternate"; hreflang="es" <https://www.proofpoint.com/jp/page-not-found>; rel="alternate"; hreflang="ja" <https://www.proofpoint.com/au/page-not-found>; rel="alternate"; hreflang="en-au" <https://www.proofpoint.com/it/page-not-found>; rel="alternate"; hreflang="it" <https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks>; rel="shortlink", <https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks>; rel="canonical" <https://www.proofpoint.com/us/page-not-found>; rel="alternate"; hreflang="en-us" <https://www.proofpoint.com/uk/page-not-found>; rel="alternate"; hreflang="en-gb" <https://www.proofpoint.com/fr/page-not-found>; rel="alternate"; hreflang="fr" <https://www.proofpoint.com/de/page-not-found>; rel="alternate"; hreflang="de" <https://www.proofpoint.com/es/page-not-found>; rel="alternate"; hreflang="es" <https://www.proofpoint.com/jp/page-not-found>; rel="alternate"; hreflang="ja" <https://www.proofpoint.com/au/page-not-found>; rel="alternate"; hreflang="en-au" <https://www.proofpoint.com/it/page-not-found>; rel="alternate"; hreflang="it"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: origin-when-cross-origin
Feature-Policy: geolocation 'self'
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=edge
Content-language: en
X-Content-Type-Options: nosniff
Expires: Wed, 13 Jan 2021 14:58:00 GMT
Last-Modified: Tue, 12 Jan 2021 14:58:00 GMT
ETag: "1610463480"
Vary: Cookie
X-Generator: Drupal 8 (https://www.drupal.org)
X-Permitted-Cross-Domain-Policies: none
X-Drupal-Cache: MISS
X-Request-ID: v-9006d25a-54e6-11eb-bffe-473461628219
X-AH-Environment: prod
Age: 0
Via: varnish
X-Cache: MISS
Set-Cookie: visid_incap_177663=OTpH6UKgQ+C9zsFt57TYave4/V8AAAAAQUIPAAAAAADZNVJn8tXudEjZ74mjWoHS; expires=Wed, 12 Jan 2022 13:28:44 GMT; HttpOnly; path=/; Domain=.proofpoint.com incap_ses_729_177663=tzdfO+9g4QBoHWYb2+0dCvi4/V8AAAAA/gjinvB2+QdEY+4dHjywmg==; path=/; Domain=.proofpoint.com ___utmvmtyuLalI=mbboOMxBdsJ; path=/; Max-Age=900 ___utmvatyuLalI=mSWUwha; path=/; Max-Age=900 ___utmvbtyuLalI=DZa XCgOualP: YtJ; path=/; Max-Age=900
X-CDN: Incapsula
Content-Encoding: gzip
X-Iinfo: 6-4332783-4332785 NNYY CT(0 0 0) RT(1610463479136 10) q(0 0 0 0) r(7 9) U11

GET
H/1.1 200
OK css_LB-c50DEPlEk6V1MjnKm7YTNx_RPyo6KsW3ytfstdcQ.css
www.proofpoint.com/sites/default/files/css/ 25 KB
5 KB 21ms
8ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_LB-c50DEPlEk6V1MjnKm7YTNx_RPyo6KsW3ytfstdcQ.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

2c1f9ce740c43e5124e95d4c8e72a6ed84cdc7f44fca8e8ab16df2b5fb2d75c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 23 Dec 2020 00:07:50 GMT
X-CDN: Incapsula
Etag: "1743d73f"
Content-Type: text/css
X-Iinfo: 13-14283520-0 0CNN RT(1610463480032 7) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=983369, public
Content-Length: 4399
Expires: Sun, 24 Jan 2021 00:07:29 GMT

GET
H/1.1 200
OK css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css
www.proofpoint.com/sites/default/files/css/ 982 KB
251 KB 22ms
9ms Stylesheet
text/css 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 Jan 2021 00:51:41 GMT
X-CDN: Incapsula
Etag: "c259e6de"
Content-Type: text/css
X-Iinfo: 14-18187926-0 0CNN RT(1610463480032 9) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=983370, public
Content-Length: 256220
Expires: Sun, 24 Jan 2021 00:07:30 GMT

GET
H/1.1 200
OK modernizr.min.js Show response
www.proofpoint.com/core/assets/vendor/modernizr/ 5 KB
3 KB 23ms
8ms Script
application/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/core/assets/vendor/modernizr/modernizr.min.js?v=3.3.1

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sat, 02 Jan 2021 09:53:18 GMT
X-CDN: Incapsula
Content-Type: application/javascript
X-Iinfo: 14-18187927-0 0CNN RT(1610463480032 11) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=983369, public
Content-Length: 2110
Expires: Sun, 24 Jan 2021 00:07:29 GMT

GET
H/1.1 200
OK logo-reg.svg
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 3 KB
1 KB 8ms
8ms Image
image/svg+xml 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/logo-reg.svg

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 08:20:25 GMT
X-CDN: Incapsula
Etag: "13fdd2ef"
Content-Type: image/svg+xml
X-Iinfo: 14-18187927-0 0CNN RT(1610463480032 20) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=985025, public
Content-Length: 1124
Expires: Sun, 24 Jan 2021 00:35:05 GMT

GET
H/1.1 200
OK iMac.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 435 KB
435 KB 8ms
7ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/iMac.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 08:38:11 GMT
X-CDN: Incapsula
Etag: "b96e628c"
Content-Type: image/png
X-Iinfo: 14-18187927-0 0CNN RT(1610463480032 29) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=983475, public
Content-Length: 445126
Expires: Sun, 24 Jan 2021 00:09:15 GMT

GET
H2 200 css
fonts.googleapis.com/ 11 KB
903 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Oswald:200,300,400,500,600,700|Open+Sans+Condensed:300

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 14:58:00 GMT
server: ESF
date: Tue, 12 Jan 2021 14:58:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Jan 2021 14:58:00 GMT

GET
DATA 200
OK truncated
/ 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 204 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 720 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 444 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 606 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 685 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 460 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK blue-bg2.png
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/ 165 KB
166 KB 10ms
10ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/blue-bg2.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 18 Dec 2020 00:35:26 GMT
X-CDN: Incapsula
Etag: "b7f7adf5"
Content-Type: image/png
X-Iinfo: 14-18187927-0 0CNN RT(1610463480032 94) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=983486, public
Content-Length: 169435
Expires: Sun, 24 Jan 2021 00:09:26 GMT

