www.avanan.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mq...
Effective URL:
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%...
Submission: On September 07 via manual (September 7th 2023, 6:40:31 pm UTC) from US — Scanned from DE

Summary HTTP 204 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 62 IPs in 5 countries across 50 domains to perform 204 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.avanan.com.
TLS certificate: Issued by GTS CA 1P5 on July 23rd 2023. Valid for: 3 months.

This is the only time www.avanan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 57	2606:2c40::c7... 2606:2c40::c73c:67fe	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	18.165.183.67 18.165.183.67	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:e0:... 2606:4700:e0::ac40:660b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:350... 2a02:26f0:3500:16::215:149b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700::68... 2606:4700::6810:6cd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:d333	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	13.32.27.95 13.32.27.95	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:e05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	18.66.26.40 18.66.26.40	16509 (AMAZON-02) (AMAZON-02)
8	2.17.100.184 2.17.100.184	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	108.138.17.51 108.138.17.51	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:2b1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
8	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
5	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
3	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.97.10 18.66.97.10	16509 (AMAZON-02) (AMAZON-02)
6	143.204.214.30 143.204.214.30	16509 (AMAZON-02) (AMAZON-02)
2	45.60.13.212 45.60.13.212	19551 (INCAPSULA) (INCAPSULA)
1	34.107.254.219 34.107.254.219	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.224.194.18 13.224.194.18	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::ac40:991b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:50ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7d0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:e7a3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
3	2606:4700::68... 2606:4700::6812:c07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	104.26.11.16 104.26.11.16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.165.227.104 18.165.227.104	16509 (AMAZON-02) (AMAZON-02)
2	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
1 2	52.212.62.39 52.212.62.39	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400c:c09::9a	15169 (GOOGLE) (GOOGLE)
3	2600:9000:214... 2600:9000:214f:9a00:14:c034:4840:93a1	16509 (AMAZON-02) (AMAZON-02)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.66.112.92 18.66.112.92	16509 (AMAZON-02) (AMAZON-02)
4	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:827::2013	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20eb:6e00:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:c8cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	35.171.218.118 35.171.218.118	14618 (AMAZON-AES) (AMAZON-AES)
2	34.206.231.112 34.206.231.112	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:ab0... 2a02:26f0:ab00::214:8e70	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	2600:9000:225... 2600:9000:225e:1600:f:7ae2:7780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.210.101 143.204.210.101	16509 (AMAZON-02) (AMAZON-02)
204	62

57 2606:2c40::c73c:67fe (United States) 1 redirects

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.avanan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.165.183.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-183-67.zrh55.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e0::ac40:660b (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:16::215:149b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:6cd1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d333 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.32.27.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-95.fra56.r.cloudfront.net

www.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:e05d (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.26.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-26-40.vie50.r.cloudfront.net

wec-assets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.17.100.184 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-184.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh3.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.17.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-51.fra56.r.cloudfront.net

lftracker.leadfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2b1f (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-10.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 143.204.214.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-214-30.fra53.r.cloudfront.net

d10lpsik1i8c69.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.60.13.212 (United States)

ASN19551 (INCAPSULA, US)

px.spiceworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.254.219 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 219.254.107.34.bc.googleusercontent.com

www.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.194.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-18.fra2.r.cloudfront.net

d26x5ounzdjojj.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:991b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7d0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:e7a3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:c07d (United States)

ASN13335 (CLOUDFLARENET, US)

perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.11.16 (None, )

ASN13335 (CLOUDFLARENET, US)

settings.luckyorange.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.165.227.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-227-104.lhr61.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.62.39 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-62-39.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c09::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:214f:9a00:14:c034:4840:93a1 (United States)

ASN16509 (AMAZON-02, US)

reviews.static.gartner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-92.fra56.r.cloudfront.net

tr.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

t.influ2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:6e00:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c8cc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.171.218.118 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-218-118.compute-1.amazonaws.com

com-thebigwillow-prod1.collector.snplow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.206.231.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-231-112.compute-1.amazonaws.com

bf28149orj.bf.dynatrace.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ab00::214:8e70 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:9000:225e:1600:f:7ae2:7780:93a1 (United States)

ASN16509 (AMAZON-02, US)

checkpointsoftwaretechnologiesincavanan.widget.insent.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.210.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-210-101.fra53.r.cloudfront.net

js.pusher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	avanan.com 1 redirects www.avanan.com	2 MB
9	insent.ai checkpointsoftwaretechnologiesincavanan.widget.insent.ai	508 KB
9	6sc.co j.6sc.co — Cisco Umbrella Rank: 6537 c.6sc.co — Cisco Umbrella Rank: 9827 ipv6.6sc.co — Cisco Umbrella Rank: 6860 b.6sc.co — Cisco Umbrella Rank: 4436	18 KB
9	gartner.com www.gartner.com — Cisco Umbrella Rank: 56092 reviews.static.gartner.com — Cisco Umbrella Rank: 160904	205 KB
8	cloudfront.net d10lpsik1i8c69.cloudfront.net d26x5ounzdjojj.cloudfront.net	210 KB
8	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1142 analytics.twitter.com — Cisco Umbrella Rank: 864 syndication.twitter.com — Cisco Umbrella Rank: 1375	163 KB
8	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 13172 app.hubspot.com — Cisco Umbrella Rank: 6013 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6967 track.hubspot.com — Cisco Umbrella Rank: 2655 forms.hubspot.com — Cisco Umbrella Rank: 5185	9 KB
7	gstatic.com fonts.gstatic.com	77 KB
6	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 3808 px.ads.linkedin.com — Cisco Umbrella Rank: 405 www.linkedin.com — Cisco Umbrella Rank: 636 px4.ads.linkedin.com — Cisco Umbrella Rank: 6338	166 KB
4	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 885	270 KB
4	snplow.net com-thebigwillow-prod1.collector.snplow.net — Cisco Umbrella Rank: 88559	641 B
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 114	33 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5643	689 B
4	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 2541	880 B
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 186	175 KB
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 53 stats.g.doubleclick.net — Cisco Umbrella Rank: 96	4 KB
3	hsforms.com perf.hsforms.com — Cisco Umbrella Rank: 14021	3 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 17975 ibc-flow.techtarget.com — Cisco Umbrella Rank: 20357	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 404	14 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 49	69 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	290 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 58	3 KB
3	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1204	136 KB
2	dynatrace.com bf28149orj.bf.dynatrace.com — Cisco Umbrella Rank: 88837	956 B
2	bidr.io 1 redirects match.prod.bidr.io — Cisco Umbrella Rank: 632	1 KB
2	influ2.com www.influ2.com — Cisco Umbrella Rank: 59344 t.influ2.com — Cisco Umbrella Rank: 56817	3 KB
2	spiceworks.com px.spiceworks.com — Cisco Umbrella Rank: 40661	7 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 793 script.hotjar.com — Cisco Umbrella Rank: 1084	59 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 909	9 KB
2	googleusercontent.com lh3.googleusercontent.com — Cisco Umbrella Rank: 72 lh5.googleusercontent.com — Cisco Umbrella Rank: 167	176 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 249	9 KB
2	terminus.services vidassets.terminus.services — Cisco Umbrella Rank: 32795 wec-assets.terminus.services — Cisco Umbrella Rank: 21114	12 KB
1	pusher.com js.pusher.com — Cisco Umbrella Rank: 16463	18 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3880	1 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 1139	373 B
1	lfeeder.com tr.lfeeder.com — Cisco Umbrella Rank: 28104	294 B
1	luckyorange.net settings.luckyorange.net — Cisco Umbrella Rank: 10665	1 KB
1	t.co t.co — Cisco Umbrella Rank: 580	378 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3592	3 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4954	86 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2517	21 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2531	16 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 862	15 KB
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 9752	1 KB
1	leadfeeder.com lftracker.leadfeeder.com — Cisco Umbrella Rank: 87808	11 KB
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 379	265 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 156	18 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 6281	6 KB
1	hscta.net js.hscta.net — Cisco Umbrella Rank: 23762	7 KB
1	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 9213	2 KB
204	50

	Domain	Requested by
57	www.avanan.com	1 redirects www.avanan.com
9	checkpointsoftwaretechnologiesincavanan.widget.insent.ai	www.avanan.com checkpointsoftwaretechnologiesincavanan.widget.insent.ai
7	fonts.gstatic.com	fonts.googleapis.com
6	b.6sc.co	www.avanan.com
6	d10lpsik1i8c69.cloudfront.net	www.avanan.com d10lpsik1i8c69.cloudfront.net
6	www.gartner.com	www.avanan.com www.gartner.com
5	platform.twitter.com	www.avanan.com platform.twitter.com
4	static.xx.fbcdn.net	www.facebook.com
4	com-thebigwillow-prod1.collector.snplow.net	d26x5ounzdjojj.cloudfront.net
4	www.facebook.com	www.avanan.com connect.facebook.net
4	www.google.de	www.avanan.com
4	connect.facebook.net	www.avanan.com connect.facebook.net
3	track.hubspot.com
3	px.ads.linkedin.com	3 redirects
3	reviews.static.gartner.com	www.gartner.com
3	www.google.com	www.avanan.com
3	perf.hsforms.com	www.avanan.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.avanan.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.googletagmanager.com	www.avanan.com www.google-analytics.com
3	fonts.googleapis.com	www.avanan.com
3	use.fontawesome.com	www.avanan.com use.fontawesome.com
2	bf28149orj.bf.dynatrace.com	www.gartner.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	match.prod.bidr.io	1 redirects www.avanan.com
2	syndication.twitter.com	platform.twitter.com www.avanan.com
2	cta-service-cms2.hubspot.com	js.hscta.net
2	d26x5ounzdjojj.cloudfront.net	www.avanan.com d26x5ounzdjojj.cloudfront.net
2	px.spiceworks.com	www.googletagmanager.com www.avanan.com
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	googleads.g.doubleclick.net	www.googleadservices.com www.googletagmanager.com
2	cdnjs.cloudflare.com	www.avanan.com www.gartner.com
1	js.pusher.com	checkpointsoftwaretechnologiesincavanan.widget.insent.ai
1	forms.hubspot.com	js.hsleadflows.net
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	api.hubapi.com	js.hsadspixel.net
1	region1.analytics.google.com	www.googletagmanager.com
1	px4.ads.linkedin.com	www.avanan.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	t.influ2.com	www.influ2.com
1	tr.lfeeder.com	www.avanan.com
1	script.hotjar.com	static.hotjar.com
1	settings.luckyorange.net	d10lpsik1i8c69.cloudfront.net
1	analytics.twitter.com	www.avanan.com
1	t.co	www.avanan.com
1	js.hsadspixel.net	www.avanan.com
1	js.hsleadflows.net	www.avanan.com
1	js.hs-analytics.net	www.avanan.com
1	js.hs-banner.com	www.avanan.com
1	app.hubspot.com	www.avanan.com
1	trk.techtarget.com	www.avanan.com
1	www.influ2.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	static.ads-twitter.com	www.googletagmanager.com
1	tracking.g2crowd.com	www.avanan.com
1	lftracker.leadfeeder.com	www.avanan.com
1	lh5.googleusercontent.com	www.avanan.com
1	lh3.googleusercontent.com	www.avanan.com
1	j.6sc.co	www.avanan.com
1	wec-assets.terminus.services	www.avanan.com
1	match.adsrvr.org	www.avanan.com
1	www.googleadservices.com	www.avanan.com
1	static.hsappstatic.net	www.avanan.com
1	js.hscta.net	www.avanan.com
1	no-cache.hubspot.com	www.avanan.com
1	cdn2.hubspot.net	www.avanan.com
1	platform.linkedin.com	www.avanan.com
1	vidassets.terminus.services	www.avanan.com
204	71

This site contains links to these domains. Also see Links.

Domain
www.checkpoint.com
accounts.checkpoint.com
www.gartner.com
gtnr.io
careers.checkpoint.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.avanan.com GTS CA 1P5	`2023-07-23` - `2023-10-21`	3 months	crt.sh
*.terminus.services Amazon RSA 2048 M01	`2023-02-22` - `2023-11-14`	9 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
use.fontawesome.com GTS CA 1P5	`2023-09-01` - `2023-11-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-05-17` - `2024-05-16`	a year	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2023-04-06` - `2024-04-05`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
www.gartner.com Amazon RSA 2048 M01	`2023-02-22` - `2024-02-05`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
6sc.co R3	`2023-08-19` - `2023-11-17`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.leadfeeder.com Amazon RSA 2048 M01	`2023-02-02` - `2024-03-02`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-06-17` - `2023-09-15`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-07` - `2024-02-03`	6 months	crt.sh
influ2.com GTS CA 1D4	`2023-08-05` - `2023-11-03`	3 months	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-11-14` - `2023-11-14`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-02` - `2024-09-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-01` - `2023-10-01`	a year	crt.sh
reviews.static.gartner.com Amazon RSA 2048 M02	`2023-03-16` - `2024-04-13`	a year	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-07-26` - `2023-10-24`	3 months	crt.sh
*.lfeeder.com Amazon RSA 2048 M01	`2023-03-22` - `2024-04-19`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-08-14` - `2023-11-06`	3 months	crt.sh
t.influ2.com GTS CA 1D4	`2023-09-01` - `2023-11-30`	3 months	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
com-thebigwillow-prod1.collector.snplow.net Amazon RSA 2048 M01	`2023-02-21` - `2023-12-10`	10 months	crt.sh
*.bf.dynatrace.com Amazon RSA 2048 M02	`2023-03-01` - `2024-01-07`	10 months	crt.sh
*.widget.insent.ai Amazon RSA 2048 M01	`2023-03-01` - `2024-03-29`	a year	crt.sh
js.pusher.com Amazon RSA 2048 M01	`2023-04-13` - `2024-05-11`	a year	crt.sh

This page contains 9 frames:

Primary Page: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Frame ID: 5209685A4B3BDC154A2F73E30CE48669
Requests: 174 HTTP requests in this frame

Frame: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Frame ID: 781AAEE05D88D329F28D07AC3D35C718
Requests: 6 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.avanan.com
Frame ID: 1950280DC09A9B709BD1FD1688BAF905
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: B3358D595FB52C79DD51102A7901A3C2
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Frame ID: 7B56AEF7AFBE90B2C22514B0A1D9C8CB
Requests: 2 HTTP requests in this frame

Frame: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Frame ID: 9684FA16776052CEB0FD6B51391CA6D8
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12b73790fda244%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffc2e6a4232e99c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 50819AC4EAF67A3EFFC30C1AEE00A459
Requests: 3 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2bd57a5d93d8fc%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffc2e6a4232e99c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 37FFBA2B809D704A770784CF990866E8
Requests: 3 HTTP requests in this frame

Frame: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Frame ID: AFC5927D01B34492651AD9BF7F17ECF3
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Microsoft Reply Attack

Page URL History Show full URLs

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95... Page URL
https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8... HTTP 307
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

204
Requests

97 %
HTTPS

60 %
IPv6

50
Domains

71
Subdomains

62
IPs

5
Countries

5343 kB
Transfer

12455 kB
Size

56
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://www.checkpoint.com/partners/channel/
Title: Become a Reseller

Search URL Search Domain Scan URL

URL: https://accounts.checkpoint.com/#/login
Title: Go Now

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: Check Point Software Technologies (Avanan)Email Security4.7519 Ratings Submit a reviewAs of 7 Sep 2023Reviewed August 14, 2023"Best Email security ..." (read more)Reviewed July 25, 2023"I sleep better at night with Avanan protecting us...." (read more)Reviewed July 13, 2023"Great product..." (read more)Reviewed June 23, 2023"Avanan just works to protect your email...." (read more)Reviewed June 12, 2023"Avanan email security protects your email and collaboration suites using AI/ML algorithms..." (read more)Reviewed June 11, 2023"Very nice, fantastic and pocket friendly cloud email security application. ..." (read more)Reviewed June 9, 2023"Ultimate cloud cover protection against cloud phishing ..." (read more)Reviewed June 5, 2023"User Experience..." (read more)Reviewed May 30, 2023"Threat detection capabilities and Prevention..." (read more)Reviewed May 29, 2023"Fortify your cloud collaboration and advanced threat protection with avanan ..." (read more)Reviewed May 26, 2023"Google Work

Search URL Search Domain Scan URL

URL: https://gtnr.io/KTCLEMy5I
Title: Submit a review

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4859858?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770260?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4871998?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4835268?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4805710?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4805860?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4802398?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4791196?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4778378?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4776428?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4774748?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770850?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770682?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/3424847?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770336?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4770022?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4768382?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4768390?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4768242?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://www.gartner.com/reviews/market/email-security/vendor/check-point-software-technologies-avanan/product/avanan/review/view/4756252?utm_source=check-point-software-technologies-avanan&utm_medium=referral&utm_campaign=widget&utm_content=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Title: (read more)

Search URL Search Domain Scan URL

URL: https://careers.checkpoint.com/?q=&module=cpcareers&a=search&fa%5B%5D=department_s%3AEmail%2520Security&sort=
Title: Careers

Search URL Search Domain Scan URL

URL: https://twitter.com/AvananSecurity

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/avanan/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8hhs2jsPW1W4XqMC9783Gk-N2-36Rys_mZBVLg3XP40by_MW1FkrfX5vsjfxW254SJJ3s3bFmW5SCRY26J_dczN1Z9CpF3h5DsVZLNGQ6cxP-7N24-qJv8G6tPW77qcvN54yBcJW8GNJhM95LsWhW3tK9Zh4LFr3tW3HFpDX8vh0Q5W7KGn9k91b67TW5ngkb63D-_SRW9lZ0-H7wdrtkW737_v28yR6yLW1LDy3S6xbsHzW7_Xj-n7gLGRHf5DMxRs04 Page URL
https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8hhs2jsPW1W4XqMC9783Gk-N2-36Rys_mZBVLg3XP40by_MW1FkrfX5vsjfxW254SJJ3s3bFmW5SCRY26J_dczN1Z9CpF3h5DsVZLNGQ6cxP-7N24-qJv8G6tPW77qcvN54yBcJW8GNJhM95LsWhW3tK9Zh4LFr3tW3HFpDX8vh0Q5W7KGn9k91b67TW5ngkb63D-_SRW9lZ0-H7wdrtkW737_v28yR6yLW1LDy3S6xbsHzW7_Xj-n7gLGRHf5DMxRs04?_ud=39cca9d6-aa5f-44b2-973e-48ab8236bb5c&_jss=1&_fl=8&_pl=3&_hc=4&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 132

https://match.prod.bidr.io/cookie-sync/tbw HTTP 303
https://match.prod.bidr.io/cookie-sync/tbw?_bee_ppp=1