GET
H/1.1 200
OK RobotoCondensed-Regular-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 11ms
11ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Regular-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 08:38:11 GMT
X-CDN: Incapsula
Etag: "39ed386e"
X-Iinfo: 14-18187926-0 0CNN RT(1610463480032 96) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=983370, public
Content-Length: 21036
Expires: Sun, 24 Jan 2021 00:07:30 GMT

GET
H/1.1 200
OK fjalla-one-v7-latin-regular.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 16 KB
16 KB 9ms
9ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/fjalla-one-v7-latin-regular.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 08:20:25 GMT
X-CDN: Incapsula
Etag: "80852160"
X-Iinfo: 13-14283520-0 0CNN RT(1610463480032 95) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1018772, public
Content-Length: 16540
Expires: Sun, 24 Jan 2021 09:57:32 GMT

GET
H2 200 conversion.js
www.googleadservices.com/pagead/ 30 KB
12 KB 34ms
32ms Script
text/javascript 216.58.205.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s24-in-f226.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11879
x-xss-protection: 0
server: cafe
etag: 17740049192423889369
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 12 Jan 2021 14:58:01 GMT

GET
H/1.1 200
OK js_L0oOt6pgWJqOBsGbYH--f1QJ4gmyJQQULiqdt3XjFUc.js
www.proofpoint.com/sites/default/files/js/ 145 KB
49 KB 10ms
8ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_L0oOt6pgWJqOBsGbYH--f1QJ4gmyJQQULiqdt3XjFUc.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 30 Dec 2020 02:08:12 GMT
X-CDN: Incapsula
Etag: "233a42a9"
Content-Type: text/javascript
X-Iinfo: 6-4332783-0 0CNN RT(1610463479136 1048) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=984287, public
Content-Length: 49528
Expires: Sun, 24 Jan 2021 00:22:47 GMT

GET
H2 200 geoip2.js
geoip-js.com/js/apis/geoip2/v2.1/ 3 KB
2 KB 36ms
16ms Script
application/javascript 2606:4700::6812:aef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:aef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 11 Jan 2021 19:33:25 GMT
server: cloudflare
age: 1515
etag: W/"5ffca805-cd9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=43200
cf-ray: 6107bbb45e001f29-FRA
cf-request-id: 0798b3a4ba00001f29d3116000000001
expires: Wed, 13 Jan 2021 02:58:01 GMT

GET
H/1.1 200
OK js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js
www.proofpoint.com/sites/default/files/js/ 9 KB
3 KB 21ms
20ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_Mypic69v3AM_k2tnVLPIrzNXY0af6UrC_DJGJz1MY-A.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 23 Dec 2020 23:06:13 GMT
X-CDN: Incapsula
Etag: "6e3ea0aa"
Content-Type: text/javascript
X-Iinfo: 13-14283520-0 0CNN RT(1610463480032 165) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=983370, public
Content-Length: 2188
Expires: Sun, 24 Jan 2021 00:07:30 GMT

GET
H/1.1 200
OK munchkin.js
munchkin.marketo.net/ 1 KB
1 KB 72ms
23ms Script
application/x-javascript 104.111.236.192
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.236.192 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-236-192.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:01 GMT
Content-Encoding: gzip
Last-Modified: Wed, 05 Aug 2020 03:11:00 GMT
Server: AkamaiNetStorage
ETag: "a67ed8ce0a86706b9f73a86806ce5bd3:1596597060.25158"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H/1.1 200
OK js_O79Yy_sS4_QB_NVTnbjG4B1HXOTH0eImqo0sOikdpy0.js
www.proofpoint.com/sites/default/files/js/ 2 MB
591 KB 13ms
12ms Script
text/javascript 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/sites/default/files/js/js_O79Yy_sS4_QB_NVTnbjG4B1HXOTH0eImqo0sOikdpy0.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 Jan 2021 00:51:42 GMT
X-CDN: Incapsula
Etag: "26fb4426"
Content-Type: text/javascript
X-Iinfo: 14-18187927-0 0CNN RT(1610463480032 156) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=983370, public
Content-Length: 604660
Expires: Sun, 24 Jan 2021 00:07:30 GMT

GET
DATA 200
OK truncated
/ 45 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK proofpoint.woff2
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 18 KB
18 KB 9ms
7ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/proofpoint.woff2

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 08:38:11 GMT
X-CDN: Incapsula
Etag: "01c16c31"
X-Iinfo: 14-18187926-0 0CNN RT(1610463480032 166) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=1018772, public
Content-Length: 18296
Expires: Sun, 24 Jan 2021 09:57:32 GMT

GET
H/1.1 200
OK RobotoCondensed-Bold-webfont.woff
www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/ 21 KB
21 KB 11ms
8ms Font
text/plain 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.proofpoint.com/themes/custom/proofpoint/dist/app-drupal/assets/fonts/RobotoCondensed-Bold-webfont.woff

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.proofpoint.com
Referer: https://www.proofpoint.com/sites/default/files/css/css_Nh7txKnaUnJQjpK5pbg9ylKzVw-q-LmAlHenbk5_ga4.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 08:20:25 GMT
X-CDN: Incapsula
Etag: "8df65834"
X-Iinfo: 6-4332783-0 0CNN RT(1610463479136 1063) q(0 -1 -1 -1) r(1 -1)
Cache-Control: max-age=983379, public
Content-Length: 21384
Expires: Sun, 24 Jan 2021 00:07:39 GMT

GET
H/1.1 200
OK munchkin.js
munchkin.marketo.net/159/ 11 KB
5 KB 27ms
27ms Script
application/x-javascript 104.111.236.192
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/159/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.236.192 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-236-192.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:01 GMT
Content-Encoding: gzip
Last-Modified: Fri, 08 May 2020 02:24:14 GMT
Server: AkamaiNetStorage
ETag: "79274ffc293e4f76fc372b953f780d16:1588904654.430334"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4810
Expires: Thu, 22 Apr 2021 14:58:01 GMT

GET
H2 200 gtm.js
www.googletagmanager.com/ 270 KB
64 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65400
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 12 Jan 2021 14:58:01 GMT

GET
H2 200 MP9Jyqtx.min.js
scripts.demandbase.com/ 81 KB
19 KB 164ms
44ms Script
application/javascript 13.224.94.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-123.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Hj9OW_l.CW1YmrkWRMwtATSaAaX3Zh0U
content-encoding: gzip
last-modified: Tue, 08 Dec 2020 23:28:48 GMT
server: AmazonS3
age: 2707
etag: W/"91032bd331a1eff120683d61faf4ee18"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 8c175d0adc08dac3750e9201b76886e8.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
date: Tue, 12 Jan 2021 14:15:04 GMT
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: pNUDFzjBR2B_VKi8CcL4hz7D71oTAQVwceO2wvV-DvcyRk-mrjvuIQ==

GET
H2 200 /
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1610463481103&cv=9&fst=1610463481103&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1025
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 me
geoip-js.com/geoip/v2.1/country/ 771 B
1 KB 116ms
91ms XHR
application/vnd.maxmind.com-country+json 2606:4700::6812:aef
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip-js.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.proofpoint.com
Requested by: Host: geoip-js.com
URL: https://geoip-js.com/js/apis/geoip2/v2.1/geoip2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:aef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 6107bbb5aa48c2c7-FRA
content-length: 771
cf-request-id: 0798b3a58a0000c2c77eb4b000000001

GET
DATA 200
OK truncated
/ 207 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
108 B 21ms
20ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1610463481103&cv=9&fst=1610460000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=2554626178&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
108 B 22ms
21ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1610463481103&cv=9&fst=1610460000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&fmt=3&is_vtc=1&random=2554626178&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK visitWebPage
309-rhv-619.mktoresp.com/webevents/ 2 B
311 B 475ms
98ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://309-rhv-619.mktoresp.com/webevents/visitWebPage?_mchNc=1610463481227&_mchCn=&_mchId=309-RHV-619&_mchTk=_mch-proofpoint.com-1610463481227-95842&_mchHo=www.proofpoint.com&_mchPo=&_mchRu=%2Fus%2Fexploring-bergard-old-malware-new-tricks&_mchPc=https%3A&_mchVr=159&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/159/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:01 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: aad8b782-13c1-4d33-9d6f-42166f42a959

GET
H2 200 analytics.js
www.google-analytics.com/ 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 5909
date: Tue, 12 Jan 2021 13:19:32 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 12 Jan 2021 15:19:32 GMT

GET
H3-Q050 200 conversion_async.js
www.googleadservices.com/pagead/ 30 KB
12 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 12175
x-xss-protection: 0
server: cafe
etag: 17536051821503146167
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 12 Jan 2021 14:58:01 GMT

GET
H2 200 bat.js
bat.bing.com/ 27 KB
9 KB 117ms
98ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:00 GMT
content-encoding: gzip
last-modified: Tue, 20 Oct 2020 22:19:32 GMT
x-msedge-ref: Ref A: 39E2E682DE8F4794B78319B68BDFD146 Ref B: FRAEDGE1512 Ref C: 2021-01-12T14:58:01Z
etag: "0b27f152fa7d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 8454

GET
H2 200 uwt.js
static.ads-twitter.com/ 5 KB
2 KB 23ms
23ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
via: 1.1 varnish
last-modified: Fri, 04 Dec 2020 00:21:46 GMT
age: 49858
etag: "cbc512946c8abb461c6215ed5b454e5f+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding: gzip
cache-control: no-cache
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 1957
x-timer: S1610463481.258829,VS0,VE0
x-served-by: cache-fra19151-FRA

GET
H2 200 hotjar-1456002.js
static.hotjar.com/c/ 3 KB
2 KB 102ms
40ms Script
application/javascript 13.225.80.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.80.24 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-80-24.fra2.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA2-C2
etag: W/c986bb89181aa3d66f76258aefc2ad2c
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
access-control-allow-origin: *
x-cache-hit: 1
content-length: 1553
via: 1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
x-amz-cf-id: COsqFa_iAErb_N9770qCTRf9NaWHgGA3WNwgv3Q715sxYSUIHQhzEg==

GET
H/1.1 200
OK insight.min.js
snap.licdn.com/li.lms-analytics/ 4 KB
2 KB 15ms
11ms Script
application/x-javascript 2a02:26f0:6c00:295::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:295::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:01 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 22:14:03 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=44414
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1855

GET
H2

200

s
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?r=1&add=5aba5f53ab79f7f51390a95a&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j

0
336 B

35ms
35ms

Script
application/javascript

52.17.151.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.151.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 0
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5aba5f53ab79f7f51390a95a&ty=j
date: Tue, 12 Jan 2021 14:58:01 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 87
content-type: text/html; charset=utf-8

GET
H2 200 j.php
dev.visualwebsiteoptimizer.com/ 3 KB
1 KB 61ms
23ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=359897&u=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&r=0.9903289702679066
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gams1 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 12 Jan 2021 14:58:00 GMT
via: 1.1 google
server: gams1
content-encoding: gzip
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type: application/javascript; charset=UTF-8

GET
H2 200 1594.js
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 172ms
146ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1594.js?p=https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 42e555ab-6bda-48f1-be6e-a1172256626a
x-runtime: 0.007524
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0798b3a5ca0000248837b8c000000001
cf-ray: 6107bbb60a1f2488-FRA

GET
H2 200 1644.js
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 493ms
468ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1644.js?p=https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 495d60b6-c883-477b-9a44-c6b7d1bf064e
x-runtime: 0.011837
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0798b3a5ca000024883f178000000001
cf-ray: 6107bbb60a212488-FRA

GET
H2 200 1645.js
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
433 B 195ms
170ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1645.js?p=https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 40d852f1-8082-47e4-86d1-9bb02724107f
x-runtime: 0.033608
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0798b3a5cb00002488391be000000001
cf-ray: 6107bbb60a272488-FRA

GET
H2 200 1646.js
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
433 B 188ms
166ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1646.js?p=https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 52355186-9b5a-408e-88fe-d6d1cb55b8a6
x-runtime: 0.025308
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0798b3a5ca0000248848a5e000000001
cf-ray: 6107bbb60a232488-FRA

GET
H2 200 1647.js
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
435 B 183ms
173ms Script
text/javascript 2606:4700::6812:1abe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1647.js?p=https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks&e=

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1abe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
via: 1.1 vegur
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-permitted-cross-domain-policies: none
content-encoding: br
x-xss-protection: 1; mode=block
x-request-id: 767c12d1-e9c6-45b8-a858-634ada90bc2a
x-runtime: 0.026129
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
x-download-options: noopen
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
cf-request-id: 0798b3a5ca000024885392b000000001
cf-ray: 6107bbb60a252488-FRA