Request Chain 148

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1694112025500%26url%3Dhttps%253A%252F%252Fwww.avanan.com%252Fblog%252Fthe-microsoft-reply-attack%253Futm_campaign%253DCampaign%252520-%252520M365%252520SMB%252520US%252520150%252520Emp%2525209%25252F5%252520-%252520FY23%2526utm_medium%253Demail%2526_hsmi%253D272543376%2526_hsenc%253Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%2526utm_content%253D272543376%2526utm_source%253Dhs_automation%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true&e_ipv6=AQJ5fD4pVJlEKQAAAYpw8g4_boaP4RlJA0CpRnKJNkm3gZshYtQFU_ywT1CDU2gV-uo5MdmtnJvXdyaKqgnWLAQTjOfXjg

204 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8h...
www.avanan.com/e3t/Ctc/2H+113/ccGyW04/ 8 KB
4 KB 281ms
199ms Document
text/html 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8hhs2jsPW1W4XqMC9783Gk-N2-36Rys_mZBVLg3XP40by_MW1FkrfX5vsjfxW254SJJ3s3bFmW5SCRY26J_dczN1Z9CpF3h5DsVZLNGQ6cxP-7N24-qJv8G6tPW77qcvN54yBcJW8GNJhM95LsWhW3tK9Zh4LFr3tW3HFpDX8vh0Q5W7KGn9k91b67TW5ngkb63D-_SRW9lZ0-H7wdrtkW737_v28yR6yLW1LDy3S6xbsHzW7_Xj-n7gLGRHf5DMxRs04

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 80311472fdd1bba4-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Thu, 07 Sep 2023 18:40:23 GMT
last-modified: Thu, 07 Sep 2023 18:40:23 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OqewCJsyCU4DcTja8Jtpn7xp0tdfmk6nVrLivWf%2FKQH81rwJ3kbXuRSPf7i%2FeVGtxuLQbQzJrFlkpBhjcj1qDwZ9mR1eVTR2Tjqn%2BGCUoQuE5TK8f2xsHcd2j9PUKbis6TQ8qRrHXsAUu0oq"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 16
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-7b77464955-5wxgd
x-evy-trace-virtual-host: all
x-hs-https-only: worker
x-hubspot-correlation-id: c18effd2-15f0-4f85-991e-f752d8a27395
x-request-id: c18effd2-15f0-4f85-991e-f752d8a27395
x-robots-tag: none

GET
H3

200

Primary Request the-microsoft-reply-attack Show response
www.avanan.com/blog/
Redirect Chain

https://www.avanan.com/events/public/v1/encoded/track/tc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlp...
https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m...

90 KB
21 KB

168ms
168ms

Document
text/html

2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8hhs2jsPW1W4XqMC9783Gk-N2-36Rys_mZBVLg3XP40by_MW1FkrfX5vsjfxW254SJJ3s3bFmW5SCRY26J_dczN1Z9CpF3h5DsVZLNGQ6cxP-7N24-qJv8G6tPW77qcvN54yBcJW8GNJhM95LsWhW3tK9Zh4LFr3tW3HFpDX8vh0Q5W7KGn9k91b67TW5ngkb63D-_SRW9lZ0-H7wdrtkW737_v28yR6yLW1LDy3S6xbsHzW7_Xj-n7gLGRHf5DMxRs04

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9952dbddc1103498d87538f64bd985046019a40ee11438af7cd4b1bd0f4cfd72

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8hhs2jsPW1W4XqMC9783Gk-N2-36Rys_mZBVLg3XP40by_MW1FkrfX5vsjfxW254SJJ3s3bFmW5SCRY26J_dczN1Z9CpF3h5DsVZLNGQ6cxP-7N24-qJv8G6tPW77qcvN54yBcJW8GNJhM95LsWhW3tK9Zh4LFr3tW3HFpDX8vh0Q5W7KGn9k91b67TW5ngkb63D-_SRW9lZ0-H7wdrtkW737_v28yR6yLW1LDy3S6xbsHzW7_Xj-n7gLGRHf5DMxRs04
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 80311475995418ef-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Thu, 07 Sep 2023 18:40:24 GMT
edge-cache-tag: CT-106960374431,CG-4153530738,P-1835778,L-6416153737,CW-10828273430,CW-10828758285,CW-11124227288,CW-38920737000,E-5097885803,E-6067151804,E-6073351973,E-6073918834,E-6084513730,E-6476923280,PGS-ALL,SW-2,B-4153530738
etag: W/"2ce81b0c64f9b2db1cd82d8c2acd92a0"
last-modified: Thu, 07 Sep 2023 05:17:26 GMT
link: </hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js>; rel=preload; as=script,</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pdfaWq35nfVoDnTkYuKsgHyRRTQ2aQdQnSjRbIRhPQWLRNYcf9ou7%2BwI89j%2FBRtwVd9BYQl71adDcI6a9DKhn85%2BFvUOkgcBy%2B3Jdztn%2B%2B42UPHM%2FkKlhKjrIdw%2FOx9Tc1QCDZMa3TVTpc3c"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 106960374431
x-hs-https-only: worker
x-hs-hub-id: 1835778
x-hs-prerendered: Thu, 07 Sep 2023 05:17:26 GMT

Redirect headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
cf-ray: 803114745832bba4-FRA
content-security-policy: upgrade-insecure-requests
date: Thu, 07 Sep 2023 18:40:23 GMT
link: <https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation>; rel="canonical"
location: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YrPECDNRon%2BU1GOpfAe0FcyRRRQ1wsddrbR%2Fd6fldC4F8xPe%2BR0PJTzlMVjYJKwaAJEuuNrBCosLp3grI3sKIhBsvlEIBHCw3HuusXAbmBItFGtPeL1I%2B6%2B3V0eUmWicq0cFwqkQA6bN8LIC"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 37
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/event-tracking-td/envoy-proxy-7b77464955-5grt4
x-evy-trace-virtual-host: all
x-hs-https-only: worker
x-hubspot-correlation-id: 999817f1-f241-48f3-9037-5e01d6108bad
x-request-id: 999817f1-f241-48f3-9037-5e01d6108bad
x-robots-tag: none

GET
H3 200 index.js Show response
www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 88ms
88ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 60e71fe7e3db53eea86ce8b59ae62a6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 11579466
x-amz-cf-pop: BRU50-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1u1T%2BuNyFbnCGujhZLIoEiM0Jwc0n%2FKhVSWoGbjuJBZY8zbeu44VjW1sTDR4Ma%2FFgG0Jgd%2FDhAbDb8qM6n4A4s9nefcHYmeAZONLiBUPzYiFInk7dzkA7PAu6tGH1lrjiIsLBiLSQQKFOe%2Fd"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 80311476abc718ef-FRA
x-amz-cf-id: yxA09aq9s4B6PmpV6dl_-DYEUIs917gb4fJZ2aDCFGxwJJcp2hpepQ==
expires: Fri, 06 Sep 2024 18:40:24 GMT

GET
H3 200 project.js Show response
www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 84ms
83ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 3d58896f901dbeed449603f5d2b4d9f0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 18883082
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FGETPB%2F2kd4I0CB7mURJg7aVlnN2xZChJDCUBCIqTcZNHEUrZz7tqXM%2BiRfGBRG2fR9GV4ku2zgDY7GCc5aK95S6nsa37ZcqM4FuoOtgkUIdeRKbsX%2FM9xCpyFMS4qGkQpqkNX86DXuIALTm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 80311476abcb18ef-FRA
x-amz-cf-id: ZmuEZCCdZrm5xyAia8nJAfKJsHaYaoSZxaKdSs-yqLaOz8YTH1JBVw==
expires: Fri, 06 Sep 2024 18:40:24 GMT

GET
H3 200 post_listing_asset.js Show response
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 117ms
117ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 3fdf3aacaef6ec40c4eedb85c8144da2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 18881535
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"d95d7dafd49a1edc76a47120c287b579"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J8kWl5jAe%2BOH0pj88QVfuLaDzboRzQqH8i0zujbHqthaK2RkWdrSL5XeRev51xySt1Gv2atFUmScsW4FMqsHc0HIj0%2F%2BHeni%2FOMi%2B6wbj52WLbBUraZGHGoQ7mFqS3oPwfx4BFxgOGbNMC7v"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 80311476abce18ef-FRA
x-amz-cf-id: ijpTSzpE17UPd31vE091MWr-kEN6lFakQrsDaQYusgO1jHlY5Y8IDQ==
expires: Fri, 06 Sep 2024 18:40:24 GMT