GET
H2 200 main.rtfl.js
visitor.reactful.com/dist/ 270 KB
104 KB 36ms
13ms Script
application/javascript 2a00:1450:4001:820::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/dist/main.rtfl.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 11 Jan 2021 19:59:34 GMT
content-encoding: gzip
server: Google Frontend
age: 68307
etag: "vPz6QA"
content-type: application/javascript; charset=UTF-8
x-cloud-trace-context: e16eb371cb265b629bd9b8c1f0bfb46c
cache-control: public,public, max-age=432000
content-length: 106683
expires: Sat, 16 Jan 2021 19:59:34 GMT

GET
H2 200 ip.json
api.company-target.com/api/v2/ 438 B
944 B 123ms
74ms XHR
application/json 65.9.7.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?key=8d20076343394d24eb8250e933d1560c
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.7.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
request-id: 059e7c6e-e9c3-49fa-9f15-4bc7fc79ba54
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.proofpoint.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 7778e859490081303ab32e0feeba8515.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5GBrln_LN7BO0x6ydvEqxWQGdOt6SHRBgpfJDKnRjIzwICGeez7XDw==
expires: Mon, 11 Jan 2021 14:58:01 GMT

GET
H2

200

s
ads.avct.cloud/
Redirect Chain

https://ads.avocet.io/s?add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?r=1&add=5d1dcad3b00320110090d553&ty=j
https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j

0
336 B

34ms
34ms

Script
application/javascript

52.17.151.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.avct.cloud/s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.17.151.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-151-21.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 0
content-type: application/javascript

Redirect headers

location: /s?bounce=true&r=1&add=5d1dcad3b00320110090d553&ty=j
date: Tue, 12 Jan 2021 14:58:01 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 87
content-type: text/html; charset=utf-8

GET
H3-Q050

200

activityi;dc_pre=CNC66P3Tlu4CFQPIuwgdt7MDbA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495
4788165.fls.doubleclick.net/ Frame E556
Redirect Chain

https://4788165.fls.doubleclick.net/activityi;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495?
https://4788165.fls.doubleclick.net/activityi;dc_pre=CNC66P3Tlu4CFQPIuwgdt7MDbA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495?

0
0

136ms
136ms

Document
text/html

172.217.21.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4788165.fls.doubleclick.net/activityi;dc_pre=CNC66P3Tlu4CFQPIuwgdt7MDbA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.21.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 4788165.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CNC66P3Tlu4CFQPIuwgdt7MDbA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jan 2021 14:58:01 GMT
expires: Tue, 12 Jan 2021 14:58:01 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 422
x-xss-protection: 0
set-cookie: IDE=AHWqTUlfdBVrr9W5i8V47cEeYGOT9EBBRX95_lJO5v2nzUN2JvsJksLV5lhfXZEG; expires=Sun, 06-Feb-2022 14:58:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jan 2021 14:58:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://4788165.fls.doubleclick.net/activityi;dc_pre=CNC66P3Tlu4CFQPIuwgdt7MDbA;src=4788165;type=sitew0;cat=proof0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=3798380952843.7495?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 5dfsgn7m2kst.js
js.driftt.com/include/1610463600000/ 285 KB
81 KB 254ms
167ms Script
application/javascript 13.224.94.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1610463600000/5dfsgn7m2kst.js

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.94.64 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-94-64.zrh50.r.cloudfront.net

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: rVWcq1r1Y_vk_vLgAsIeUTbYnFfFDvGd
content-encoding: gzip
etag: W/"83e90d2c26e2f21dcf2d1fc962531179"
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: RefreshHit from cloudfront
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
last-modified: Mon, 11 Jan 2021 22:35:20 GMT
server: nginx
date: Tue, 12 Jan 2021 14:58:01 GMT
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
via: 1.1 e8a7e21f51478f02a6e51b69e3450928.cloudfront.net (CloudFront)
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: 5hBy3DekuHQ59699fymqURUl8o_k3lCJBWS0o3y7o3MCLgkeVM2u2g==

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dproofpoint.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dproofpoint.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=proofpoint.com&pId=4299838325352436843

4 B
485 B

218ms
167ms

Image
image/jpeg

65.9.7.80
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=proofpoint.com&pId=4299838325352436843
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.7.80 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:01 GMT
Via: 1.1 910fc18161f0602555cc5b6397ca26f3.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-C1
x-amzn-RequestId: 47312876-3240-4a0c-a000-26ebbdba3a83
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-5ffdb8f9-685b080c76e772e85fbd0e66;Sampled=0
Connection: keep-alive
x-amz-apigw-id: ZCnXDH3hoAMFTvw=
Content-Length: 4
X-Amz-Cf-Id: OssEaoLsvOGc3nud9LKRy9NXUghk07pPafUxHPyQa_JPJTSPUMlq-A==

Redirect headers

Pragma: no-cache
Date: Tue, 12 Jan 2021 14:58:01 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.132:80
AN-X-Request-Uuid: 8ddecfc8-755f-4eb0-931d-e6121193f92f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=proofpoint.com&pId=4299838325352436843
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET img
gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/ 0
0

GET
H/1.1 200
OK roundtrip.js
s.adroll.com/j/ 40 KB
13 KB 78ms
26ms Script
text/javascript 2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: eHeCFa11ZmebQv0hmrjMAs.eB.BPo.q4
Content-Encoding: gzip
ETag: "0aed5b94bc26ce0fe9e58d25dd314418"
x-amz-request-id: A153E367E4F64E44
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 12695
x-amz-id-2: 1CcC1EKrieRTlAyvmM8I9czxbYiNWqUAlIg4XQoBWjKMxkmKs0MXuebcXJ5+1jv9UbHz74EL7Lo=
Last-Modified: Thu, 10 Dec 2020 18:09:34 GMT
Server: AmazonS3
Date: Tue, 12 Jan 2021 14:58:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H3-Q050

200

activityi;dc_pre=CJ6g6f3Tlu4CFS1d5QodWqkDwA;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-ber...
10487471.fls.doubleclick.net/ Frame FDE2
Redirect Chain

https://10487471.fls.doubleclick.net/activityi;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-...
https://10487471.fls.doubleclick.net/activityi;dc_pre=CJ6g6f3Tlu4CFS1d5QodWqkDwA;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fww...