GET
H3 200 jquery-1.11.2.js Show response
www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/ 94 KB
35 KB 89ms
89ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/jquery-libs/static-1.4/jquery/jquery-1.11.2.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 0a4e8f7c3d348e526848328c55dd452a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 18882979
x-amz-cf-pop: FRA56-C2
x-amz-version-id: null
content-encoding: br
x-cache: Hit from cloudfront
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 08 Jan 2015 18:08:00 GMT
server: cloudflare
etag: W/"5790ead7ad3ba27397aedfa3d263b867"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fyBnL0fFNMeJf4mJ%2BShKBWzkhUQk0RHZRD8tneJRuRdyyyGeHzlCTORylCZlzVPrk%2FeDqqGWy8tsqA%2Fv%2BXYjh%2BKc6a0jZyNvh%2BPL%2BjmWQ3q9bQ%2BSkDcY%2FV4hdb%2Bu0859uGNoom8zbGjSqTvN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 80311476abd218ef-FRA
x-amz-cf-id: I4EK0lyH3llpn9yJkXDgwMLk66f7QrcaA_f1Jmda37csaeEcRwWXBQ==
expires: Fri, 06 Sep 2024 18:40:24 GMT

GET
H3 200 module_38920737000_header-NEW.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1693339116978/ 350 B
2 KB 408ms
406ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/38920737000/1693339116978/module_38920737000_header-NEW.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 1SP0XG6YX7NGZNFM
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"d03acb35e50d52eba2de45e92772724e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693339116978
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 90a702a7e21c444d32e69f4d93b07bb4.cloudfront.net (CloudFront)
cf-cache-status: REVALIDATED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: mzhlCP.Q4kGZtjrszMLY3UteK9JyKt8t
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ecd0f883-bf00-4524-a523-ddf505fa4103
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 169
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ZGcrbbxGKHs+Zai4utVK1gX+91dc/0003mU1TFXZB+/vCaDFmBAc6Hk56dOaADyFVX4SNZF8fe4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ecd0f883-bf00-4524-a523-ddf505fa4103
last-modified: Tue, 29 Aug 2023 19:58:37 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RLDUufxx1v%2FIfh4KCi0a%2B%2FzPtNp8TcmuoPivuhQLBVB5jvGBuN92pkIUa1gOWbfsKasdzn%2FrD8VYFGdFTkFty0sCCuB3UWPmXFdsobfg49y1FG9akho7%2FUqsETc0O7HG7JoMh6xOhSsFSUPJ"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-nlblb
access-control-allow-credentials: false
cf-ray: 80311476abd618ef-FRA
x-amz-cf-id: oLHSHl5kVMjN6TSVrTmpZqDTMukWx4hGqVVg5vq5gAnZe9hsFi9GHw==

GET
H3 200 reset.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/ 760 B
2 KB 157ms
154ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6067151804/1577975558437/Custom/jacob_redesign/css/reset.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 0Z59M5NSMTT8QXJ1
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"dd216fc74c067413933b3c64bb975273"
vary: origin, Accept-Encoding
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 663f2425a3138c20ed99538fc8652f3c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: adg6Tcxw8bHaHALCZHMiZcGnIuL6f9nZ
x-amz-cf-pop: IAD12-P2
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 145
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OwFFVSnA/gL76Y1cteJAeBdF9C/K/G4i+3LoOrGEa5VOrxri7KrVw4uIL1FHusvkke9pR7XNc2Q=
x-request-id: 9c751005-f62b-494a-aa45-c91a462368c2
x-evy-trace-route-configuration: listener_https/all
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yuJx6IVjQOH57J8BCwFEKjO8FLJUjsrlXtSKdKnvG92EfosBPdzA790%2Ffmt80SAiFbL6OH6X47DYporwHhuE9rfiydd6%2Fwp0LOwHH5jQkUXE4vYD%2BEWFLN0Od57npGvc8JkLbDQUgPIlLb7s"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 80311476abdb18ef-FRA
x-amz-cf-id: qZZKD_d6Cx0RShpaweMSvxWolpLX35dYB29gGAGs7vm2YL8L8bwkNA==

GET
H3 200 module_11124227288_updated_blog_body.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/ 5 KB
2 KB 193ms
190ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298028261/module_11124227288_updated_blog_body.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 5KXGZXQ954S6DQ28
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"34740dad57e89fd2749c7cdb3497cb09"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683298028261
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 e880df37740c4e68e519f8478d14cb88.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: HyZl6ue_xg82nZe3wq8kD7rN5WNVoPQi
x-amz-cf-pop: IAD89-P2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 283
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QUdKaifwgALJwcbBazm5pJx4O3NB71W5gPm2uydyxcoxJ92y21GMNk7bd8LO4ZczIh/mOHpXUII=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 22a796fa-bd48-48a6-b057-5ded8eba0994
last-modified: Fri, 05 May 2023 14:47:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LaNxev2YPwSKVAIyBBG%2BTFu%2Fm7AizQu5LH5NwfKrLzGb3WsisDt%2FVgVY4PoJjiMeCPu6efDgW3PuOjjf2cbMcfWzB08hVA%2FUixmRrrky5FVs3vXXz05V7Iakg7ddbfzslAJ%2BaNQK601Dn%2FMu"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-fwhk5
access-control-allow-credentials: false
cf-ray: 80311476abde18ef-FRA
x-amz-cf-id: rSfEIDDPqTFcxLmxoDZA6UZnet_1Zpw6Q8k6lw6CFoJtb3GGHSn5Uw==

GET
H3 200 project.css
www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/ 720 B
1 KB 99ms
96ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 b61409af370dbf025ffc910b1252c65e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 18881535
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: 7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 19 Aug 2020 22:47:10 GMT
server: cloudflare
etag: W/"a81c70764750950eb72d4537c41e781f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oBPXkK%2BivTvtCUOkOAIRp1W0nHbJ%2F1gBj3wimyu0IzQMcue606EglRG%2BJqS0BXL30qG1wVw8o2g%2FATF4F7P%2F%2FT%2FUVI%2BmaZ%2BoXrH5xaiqZWHMdXQLUq1FOjffnWNElZbz0ksTdXNHRMSqgNJb"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 80311476abe118ef-FRA
x-amz-cf-id: roQNcTNslbJUTkKh2XKeBfEUfpuAwtuzDWWWOBuOR28Su5KUs14JaQ==
expires: Fri, 06 Sep 2024 18:40:24 GMT

GET
H3 200 rss_post_listing.css
www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
1 KB 91ms
88ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 4b28b963946514dd2cf9a90f74a8034a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 18881535
x-amz-cf-pop: AMS54-C1
x-amz-server-side-encryption: AES256
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
server: cloudflare
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ynxOKFM96vGeU2CueHCMAyvo1nXyxkiy%2BrP56rox%2FafqYcUPsUHPg7Z%2BFd8SOZyqy6mgH9A%2BF%2BFoi78QL%2B7y9rX7RkjyTSXZW8iEOtEUDh8GjKwstXrRnWerP4k51I3Je%2B%2BzwphwvJeHNRx%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 80311476abe418ef-FRA
x-amz-cf-id: 80P9DCRXhgNYUbpFdLAkfVt6ait_Wxw7_JoDIErEGyewNkz56TBpNw==
expires: Fri, 06 Sep 2024 18:40:24 GMT

GET
H3 200 module_10828758285_updated-blog-cta-banner.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/ 43 B
1 KB 217ms
214ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828758285/1681233594853/module_10828758285_updated-blog-cta-banner.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-request-id: 001WSTDC404HTZAY
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: "5c9c72ede880a71bcb77cbc90d5183e2"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681233594853
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ltjXTsnFD2W5CxxF4UctYebNy2UB5hTD
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 140
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-id-2: M7dDU8ChJ/cadLYeRLvs4pd6Y1yQpdOFc5H+vW7Nw+PzoJgb1JOWwHi807Vuk8211jV6UzI01MU=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 999f5ab6-3f83-4029-b3a6-44284dd13ad3
last-modified: Tue, 11 Apr 2023 17:19:55 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQBo4vC8xKzhNTLZHQPYs00MXZuegqeo%2F60Ubgz4bEOXyAxB1V2oY8LbDdGV6L%2FP7kzEeWXu%2BUlcOxWPRN4Jgddn53MmkltZ5eVFoqGnGCV2e7JR8afGOtQOXDZZOEBydNA83uz7fqD6Ylyd"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-65b9b6b744-bfv6p
access-control-allow-credentials: false
accept-ranges: bytes
cf-ray: 80311476abe618ef-FRA
x-amz-cf-id: DJOaq2a06VAmEwhi5sxt7sHruxf21b6EExlw3YmlTDAyI0ynPI9XBw==

GET
H3 200 module_10828273430_updated-blog-footer.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/ 1022 B
1 KB 160ms
157ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/10828273430/1681233744378/module_10828273430_updated-blog-footer.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 76cd2de9f0213e8c76093c6b346e8118.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: IAD89-P1
x-amz-request-id: JRYM556RAD6VAFKX
x-amz-server-side-encryption: AES256
x-amz-version-id: t.xmjVBLpB.BylnQD5kN_qjPsk0xLKEI
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
content-encoding: br
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
alt-svc: h3=":443"; ma=86400
x-amz-id-2: w8O1jKT37QIeq4rDsWUaHf9Z+Z7R0uB4waapC5LnW78oNNHJSHSCCE0I2ijIV8L6qhD/2mFCpmw=
last-modified: Tue, 11 Apr 2023 17:22:25 GMT
server: cloudflare
etag: W/"0db2aa71f1f3b6937b6f53dfa6ff0be5"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1681233744378
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6S5WL1S1NpMHuUJAKBi8FTSWrekm4m0KORdADlUjx4ZRRngYUB3MuIiwTXsgCU3l3CYtaaHDX0K%2F6n5M6H8Y7QGIXrLScTalAKw7x387eg0LyGBSosHANeFjw%2Fy%2Bzn5Bom3q61G1RJ9y%2FHjk"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 80311476abea18ef-FRA
x-amz-cf-id: siBcoj0y_4_kxCxjXjJYCMgsBKj4GPzNcFSHhgq8KYUtewmnkHwAWA==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20