0
0

38ms
37ms

Document
text/html

172.217.21.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10487471.fls.doubleclick.net/activityi;dc_pre=CJ6g6f3Tlu4CFS1d5QodWqkDwA;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MGR7P8X

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

172.217.21.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s13-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 10487471.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CJ6g6f3Tlu4CFS1d5QodWqkDwA;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: about:blank

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jan 2021 14:58:01 GMT
expires: Tue, 12 Jan 2021 14:58:01 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 781
x-xss-protection: 0
set-cookie: IDE=AHWqTUnVBewPcE3aNFePrPOLiyuRxtaLNQaUZjxWjcKGIJ2W9nWHzicYWQTRkHe_; expires=Sun, 06-Feb-2022 14:58:01 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 12 Jan 2021 14:58:01 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://10487471.fls.doubleclick.net/activityi;dc_pre=CJ6g6f3Tlu4CFS1d5QodWqkDwA;src=10487471;type=retar0;cat=retar0;ord=2471186253307;gtm=2wgbu0;auiddc=1565907183.1610463481;~oref=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 collect
www.google-analytics.com/j/ 2 B
89 B 28ms
14ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1713412478&t=pageview&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEADQAAAAC~&jid=62088894&gjid=893172129&cid=1666444117.1610463481&tid=UA-2257074-1&_gid=975967773.1610463481&_r=1&gtm=2wgbu0MGR7P8X&z=2012922345

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 js
www.google-analytics.com/gtm/ 105 KB
37 KB 64ms
57ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-KKGL4NZ&t=gtm4&cid=1666444117.1610463481

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37984
x-xss-protection: 0
expires: Tue, 12 Jan 2021 14:58:01 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
384 B 48ms
41ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1713412478&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Homepage&ea=Hero%20Banner%20CTA%20Click&_u=YEDAAEADQAAAAC~&jid=&gjid=&cid=1666444117.1610463481&tid=UA-2257074-1&_gid=975967773.1610463481&gtm=2wgbu0MGR7P8X&z=501132897

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 07:51:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 25588
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/ 2 KB
1 KB 119ms
119ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/950296937/?random=1610463481310&cv=9&fst=1610463481310&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1038
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1610463481313&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D169250%26time%3D1610463481313%26url%3Dhttps%253A%252F%252Fwww.proofpoint.com%252F...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1610463481313&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&liSync=true

0
0

GET
H2 200 adsct
t.co/i/ 43 B
170 B 142ms
141ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nyk4d&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 120
pragma: no-cache
last-modified: Tue, 12 Jan 2021 14:58:01 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: cc50e3ac071ecf5671aa08cc3b65dc7c
x-transaction: 0087707d00acbfda
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 ip.json
api.company-target.com/api/v2/ 438 B
942 B 110ms
63ms XHR
application/json 65.9.7.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.company-target.com/api/v2/ip.json?referrer=&page=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&page_title=Page%20Not%20Found%20%7C%20Proofpoint%20US&src=tag&key=2e81efc731d57cb3e458d08fae112991
Requested by: Host: scripts.demandbase.com
URL: https://scripts.demandbase.com/MP9Jyqtx.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.7.67 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
identification-source: CENTRAL
vary: Accept-Encoding, Origin
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
request-id: 3e436806-68ec-4aee-a9fb-8bf6293b717d
content-encoding: gzip
pragma: no-cache
access-control-allow-origin: https://www.proofpoint.com
server: nginx
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json;charset=utf-8
via: 1.1 f358cf5f46d10c349187abd5e20e06cf.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
api-version: v2
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: FdBh_hHE6a6_yrcgIuKP9luFhzYKDqTosCvbs6WpMeB79Tu2Kds7EQ==
expires: Mon, 11 Jan 2021 14:58:01 GMT

GET

validateCookie
segments.company-target.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/demandbase
https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
https://segments.company-target.com/log?vendor=choca&user_id=AALTF06_-3IAABAaGIgYOA
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AALTF06_-3IAABAaGIgYOA&verifyHash=82d5200a09db832c19ef22344d22fbdb88e65924

0
0

GET
H2 451 464526.gif
id.rlcdn.com/ 0
42 B 27ms
26ms Image
text/plain 34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/464526.gif
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.207.148 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 148.207.120.34.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

GET
H/1.1 200
OK DE.png
www.proofpoint.com/modules/custom/pp_i18n/images/ 3 KB
4 KB 8ms
8ms Image
image/png 2a02:e980:107::cf
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.proofpoint.com/modules/custom/pp_i18n/images/DE.png

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2a02:e980:107::cf , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 12 Jan 2021 14:58:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Oct 2020 08:20:25 GMT
X-CDN: Incapsula
Etag: "cc0c264c"
Content-Type: image/png
X-Iinfo: 14-18187927-0 0CNN RT(1610463480032 480) q(0 -1 -1 -1) r(0 -1)
Cache-Control: max-age=991312, public
Content-Length: 3329
Expires: Sun, 24 Jan 2021 02:19:52 GMT

GET
DATA 200
OK truncated
/ 129 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 234 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

POST
H2 200 collect
stats.g.doubleclick.net/j/ 4 B
90 B 16ms
15ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-2257074-1&cid=1666444117.1610463481&jid=62088894&gjid=893172129&_gid=975967773.1610463481&_u=YEBAAEACQAAAAC~&z=648355872

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 12 Jan 2021 14:58:01 GMT
content-type: text/plain
access-control-allow-origin: https://www.proofpoint.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
301 B 144ms
126ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=359897&d=proofpoint.com&u=D7DB9D41ABCA69D51583AC478BAF485E1&h=83e9b1897695c84dab5cb569014be85a&t=false&r=0.07842772697768363

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv3c /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv3c
content-type: image/gif
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

OPTIONS
H2 200 /
visitor.reactful.com/config/879986/ Frame 0
0 266ms
245ms Other
text/javascript 2a00:1450:4001:820::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fexploring-bergard-old-malware-new-tricks&hash=&referer=&user_id=&hshkgid=a01bf40c-3824-407d-bcaf-17be2a9c0875&cb_rtfl=_rtfl_jsonp_0
Protocol: H2
Server: 2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: url-params-data
Origin: https://www.proofpoint.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.proofpoint.com
access-control-allow-methods: GET
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Six-Sense-Data, Custom-Vars-Data, Url-Params-Data
content-type: text/javascript
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
x-cloud-trace-context: 2e4bf7ed2bbea43a2ae6801bd786e35c
date: Tue, 12 Jan 2021 14:58:01 GMT
server: Google Frontend
content-length: 0
expires: Tue, 12 Jan 2021 14:58:01 GMT