GET
H2 200 t.js Show response
vidassets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/ 35 KB
11 KB 79ms
28ms Script
application/javascript 18.165.183.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vidassets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/t.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.165.183.67 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-165-183-67.zrh55.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 07 Sep 2023 18:20:01 GMT
via: 1.1 9defe0d67603d45217a1199d0f877384.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH55-P1
age: 1223
x-cache: Hit from cloudfront
last-modified: Mon, 14 Aug 2023 15:13:08 GMT
server: nginx/1.10.3 (Ubuntu)
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
cache-control: public, s-maxage=2700
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Authorization
x-amz-cf-id: 19tIuGE5UaB3txSlI02Dvnjc8k2N5si34YWjp0Eo4_ZuxrFJsVdy2g==

GET
H2 200 js.cookie.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/ 2 KB
1 KB 41ms
18ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.1.4/js.cookie.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 6659412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 767
last-modified: Mon, 04 May 2020 16:11:49 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec5-6c8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H2wSMGoqzXLDNLyZB%2BU2UkAJCgMueJ3d42dKZSntEMlmiS2qs1OSXHaEvTtKZMf4IBPmwnzyRQtqMfM1SE1%2Bt1cFJSDn7NvZMl%2BJ7N8wTIfey1uHMp%2F1ljKgzsEyu3xgWhK7Mamu9yhIUIlbowhm1%2Bzt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 80311476cebc9bf5-FRA
expires: Tue, 27 Aug 2024 18:40:24 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.2.0/css/ 46 KB
11 KB 44ms
23ms Stylesheet
text/css 2606:4700:e0::ac40:660b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: TCWYSJXTXK9NNSVS
age: 1740823
alt-svc: h3=":443"; ma=86400
x-amz-id-2: chZIvGi8ZruEIycp6+3ObywrJ86uFzxC8e4bpX9QVh+AN9wUkofAC86QGHl1au6eyx1vR3PmHHY=
last-modified: Wed, 30 Jun 2021 15:41:36 GMT
server: cloudflare
etag: W/"20a9ce516eaea76da29a23adc43e8998"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1fCfmZe8Al8ec4EJ1AkjYjapcYSJpRJtHlYJqY%2Fxlh5qLBgQLVNjKJo42AJ3G6Uu%2F91yAJkQh3fVyNJX%2BDRX2cyMjgvCrR6T7g0DQ2hrJ9z1DPcJy2WMRIcewPPsNsbXsB5NEZUwePvaoWrjZMOfu7vS"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 80311476ce449b9a-FRA

GET
H2 200 css
fonts.googleapis.com/ 19 KB
1 KB 43ms
19ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3726f6f71175b54abf48e8863b8634461bcbf34831f7c1b0a1d11e2604782b3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Sep 2023 18:40:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Sep 2023 18:40:24 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 84ms
14ms Script
text/javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Play /

Resource Hash

ffaf29f879d07e6eabf1c15bba8c3b72f6a821f615f2da67d0c24b267feeab8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
server: Play
x-li-pop: prod-ltx1-x
x-cdn: AKAM
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
x-li-fabric: prod-ltx1
cache-control: public, max-age=3600
x-li-proto: http/1.1
content-length: 163639
x-li-uuid: AAYEyM/V70El9bVh3n1HRg==
expires: Thu, 7 Sep 2023 19:13:07 GMT

GET
H2 200 layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1693492959105/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 62ms
29ms Stylesheet
text/css 2606:4700::6810:6cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1693492959105/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:6cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-encoding: br
age: 619008
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"94daf62e7e6df83595c6251fb0c7c055"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1693492959707
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: IAD89-C3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 9e383c69-6d37-44b3-9ee0-6615640cd06c
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 155
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9e383c69-6d37-44b3-9ee0-6615640cd06c
last-modified: Thu, 31 Aug 2023 14:42:40 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aGSmreq0y5DzI6YBRygyZB9KvuVWDlYd%2BR3Es1fjIM6d%2BaB77SAGNNg4sq2snGsEIgY0JNYm9DcqIq5pkggWOLnvkPa5irOTpmoMJI4lpSGRMF9jK%2B89D0VsZXiTuHqb02g7rXxbLpltPGlPQUw%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-8dfbb9f7c-q4t87
cf-ray: 80311476d9943837-FRA

GET
H3 200 gradient.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/ 120 KB
20 KB 175ms
173ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 2959f5d118b77b5c8e1e086d4a1147c6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: IAD12-P2
x-amz-request-id: 5M97EVKVHFH1VABX
x-amz-version-id: Np0IHzSsaoWIRo2pA7QSOE6GTgUdVUIS
content-encoding: br
x-cache: Miss from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VbCOC2y8AUmwG1nudHUcDmsTXdsa6UEAlolUGXwi5SPnIirPV6oNcaRX1kPY3KdOO+2n/+N9dXY=
last-modified: Thu, 02 Jan 2020 14:32:40 GMT
server: cloudflare
etag: W/"336dca61498fc7140b09ba03ed7bf73f"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tF1pTZk0DeKrHY6GLNoyT41DrOG19jyZ2ci3pDsdByJMcxWiHcK32lkdpFdhmZihfsdvg1cS%2F5g6RUFKlyguEu2cdfOeWDBY%2Bfi740ZLMxkl3VSnChoCZGfhTpJUVgRikQ2ZYxaKnMni%2BYrY"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 80311476abec18ef-FRA
x-amz-cf-id: ndTS9xOTdndRkGcY_sYfngDoxGA_WpV9zFi1eOnJS2O22pShPEntNw==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 template.min.css
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/ 193 KB
34 KB 99ms
97ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 3154
x-amz-request-id: 60F9AVRJJE9ND492
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
x-evy-trace-listener: listener_https
etag: W/"c532cb73709fa483616feef093f4d595"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1693338323621
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 9e18259ccc98f7a9dcd0fe17b60688c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: V4U7qS8p16YQ5afAoV9tdACdkHL_IvNE
x-amz-cf-pop: IAD66-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: ca5131fd-c530-4dd9-adaa-14e341f70a65
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 198
alt-svc: h3=":443"; ma=86400
x-amz-id-2: hpxIuauoGwwOkdN9XhLxioGTMAeO+vNTn3YNGa1rnEqOi7jIh3uKYlBBEnvHKmYptJ5tFo04cPE=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ca5131fd-c530-4dd9-adaa-14e341f70a65
last-modified: Tue, 29 Aug 2023 19:45:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JRZUqh26Aws8ZJATrh3KNL%2FtIMOaBXRk3Ti5Pk401KqrQpb%2FuA1jFKWEehY7iAYcQ6XoS61tdZcD870hluywxO3isKJt0Y0e9oCPEHkPS3oR4SewRpG0Ki9dY%2FBZ2WwMu9Qo398jOhK04yo"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-xmwnv
access-control-allow-credentials: false
cf-ray: 80311476abed18ef-FRA
x-amz-cf-id: 5Oi-Fv7k0plc1XQHsFsyWOgBXe5CRJna4kEJ1SqkIJ4mpiVy5tsGBA==