GET
H2 200 /
visitor.reactful.com/config/879986/ 0
127 B 145ms
145ms XHR
text/javascript 2a00:1450:4001:820::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://visitor.reactful.com/config/879986/?page=%2Fus%2Fexploring-bergard-old-malware-new-tricks&hash=&referer=&user_id=&hshkgid=a01bf40c-3824-407d-bcaf-17be2a9c0875&cb_rtfl=_rtfl_jsonp_0
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:820::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Url-Params-Data: e30=
Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
server: Google Frontend
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.proofpoint.com
x-cloud-trace-context: faaedeeff04ccfee96198e1d38e11ac0
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: Six-Sense-Data,Custom-Vars-Data,Url-Params-Data
content-length: 0

GET
H3-Q050 200 ga-audiences
www.google.com/ads/ 42 B
88 B 17ms
17ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-2257074-1&cid=1666444117.1610463481&jid=62088894&_u=YEBAAEACQAAAAC~&z=1346803079

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ga-audiences
www.google.de/ads/ 42 B
88 B 20ms
20ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-2257074-1&cid=1666444117.1610463481&jid=62088894&_u=YEBAAEACQAAAAC~&z=1346803079

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.f24e95ebbea0a3617008.js
script.hotjar.com/ 223 KB
59 KB 221ms
68ms Script
application/javascript 13.224.94.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.f24e95ebbea0a3617008.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.94.37 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-94-37.zrh50.r.cloudfront.net

Software

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 11:14:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13438
x-cache: Hit from cloudfront
content-length: 59760
access-control-allow-origin: *
last-modified: Tue, 12 Jan 2021 11:11:33 GMT
etag: "798a10bb9805d6745a4a7919628b37e3"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 e8a7e21f51478f02a6e51b69e3450928.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: _T2unckZx5-duuLaRJU_7qA_w-4hOBOp_2VeFAUiIjltd6x29S6jYA==

GET
H2 204 0
bat.bing.com/action/ 0
171 B 114ms
114ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=17087961&Ver=2&mid=9cd6fbb4-cfb2-43f6-b6f2-72829387ad77&sid=90d030f054e611eba078b34e6acbc7b4&vid=90d01b9054e611eb966f898fc659db32&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Page%20Not%20Found%20%7C%20Proofpoint%20US&p=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&r=&lt=1291&evt=pageLoad&msclkid=N&sv=1&rn=831040
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: D8985220B5EB462999B4FCF0D0AC8936 Ref B: FRAEDGE1512 Ref C: 2021-01-12T14:58:01Z
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 5392 0
0 122ms
41ms Document
text/html 13.224.94.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1456002.js?sv=7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.94.36 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-94-36.zrh50.r.cloudfront.net
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.proofpoint.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.proofpoint.com/

Response headers

content-type: text/html
content-length: 851
date: Mon, 23 Nov 2020 17:01:03 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified: Mon, 23 Nov 2020 15:41:01 GMT
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: AJdsHtC6nAYRPT4EacbtSjAh5dkZekZsLGZddMrtV5gIF7dwCKL6iQ==
age: 4312617

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
58 B 6ms
6ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1713412478&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&ul=en-us&de=UTF-8&dt=Page%20Not%20Found%20%7C%20Proofpoint%20US&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Demandbase&ea=API%20Resolution&el=IP%20API&_u=aHDAAEADQAAAAC~&jid=&gjid=&cid=1666444117.1610463481&tid=UA-2257074-1&_gid=975967773.1610463481&gtm=2wgbu0MGR7P8X&cd1=(Non-Company%20Visitor)&cd2=(Non-Company%20Visitor)&cd3=(Non-Company%20Visitor)&cd4=(Non-Company%20Visitor)&cd5=(Non-Company%20Visitor)&cd6=(Non-Company%20Visitor)&cd7=Bot&cd8=(Non-Company%20Visitor)&cd9=(Non-Company%20Visitor)&cd10=Amsterdam&cd11=NH&cd12=Netherlands&cd13=(Non-Company%20Visitor)&cd14=(Non-Company%20Visitor)&cd15=(Non-Company%20Visitor)&cd16=(Non-Company%20Visitor)&cd17=(Non-Company%20Visitor)&cd18=(Non-Company%20Visitor)&z=2007740486

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 07:51:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 25588
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.com/pagead/1p-user-list/950296937/ 42 B
66 B 20ms
19ms Image
image/gif 2a00:1450:4001:800::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/950296937/?random=1610463481310&cv=9&fst=1610460000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&async=1&fmt=3&is_vtc=1&random=1423024189&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 /
www.google.de/pagead/1p-user-list/950296937/ 42 B
66 B 21ms
20ms Image
image/gif 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/950296937/?random=1610463481310&cv=9&fst=1610460000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgbu0&sendb=1&frm=0&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&tiba=Page%20Not%20Found%20%7C%20Proofpoint%20US&async=1&fmt=3&is_vtc=1&random=1423024189&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

index.js
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/7YJ7XZCLMRHSVCXIHB5HIT/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

28ms
28ms

Script
application/javascript

2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 0V4udJ.TlQ_uvvjO68A9TSKMKw1LO4U1
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 34E10A9F604BCD9D
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: adma5rAlkQffVGUlaus27ka8flNmWlBfAVAfGouRhvCU9hJvYojv7Q/RDSbR4Nece5Bw2PZqsls=
Last-Modified: Fri, 08 Jan 2021 19:33:36 GMT
Server: AmazonS3
Date: Tue, 12 Jan 2021 14:58:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Tue, 12 Jan 2021 14:58:01 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js
s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/ 0
773 B 71ms
26ms Script
text/javascript 2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 77Vy4bYTsYYuKWiUsFJa8gwS83jpx_bi
Content-Encoding: gzip
ETag: "d41d8cd98f00b204e9800998ecf8427e"
x-amz-request-id: F8A5FAC2288942C7
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 20
x-amz-id-2: RgZO2l95mwFd38Tu6RCdxjSyQVAvEwHjEKo+6swY6tnypC6ryoOhTw1df5uJu2znR3q0M6kOEsA=
Last-Modified: Tue, 12 Jan 2021 10:54:58 GMT
Server: AmazonS3
Date: Tue, 12 Jan 2021 14:58:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/
d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/7YJ7XZCLMRHSVCXIHB5HIT?_s=4f80d4d91247458211a4fe5765f43d2e&_b=2
https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=4f80d4d91247458211a4fe5765f43d2e&_b=2

394 B
860 B

37ms
36ms

Script
application/javascript

34.248.22.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=4f80d4d91247458211a4fe5765f43d2e&_b=2
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.22.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-22-101.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-type: application/javascript
content-length: 394
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

location: https://d.adroll.com/consent/check/7YJ7XZCLMRHSVCXIHB5HIT/?_s=4f80d4d91247458211a4fe5765f43d2e&_b=2
date: Tue, 12 Jan 2021 14:58:01 GMT
server: nginx/1.18.0
content-length: 105

GET
H2 206 notification.d46d7db1.mp3
js.driftqa.com/conductor/assets/media/ 20 KB
21 KB 322ms
117ms Media
audio/mpeg 54.197.143.221
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftqa.com/conductor/assets/media/notification.d46d7db1.mp3

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.197.143.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-197-143-221.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.proofpoint.com/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Range: bytes=0-

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 12 Jan 2021 14:58:01 GMT
last-modified: Mon, 11 Jan 2021 22:15:42 GMT
server: nginx
access-control-allow-origin: *
etag: "d46d7db110874da77e094dcbc4bec8e6"
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, OPTIONS
content-type: audio/mpeg
Content-Range: bytes 0-20896/20897
cache-control: max-age=31536000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
Content-Length: 20897

GET
H/1.1

200
OK

T47Y2VPPABDUBJXFROMZZM.js
s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/
Redirect Chain

https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-o...
https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js

4 KB
2 KB

25ms
24ms

Script
text/javascript

2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: jLathBvvWU99jubGg02eZL7.3aSwuXHA
Content-Encoding: gzip
ETag: "3ad15e3e664de53f1e10634968eb55b2"
x-amz-request-id: DD865006F09DA12B
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1592
x-amz-id-2: 1SkDqB4R7B7Wr/8PcV7SONoTZEwCrTChFiKMdETp+TWXq4WeSGVmM17uOJYDWmfvHKaktCAUyyA=
Last-Modified: Wed, 09 Dec 2020 00:07:47 GMT
Server: AmazonS3
Date: Tue, 12 Jan 2021 14:58:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.18.0
x-rule: *
date: Tue, 12 Jan 2021 14:58:01 GMT
x-segment-eid: T47Y2VPPABDUBJXFROMZZM
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location: https://s.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK/T47Y2VPPABDUBJXFROMZZM.js
cache-control: no-store, no-cache, must-revalidate
x-segment-display-name: Visitors to Unsegmented Pages
x-pixel-eid: YV5KYXXEJZATZCT37YRTMK
x-segment-name: *
x-advertisable-eid: 7YJ7XZCLMRHSVCXIHB5HIT
content-length: 0
x-conversion-currency

GET
BLOB 200
OK fd1a43ef-90b0-4c77-a0f6-401d1bd244b4
https://www.proofpoint.com/ 0
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.proofpoint.com/fd1a43ef-90b0-4c77-a0f6-401d1bd244b4
Requested by: Host: visitor.reactful.com
URL: https://visitor.reactful.com/dist/main.rtfl.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
H2 200 fbevents.js
connect.facebook.net/en_US/ 90 KB
23 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: d.adroll.com
URL: https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&pv=79275656854.84477&cookie=&adroll_s_ref=&keyw=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23366
x-fb-rlafr: 0
pragma: public
x-fb-debug: SnIJAxqArHtP5IBaZnwcpTPTsCxJUADMVdnFmLJFpmYUMJEdtI7z/qGa0HS1O5Kys18wawccm5Cf3jeUoisLlg==
x-fb-trip-id: 1527350943
x-frame-options: DENY
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 12 Jan 2021 14:58:01 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK sendrolling.js
s.adroll.com/j/ 9 KB
3 KB 24ms
24ms Script
text/javascript 2.18.233.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/7YJ7XZCLMRHSVCXIHB5HIT/YV5KYXXEJZATZCT37YRTMK?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&pv=79275656854.84477&cookie=&adroll_s_ref=&keyw=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: NM.EHVfGEDu2TYFqb1osrv1zRII373EC
Content-Encoding: gzip
ETag: "15441b08d0c4f93b1dd5f533cd361cd8"
x-amz-request-id: 75B93B99450D9821
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2039
x-amz-id-2: LLXPK6WOd/JkL78v3IWpxVYE6WLY0eyso2S9SGWA5fuDVP/IFReKscAk0ef5FiAsTnpUaCbbaQA=
Last-Modified: Mon, 03 Feb 2020 20:32:06 GMT
Server: AmazonS3
Date: Tue, 12 Jan 2021 14:58:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

204

sync
pixel.advertising.com/ups/55980/
Redirect Chain

https://d.adroll.com/cm/aol/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisab...
https://pixel.advertising.com/ups/55980/sync?uid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
124 B

25ms
25ms

Image
text/plain

52.59.102.119
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/55980/sync?uid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.59.102.119 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-59-102-119.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:01 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://pixel.advertising.com/ups/55980/sync?uid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&_origin=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 167
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertis...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expiration=1641999481
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expiration=1641999481&C=1

43 B
1 KB

34ms
33ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expiration=1641999481&C=1
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Jan 2021 14:58:01 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 12 Jan 2021 14:58:01 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 12 Jan 2021 14:58:01 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expiration=1641999481&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 333
Expires: Tue, 12 Jan 2021 14:58:01 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expires=365

0
239 B

118ms
34ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expires=365
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&expires=365
pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&adver...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

0
0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&adver...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENA...