GET
H3 200 animate.css
www.avanan.com/hubfs/website/code/css/vendor/ 76 KB
6 KB 102ms
100ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/animate.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: FEFT7XNPBTGSGQGH
content-encoding: br
edge-cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715886,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: DNimaXPyQx0q8PYRQbkCSZdSE0X.bmnJ
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: AyViPbm4BWVANCjkLNjPw4TraTjoOaBJ4MraDQwtCS51e2feNEIAVaRstMl3GWO1UwOib+YVLsE=
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"d96b2083b0acbb11911bb4f068158299"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qyNpbuQ9IvyA6DsfSuKIM5nXe%2FJbgWzxEHP%2BdyTNDoBF8MgcAt79xKW%2BE%2BkFrpOSJM2JXfQEDa%2F29KC0PR8%2FxtSySqvQTs5KOxMGM4TnjUBYpfhdScNI358bC18tK42rP5AldIZX2915svWe"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311476abef18ef-FRA
x-amz-cf-id: qROaH30_LG-EQf_aPxMzmFnlH3ktu40AG_eWVd8_IEc6-Fw_U296Cw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 hs.megamenu.css
www.avanan.com/hubfs/website/code/css/vendor/ 4 KB
2 KB 144ms
141ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/hs.megamenu.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 6f32a39163a1e36ace7a71a85e2d2884.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: RW43DJRNVKR963A3
content-encoding: br
edge-cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715922,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: xY1xlt9wqfq8h7_kClSamJ0VluM_5ZF9
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: jqmxm7nocOScLVAOYg9MgjW5dXr95ABct3lHwLl+PuyJPj6kSKE8adumUFaWwrZFSLKhrVreI0sZr1MRqQRaXT37PcW6kWw9
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"c46d4ef35d114216ae8c0fe4137c84d5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QeTDbXHsyFwJ9BvHt9uDwuUFbRPMWfrnn23Pg9QxPWhH7Sszvf%2F1MChe5HybdW9VrrbS24rWrFQaW9VV6Q4QYP5bQbTNZwownHBemQl3y6lwrXjSgHlFcpaOJf4uZtJ8Z6Hsa%2BF%2Fz8VvgHoO"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311476abf218ef-FRA
x-amz-cf-id: k9lDoxGq1EphLhnpiuOJkDQASagnuWxZ7tPeT59b1cFcXa4FH5VxWg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 dzsparallaxer.css
www.avanan.com/hubfs/website/code/css/vendor/ 19 KB
5 KB 108ms
105ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/dzsparallaxer.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 e0a9984713015b278be44810aa21197a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: CDG53-C1
x-amz-request-id: 87KS737EFVHKDZWK
content-encoding: br
edge-cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-10555715948,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: OQfzSS0e1XiUHyu7fgd1SQC64WCGDBlx
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ALRq43eQUsKUSUU3gb/g1X50IIEH+afFUQMK1RAdS5KScUz5DZOY80oK60JdhKcZWj2+HV0NSZsqvjV4OmF/SbONuv3sOB8pvOikNpCArQM=
last-modified: Tue, 18 Jun 2019 07:24:00 GMT
server: cloudflare
etag: W/"319d193fcbeb97bbd3c83a72ee3dac65"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=biyWqUd58pUXZq6p0PHr16hcht9irtU7D047AMuhOXMcgq8dOXEfAwRvtbspfOg4%2FYCXGgTekN%2BDN2j6Ry4tCrqwHF7TwtgLKxdx79HQjtm7jr18XfN0YZyIeqdV3WLUJV5e3W5hL%2Bvytt%2Fa"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311476abf418ef-FRA
x-amz-cf-id: 8nYHAezylbdzHUOQqgbST7xhVFBSjBj3cYEEePzEyiwCF_61vASlxQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 custombox.min.css
www.avanan.com/hubfs/website/code/css/vendor/ 41 KB
5 KB 90ms
88ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/vendor/custombox.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 8CK5TECQ1M2EW20Y
content-encoding: br
edge-cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
cache-tag: F-12524627747,FD-10555825155,P-1835778,FLS-ALL
x-amz-version-id: 7rgoaYxL_.zq0Q9pSWvug18ufCSiqriy
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: srLDt63nV1aamUMRbMDpR4Slqwz7lAbhfCwgPmk/mb/duegbzale2XduAoapX9sonvAVr8u0NrBJj53b4S6QIeywyMAr3o1CYcKFDeXIEOs=
last-modified: Thu, 29 Aug 2019 14:21:43 GMT
server: cloudflare
etag: W/"3546f0274dff535bcf97625374c1c7cf"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mbhu5XLENcKz2zF3JIdI9mJzKMGugA5G4Qyc0UqtP7iAIBS3yYnmex0gi1SMONkuSBo0%2FJw7kil306o9gzIkjSAcm9ynT7dpx9NbgxRnMWMS66ohQ1YKraQ2hVgDnKttbPwNB7C9%2Bw0vNXJ%2F"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311476ac1818ef-FRA
x-amz-cf-id: KlFuodBAJy20XJ2tDDFvGvE-64I7TLdoGsBEoEMwbxOaWwW1X5w2Yg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 theme.css
www.avanan.com/hubfs/website/code/css/ 393 KB
55 KB 101ms
98ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/theme.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
age: 748129
x-amz-request-id: PGAAGT8M4TRZ2K1R
x-amz-server-side-encryption: AES256
edge-cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: W/"dd24981f95399e7f2d5674114004c268"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1566500436528
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .PPc4ch_dqDLgdSTKOgEMtS97zSOmAVG
x-amz-cf-pop: FRA56-P7
x-cache: RefreshHit from cloudfront
cache-tag: F-12350310726,FD-10555529544,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Y6aX82VM7OOG87BCIzUcB0BAaPVZLX8w28NuBL5QXxIIkQ6NtLGP/NGUfNlq+EQcmYVGmAlDXyE=
last-modified: Fri, 06 Jan 2023 17:30:34 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5e7cu6uo5jl3tVgTLI3im6RzY1zhmFASCejYGl%2Fr8IFgAiqaV%2BLa6F%2Fcuhumz2iewsW8vm7qq2vODCRPHd6%2FQpJ8kIVWE4ApkN1FKnXf54xN3jSlP6R1JlJoxZFBi3EVkulOgP6Cd1lmuFQk"}],"group":"cf-nel","max_age":604800}
cf-ray: 80311476ac1e18ef-FRA
x-amz-cf-id: 7eZDNVFVoc7eBhMxbcOYPI3NgSQe_FGrR7HNLRGXOqFYBaYVt5IM7w==

GET
H3 200 header-slim.css
www.avanan.com/hubfs/website/code/css/components/ 84 KB
10 KB 112ms
110ms Stylesheet
text/css 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/css/components/header-slim.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
age: 511046
x-amz-request-id: RW4BNAT2Z8CE4PHN
x-amz-server-side-encryption: AES256
edge-cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: W/"b144dc1e3369574aa43f95d44261c80b"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1590586777336
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 42YSFG0lTWtnZ.W1lT05OT2Zcvw1os6c
x-amz-cf-pop: FRA56-P7
x-cache: RefreshHit from cloudfront
cache-tag: F-29822257866,FD-10639271059,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6Xt4PN52qx2iJoqWLMp+xd6CiLG7+3gOX9wRqOOGF34776kKs0RzyN2fihVVDlej8u9Ic51BmIw=
last-modified: Fri, 08 Oct 2021 20:18:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7rpMIy5lSh6%2FJ0ePd%2B14JOPiUvne1Jo%2F3ow7scSBVKvPQ8BSzXJi5GnO4DiVM7IOfNjvBCn%2FP9sxAPRRK6ccbg%2F%2Fhlu0M1PMop0yoHo04%2Bop5rNiNDhSSLgwgzsFZ47K6h%2FFGvuC49aS3VTa"}],"group":"cf-nel","max_age":604800}
cf-ray: 80311476ac2418ef-FRA
x-amz-cf-id: R03Puo89pMtdr1j99EFmGTwnSeDIQ-mzI77dZCMjflz38DBRRa8K6Q==

GET
H2 200 css
fonts.googleapis.com/ 5 KB
597 B 48ms
25ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f68519ba7639cdbff92cf7c044bd5455e4c87320689a3f2d4b2418ca4e91cd01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Sep 2023 18:40:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Sep 2023 18:40:24 GMT

GET
H3 200 How-Safe-Are-Your-Emails-featured.png
www.avanan.com/hubfs/website/img/infographics/ 621 KB
622 KB 140ms
132ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/infographics/How-Safe-Are-Your-Emails-featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
age: 494789
x-amz-request-id: NYHZAHYYCHR421K3
x-amz-server-side-encryption: AES256
edge-cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="How-Safe-Are-Your-Emails-featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "c633bdada0f0b6b3a8ed9923b6fb540b"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1628160146967
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 26f61e70ac4b967ea82841cbd2dc7cf0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: .d7FqQt._o1Rnh6A1lokFj0_Ws48Edpl
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=866167
x-cache: RefreshHit from cloudfront
cache-tag: F-52270339845,FD-10949243896,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 635542
x-amz-id-2: QELjzB3fkUZOA6vFJs9GAcS1hxL0QiKzJkWhLAevLHd36Dw1UU7E8mpZ6JXdxbID9TwkKQ0ozcc=
last-modified: Thu, 05 Aug 2021 10:42:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cAKN1FqyVprfJXH6yNrzH%2FSa12IFQzHq%2FsHSosbbGLpRThm6ypLHKx5AJGR64O%2BvymIYUzCe567FKV5bj0V03AvQd%2B8S66afhgVh85GNAec3lFyLef0hN9Su6e6lO7kZ5Fz69msxsb8awyz2"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479981518ef-FRA
x-amz-cf-id: 8U2H6FR1ijqrQ5r1T6dt_F_UzwLyOnUv-KZwU9vkR2spgzZ-XfZ2_Q==

GET
H3 200 av-cp-logo.png
www.avanan.com/hubfs/website/img/nav/ 26 KB
28 KB 124ms
117ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/av-cp-logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
age: 494789
x-amz-request-id: C3M832FN5WFKV50J
x-amz-server-side-encryption: AES256
edge-cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="av-cp-logo.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "54f8e06ea392f631745f18834b4f75fc"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1633720390182
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ihC_xVZudFnTMh6T1X7C3_Yl8xLb15Oa
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=45855
x-cache: RefreshHit from cloudfront
cache-tag: F-57079767617,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 27014
x-amz-id-2: RJCm17ZRRj0hNkvUHjg7e6Dgf+vLnbXImfdgQ7nQx0oLPoi3O6XbYjO+9hefsqSv0vzeOs9GoE0=
last-modified: Fri, 08 Oct 2021 19:13:11 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRunC8fL6OuYgWu%2B5TQNky7BXO53yDyuEFpCDDAh7UR6l9KN%2BBKahNa51HArU0CJEX10ye%2BcAryvKE1KAxxxiExZ0dLHe854Am2uoqvE%2Fzd7bm%2FMSjYP0KbzRnbBUbXUxhcMtPJQtvHW4ZXy"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479981c18ef-FRA
x-amz-cf-id: sHvAuEHvlxa9sI0Yqo_TgPtDvuZxQMSXL-tfX5ADHsdvFFqzutvlWw==