1 B
886 B

69ms
18ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Tue, 12 Jan 2021 14:58:02 GMT
X-lat: Pug22041:0:687
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMwNiZ0bD01MjU2MDA&piggybackCookie=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&gdpr=1&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 220
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

in
d.adroll.com/cm/r/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

42 B
498 B

36ms
36ms

Image
image/gif

34.248.22.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.22.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-22-101.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 14:58:02 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-type: image/gif
content-length: 42
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

Redirect headers

date: Tue, 12 Jan 2021 14:58:01 GMT
referrer-policy: no-referrer-when-downgrade
server: ATS
age: 2
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=15552000
p3p: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
location: https://d.adroll.com/cm/r/in?xid=E0&gdpr=1&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advert...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

0
219 B

52ms
16ms

Image
text/plain

141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

tbl-x-upstream: 10.41.14.127:10213
date: Tue, 12 Jan 2021 14:58:02 GMT
server: nginx
x-fastly-to-nlb-rtt: 1978

Redirect headers

location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA
pragma: no-cache
date: Tue, 12 Jan 2021 14:58:01 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&adv...
https://eb2.3lift.com/xuid?mid=4714&xuid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=

37 B
352 B

25ms
25ms

Image
image/gif

52.57.162.23
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.162.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-162-23.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=4714&xuid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA&dongle=c85e&gdpr=1&cmp_cs=&us_privacy=
date: Tue, 12 Jan 2021 14:58:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable...
https://x.bidswitch.net/sync?dsp_id=44&user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

43 B
343 B

24ms
24ms

Image
image/gif

54.93.211.166
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.211.166 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-211-166.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA
date: Tue, 12 Jan 2021 14:58:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

setuid
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable...
https://ib.adnxs.com/setuid?entity=172&code=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

43 B
1 KB

49ms
19ms

Image
image/gif

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=172&code=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

Requested by

Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.145 , Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 12 Jan 2021 14:58:02 GMT
X-Proxy-Origin: 185.212.171.67; 185.212.171.67; 623.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.236:80
AN-X-Request-Uuid: 5eb6211b-4195-4eee-9160-255cfd6dd137
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

location: https://ib.adnxs.com/setuid?entity=172&code=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA
pragma: no-cache
date: Tue, 12 Jan 2021 14:58:02 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.18.0
content-length: 93
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 out
d.adroll.com/cm/l/ 42 B
180 B 36ms
36ms Image
image/gif 34.248.22.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/l/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable=7YJ7XZCLMRHSVCXIHB5HIT
Requested by: Host: www.proofpoint.com
URL: https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.22.101 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-22-101.eu-west-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash

Request headers

Referer: https://www.proofpoint.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 14:58:02 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.18.0
content-length: 42
vary: Cookie
content-type: image/gif

GET

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=eb20c10267f82a52ed9eb8f0960cfb10

0
0

GET

pixel
cm.g.doubleclick.net/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=3f5b7a0e604faa4e0493e13da2b5122c-1610463481746&arrfrr=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&xid_ch=f&advertisable...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=6yDBAmf4KlLtnrjwlgz7EA

0
0

GET 389545881899618
connect.facebook.net/signals/config/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gwmtracking.com
URL: https://gwmtracking.com/p/v/1/5b7320b8f870815f7f59492b/format/img?gtmcb=1058860237

Domain: px.ads.linkedin.com
URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=169250&time=1610463481313&url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fexploring-bergard-old-malware-new-tricks&liSync=true

Domain: segments.company-target.com
URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AALTF06_-3IAABAaGIgYOA&verifyHash=82d5200a09db832c19ef22344d22fbdb88e65924

Domain: sync.outbrain.com
URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=ZWIyMGMxMDI2N2Y4MmE1MmVkOWViOGYwOTYwY2ZiMTA

Domain: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/sd?id=537103138&val=eb20c10267f82a52ed9eb8f0960cfb10

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=6yDBAmf4KlLtnrjwlgz7EA

Domain: connect.facebook.net
URL: https://connect.facebook.net/signals/config/389545881899618?v=2.9.32&r=stable

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10487471.fls.doubleclick.net
309-rhv-619.mktoresp.com
4788165.fls.doubleclick.net
ads.avct.cloud
ads.avocet.io
ads.yahoo.com
api.company-target.com
attr.ml-api.io
bat.bing.com
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dev.visualwebsiteoptimizer.com
dsum-sec.casalemedia.com
eb2.3lift.com
fonts.googleapis.com
geoip-js.com
googleads.g.doubleclick.net
gwmtracking.com
ib.adnxs.com
id.rlcdn.com
js.driftqa.com
js.driftt.com
munchkin.marketo.net
pixel.advertising.com
pixel.rubiconproject.com
px.ads.linkedin.com
s.adroll.com
s.ml-attr.com
script.hotjar.com
scripts.demandbase.com
secure.adnxs.com
segments.company-target.com
simage2.pubmatic.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
sync.outbrain.com
sync.taboola.com
t.co
tracking.g2crowd.com
us-u.openx.net
vars.hotjar.com
visitor.reactful.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.proofpoint.com
x.bidswitch.net
cm.g.doubleclick.net
connect.facebook.net
gwmtracking.com
px.ads.linkedin.com
segments.company-target.com
sync.outbrain.com
us-u.openx.net
104.111.236.192
104.244.42.69
13.224.94.123
13.224.94.36
13.224.94.37
13.224.94.64
13.225.80.24
141.226.228.48
151.101.12.157
172.217.21.230
185.33.220.145
185.64.189.110
192.28.144.124
2.18.233.40
2.18.234.21
216.58.205.226
2606:4700::6812:1abe
2606:4700::6812:aef
2620:1ec:c11::200
2a00:1288:80:800::7001
2a00:1450:4001:800::2004
2a00:1450:4001:802::2003
2a00:1450:4001:808::2008
2a00:1450:4001:808::200e
2a00:1450:4001:809::2002
2a00:1450:4001:81e::200a
2a00:1450:4001:820::2013
2a00:1450:4001:824::2002
2a00:1450:400c:c0c::9a
2a02:26f0:6c00:295::25ea
2a02:e980:107::cf
2a03:2880:f01c:8012:face:b00c:0:3
34.120.207.148
34.248.22.101
34.96.102.137
52.17.151.21
52.57.162.23
52.59.102.119
54.197.143.221
54.93.211.166
65.9.7.67
65.9.7.80
68.67.153.60
69.173.144.138
1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a
2c1f9ce740c43e5124e95d4c8e72a6ed84cdc7f44fca8e8ab16df2b5fb2d75c4
4c858ea92bdc30e89d30d477c30228c47b19648e1539829bb2303a176f0c23dd

www.proofpoint.com Open in urlscan Pro 2a02:e980:107::cf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

92 Requests

91 %HTTPS

36 %IPv6

44 Domains

53 Subdomains

43 IPs

7 Countries

2114 kBTransfer

5072 kBSize

0 Cookies

0 Outgoing links

Redirected requests

92 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 16 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.proofpoint.com Open in urlscan Pro
2a02:e980:107::cf Public Scan

Screenshot
Live screenshot

Full Image

92
Requests

91 %
HTTPS

36 %
IPv6

44
Domains

53
Subdomains

43
IPs

7
Countries

2114 kB
Transfer

5072 kB
Size

0
Cookies

92 HTTP transactions
16 data transactions