GET
H3 200 documentation.png
www.avanan.com/hubfs/website/img/nav/ 868 B
2 KB 205ms
197ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/documentation.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e94bb9eafa09b4181f7208f1466552561329b27bc870ea785be1fbbeb32661d8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
age: 494789
x-amz-request-id: 8CK0WB0KWGRR0QAH
edge-cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="documentation.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "f4d503cd55e042264b3bbd74f58ac560"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: V87Vzt5MSqkUDoZ5asBko88rN0wJ5iGd
x-amz-cf-pop: FRA56-P7
cf-polished: origFmt=png, origSize=3416
x-cache: RefreshHit from cloudfront
cache-tag: F-21241301263,FD-21136118110,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 868
x-amz-id-2: WWHe9U+NLXnHXupPnDQagELYGIkcPSAqwyKAY8tBHjGC45G0J1nxeJwgYHF+nzJiw4hKsc8UgJQ=
last-modified: Thu, 14 Nov 2019 20:20:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpsOLFSZH0QisKfHavkaKAZ2wr4f4HFlHOy91e3EXzfDCx%2FKwrkqcj5lM4%2FRxmchqP1pIlkMHevJMOJ%2BxZDcjTJfvD1DbIhM2fLJkOYqLWCzxp8K%2Fz28ByE9d3mgidsNTaPXphGEvI01Pce5"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479981e18ef-FRA
x-amz-cf-id: XSFPQKBTur1-QC4bdvKOjZNU4s43v-HrTCeev2byK1KFeRxSKkVjCQ==

GET
H3 200 open-ticket.png
www.avanan.com/hubfs/website/img/nav/ 700 B
2 KB 205ms
198ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/open-ticket.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

03817f3f6505178f6f24ef977ac8cd844ba3427f0353759e41bea905c565020a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
age: 494789
x-amz-request-id: 87CRQRRQZPCS01AZ
edge-cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="open-ticket.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "9034a241fdd02e0d9dc532075852965e"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 0c9cY9eUX.md23IeRyXXqhmeaLhfDOS6
x-amz-cf-pop: FRA56-P7
cf-polished: origFmt=png, origSize=3180
x-cache: RefreshHit from cloudfront
cache-tag: F-21241291417,FD-21136118110,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 700
x-amz-id-2: ZVbLP030oq/n0Ad51or5pXPH2AEdbvrK650TU5+1BZAVTF4pageg2XyVMYhNRRpBjXmGIUPteOVgw+8Y9HlKow==
last-modified: Thu, 14 Nov 2019 20:20:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFwMa9QJ045WqI9ayTLWEl%2B80Bgvsf0I0g5fg6d6TrKbpmMfD6XoYTGlUS4ROA5NMU4jdZraqTII9t0oAFzVkImPD6ixgmZ92SeND4dKhlRRx6T8fvvIqrWUEeAPWuw%2B3Es8cblXZGDzoSBR"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479982118ef-FRA
x-amz-cf-id: bbqR1YOEYpgtOd6H3ytKFYVRaU0WSivA-DaUGi6UQhPrZl6sVfF0Lw==

GET
H3 200 jeremy_fuchs-1.png
www.avanan.com/hubfs/website/img/people/ 1009 KB
1011 KB 207ms
200ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/people/jeremy_fuchs-1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
age: 118134
x-amz-request-id: QA6HBJ4VZJAK40CW
x-amz-server-side-encryption: AES256
edge-cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="jeremy_fuchs-1.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "f708d6febff5bc6d07172bd7465dd726"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 e19aed1f6c91c2644d0ca17ce8be7af2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: nQ.kuHwFXuupsUc1qfCvxdS2PMk7c1js
x-amz-cf-pop: SOF50-P1
cf-polished: origFmt=png, origSize=1632605
x-cache: Miss from cloudfront
cache-tag: F-27817468088,FD-26510702723,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1033412
x-amz-id-2: a7vp5FOdQhF9T8dasHCjwQxh0RyhC/AQBKEIzkJHMHBwng5HJzUPHxBkTOa6k69uqKb1X+p4IX4=
last-modified: Tue, 31 Mar 2020 14:03:42 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sAKdRcLs34PtYtZmLv%2FEsBruhFySM3b19TC0Sn4pdGS0KyMY03YjOuaFq%2F0%2F8nGCXYMQNEDHZrlTkiI%2BiHH8CoN2PcOPzYrsESy7UlMng1IVvvq68KkT%2FX48UtoMohuERC4XzFy6JwDMrkFD"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479982518ef-FRA
x-amz-cf-id: wMUum50F7wOAu1l5dh20uS-cuN1rdiatIR7MaEIxAU1SiQWUDJ3aig==

GET
H3 200 Featured%20Images%20-%202023-03-17T145245.680.png
www.avanan.com/hubfs/ 34 KB
36 KB 963ms
956ms Image
image/png 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/Featured%20Images%20-%202023-03-17T145245.680.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

632aad1aced665736ec2c09c131e25fb0f8f2c8b50edd7eeeec9266d205f75de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-106959300760,P-1835778,FLS-ALL
x-amz-request-id: Z6TJ02ZCSMDMNQ96
x-amz-server-side-encryption: AES256
edge-cache-tag: F-106959300760,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: "8184b39234a017d6f678641fc2737b90"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1679079201823
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
via: 1.1 59e4ad432d462243b40c1447c9691d6a.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FD_.4wqomlSFuIIhZZQPP7rxbu9HnHlf
x-amz-cf-pop: MXP53-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-106959300760,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 35154
x-amz-id-2: FNuyjjXgqL9hfyo+KBrEcLQCGubTlsb41JnHmhhy2U2ISWPU+eD9Vzrde0xLt5E7so+NtqHDcfoUXCkalfMyQw==
last-modified: Fri, 17 Mar 2023 18:53:22 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oOUv9KZSF13af1MhPaQ1z52eHRadYWvI0o8X%2B%2Bgn34oOzOOGWifV3Xgfv8HF5UD64qD2ViT8XUglNR6J4%2B%2FZY2tVha8fhldjO5zu0x7ohoJmy6WcKBtXEo9oaUw880Cv%2FAlKns0tXDj34XIm"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479982918ef-FRA
x-amz-cf-id: iy7D3Wj3mpVZ9wk7s09Jf-J1i3BkJpmzuL2WWVi9NYCCSBG-1Bplfw==

GET
H3 200 Featured%20Images%20-%202023-03-22T155358.792.png
www.avanan.com/hubfs/ 32 KB
33 KB 844ms
837ms Image
image/png 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/Featured%20Images%20-%202023-03-22T155358.792.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb3d44316a4c7bf68ca5d8bef0896c554f5264e57fc49bc7adc3f34636ee53ed

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-107570278950,P-1835778,FLS-ALL
x-amz-request-id: 5ZKFNNHEMVHNQYFD
x-amz-server-side-encryption: AES256
edge-cache-tag: F-107570278950,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
etag: "6c151c92228713bdc2ea5328be6b4d04"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/png
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1679514847342
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
via: 1.1 3cdb446b466c48710dc5fa2be85a7dc0.cloudfront.net (CloudFront)
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: cDB61xf7ybKRCVzSjW2LRtKDaTk5svv9
x-amz-cf-pop: MXP53-P2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-107570278950,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 32311
x-amz-id-2: Nh10tIfzE0bd//DLNq4Ck429rR3sZKGPXfijjsHkfeftxXard9hY1l3pc9wh5krTHKzpyfu0T+A=
last-modified: Wed, 22 Mar 2023 19:54:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2ifSbM6TSu9B4ob6Im2bEKlDz%2F%2F8ooC7E2CQtEXHfbb3339oxbuQRj8qxpL42wRHB%2B7sVV%2Bxq%2FRPPP5r87gWd05SCbup7B5faO7Uqc%2FiDsluFAgkMC%2FRY%2FU5IoYszUGd74NxzdevP6ATy2S%2F"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479982e18ef-FRA
x-amz-cf-id: QEdrei6tgw6RvVTvA-abCO2A-x6IU_lraE1nwOPfldBxLuAHZq6ksw==

GET
H2 200 c953fa87-efa0-494e-9947-98ffe764fcd8.png
no-cache.hubspot.com/cta/default/1835778/ 1 KB
2 KB 193ms
155ms Image
image/png 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1835778/c953fa87-efa0-494e-9947-98ffe764fcd8.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
x-amz-version-id: null
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: R13MN17RT2K7H694
x-amz-server-side-encryption: AES256
content-length: 1111
x-amz-id-2: wMU4C4ZpwvawHz5msjJtiqoGYj0Y9QPGALDKc6NUC+eYJ3q0pf4bvxr85/iiFwlngGf8EWo0ggzB4n9DRmJIwu8PENeja6/jkOcXeNDg/xI=
last-modified: Fri, 24 Jul 2020 18:46:48 GMT
server: cloudflare
etag: "af14e3eef5578014fe49b0f4a662ac5c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nyVXYtiQvQTlHJQ%2B7jvqkOUq1j34CempoxH3rNbfOdBDAXBtVJe%2BaUuEpU24CN58tBNNRGfsgL4U2PCh1IPAcBi40Db%2Fm%2F2pn%2FDjG0IbJpD1%2B%2B8M%2FYe9tygbIjS8UjX%2F4cfbQxjqDiSClW05XKlC0uTk"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 80311479ddbb9201-FRA

GET
H2 200 current.js Show response
js.hscta.net/cta/ 16 KB
7 KB 54ms
18ms Script
application/javascript 2606:4700::6812:d333
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscta.net/cta/current.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d333 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b212b5d5a1ff05906a7bbe45ec1192cb7f8cb096da65573b94eb19e3d853bccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-encoding: br
age: 224
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.202/bundles/current.js&cfRay=80310f030b689be6-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"926f957a3fac01f2a0f14b2b115f7f9a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.202/bundles/current.js
date: Thu, 07 Sep 2023 18:40:24 GMT
x-amz-version-id: 9ig2rWbDeIcnXyn9E_XWedP2hWENxPRc
via: 1.1 1814689e6a53bd70e892d4abd59ed626.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD55-P5
x-hubspot-correlation-id: ffbddca0-da45-436b-a625-4565f2171f94
x-cache: Hit from cloudfront
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
x-evy-trace-route-configuration: listener_https/all
x-request-id: ffbddca0-da45-436b-a625-4565f2171f94
last-modified: Thu, 24 Aug 2023 03:17:03 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-p2dkf
cf-ray: 803114783e879bc8-FRA
x-amz-cf-id: yqqk1M38CxxxjsB3_lw9kbkrH0DKSZDcsYy-aS9_5kS4qWu86hy8Fg==

GET
H2 200 widget.js Show response
www.gartner.com/reviews/public/Widget/js/ 9 KB
3 KB 50ms
9ms Script
application/javascript 13.32.27.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-95.fra56.r.cloudfront.net
Software: Apache / Express
Resource Hash: 8f26365e1bb8c480eccb5eac0477b592ff6057b9bab06e4f62a838cbb631f82e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 06 Sep 2023 23:43:31 GMT
content-encoding: gzip
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 68213
x-powered-by: Express
x-cache: Hit from cloudfront
last-modified: Fri, 25 Aug 2023 09:29:07 GMT
server: Apache
etag: W/"2320-18a2c06a2b8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: VYVecXu2lh0fZZPj3SVKlatNU9Ja4uATzrz48XD0qpQIzdLk6jLZwQ==

GET
H3 200 BECattack.png
www.avanan.com/hubfs/website/img/blog/featured/ 14 KB
16 KB 313ms
307ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/BECattack.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e93bed4a0a68fb13e24d2866e4d24fcac552c62b97fa85d78d2d9cfcf3ba80a4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-54746898189,FD-11279853394,P-1835778,FLS-ALL
age: 81627
x-amz-request-id: FT48PA9J15YCQT62
x-amz-server-side-encryption: AES256
edge-cache-tag: F-54746898189,FD-11279853394,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="BECattack.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "40cf85de19cf86852b73d52528733536"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1631043256152
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 0ff344318780e69ac3266c8bf539c810.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: hOd9JIivMyFgBSYaffRZ4iPK9cmqAyPP
x-amz-cf-pop: DUS51-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=32587
x-cache: RefreshHit from cloudfront
cache-tag: F-54746898189,FD-11279853394,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 14614
x-amz-id-2: y788xHV9cxN14Jlur/JUL9MLscavpTPaXMvBYl8EaROI3XOjvFIUStBPvfN95vyrbn7uAyVGrVY=
last-modified: Tue, 07 Sep 2021 19:34:36 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TBH00unslO8zCKK3ZkcNgvZYIGwoPPWHrgIW%2B1FGwRMJocHXfQ6J165D0qdzOxJwYRDnL0KZxT7VK6I0zV8CCGorb379b0lzKmh5B4g9HO02pzQsot0x3NvoRzdrx6rt6TUY19jcgJ8Fjl%2Bt"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479983118ef-FRA
x-amz-cf-id: lqhnDKnIM-5aoEIu0lRWYrv0CWrx9gH7zgAxnlGZFYExf44En5lTbw==

GET
H3 200 av-cp-logo-wht.png
www.avanan.com/hubfs/website/img/nav/ 26 KB
28 KB 324ms
318ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/nav/av-cp-logo-wht.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
age: 494789
x-amz-request-id: 9EAWWKYGTBCEEXXP
x-amz-server-side-encryption: AES256
edge-cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="av-cp-logo-wht.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "6b25c756c0ec059c8b971ac07c1a44e2"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1634845767354
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 6e5ec1ef7875ec0751cb61200df7f212.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: r2zJbm9CEK3FOJ9Q8VqLC35kT_FW.6aY
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=46170
x-cache: RefreshHit from cloudfront
cache-tag: F-58090235831,FD-21136118110,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
content-length: 27120
x-amz-id-2: TCCEICWIK4lk1xyB3o0xAvsEAGMo+oxfwhrcel1EbtR54Di8UsAEuAbNjPzSwRTm0uNojFybSUE=
last-modified: Thu, 21 Oct 2021 19:49:28 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdXvp6BUvqNLWhbSwlc1jeYuGnynzUFaDj%2FT5QMwGjgi8E0dRL3%2BfnaRGx%2F1g%2B377ci%2FVj3Ef3MZ9Nvr1exyG6Co8vC7SXMIEeksqwjZv4bQfH0KnGKgeObwTWpFlPS%2FjCpruudyv5J%2BEIs9"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479983718ef-FRA
x-amz-cf-id: bG-rRrUB_CYb4geo5DwsFL4WHrEuLuYUtnyls6b8526I6Ikz4Fpy5A==

GET
H3 200 soc-2-cert.png
www.avanan.com/hubfs/website/img/icons/ 27 KB
28 KB 318ms
312ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/icons/soc-2-cert.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

49c8d692cb67ec3cc5b35e839c50c5c9eea05fe3ce82894eb02d22240554a0aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
age: 368864
x-amz-request-id: TQM139CH845KXFPH
edge-cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="soc-2-cert.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "2242d63f47a733e65cdebd6f3be3a08a"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ENN2NKV.l.gZzdTLCJgVyrfErf7Uu3mK
x-amz-cf-pop: FRA56-P7
cf-polished: origFmt=png, origSize=44339
x-cache: RefreshHit from cloudfront
cache-tag: F-24177175536,FD-10543955849,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 27216
x-amz-id-2: x/RSmNciVPkqw2X/jIVAVchFpx6Fqjl0knt3KBOqyFXn/eHPlWzJokNgPqQ9SfL/ofyBP9P7K5M=
last-modified: Wed, 08 Jan 2020 19:24:41 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=53S8nGP4qGSAPXCCBkZwf2sUtx%2FLNXrmTfCg%2BxqRNeeJI8a0qcWS2Lkdzngx4hrylSX5iK17GSJ5Tzs%2B%2BzqhuGKCedc8rK34FxhXkMUPIXKAY0KbliPRW0MNH4TerwQ8UYGjzNC18iGwhMbg"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 80311479983b18ef-FRA
x-amz-cf-id: 4Ul4-rzXhnx1db1UxSyutpvltPKjOLaSh0keE7xXiHHeF2ZWd6bq8g==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 61ms
27ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: DUS51-P2
age: 1916822
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9btZKXsfKc0YfqUFdM%2FbzDeeCjyd3cuSe8Nbz%2Bfwot%2BAPZgsyNCmZID9X%2BbknRlPWp3YweflxV07vZy%2B5MHr63WjBTXh7T64Nq24vgIW0apF2tVJ7hMmrMwDjz3INRg0vIZfhm1CEhdSRg4J8v%2FHwsoELPw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 80311479cd339131-FRA
x-amz-cf-id: YDylR4RA-ioM82E76gpw0GmOvVJnidMJ5Tl6FSfBPrITbWeOk-EgyA==
expires: Fri, 06 Sep 2024 18:40:24 GMT

GET
H3 200 jquery.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/ 142 KB
38 KB 45ms
44ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6476923280/1577975561851/Custom/jacob_redesign/js/jquery.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 0003b3450f3f9fac44312c4622a410c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 3154
x-amz-cf-pop: IAD55-P1
x-amz-request-id: YYS333YC4X05JXGD
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-version-id: ebM6Jbr9unIlIJHsCtn.BkHxdP32W5Tn
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: eeSFDDt6jeJfiuecu5/+PsXOwt0dyC0CxOkh150PQ4LfxfJn6d9e5fWqLF101UIQ+79xQE2VrGE=
last-modified: Thu, 02 Jan 2020 14:32:42 GMT
server: cloudflare
etag: W/"58abfaae2dedf59326b2ea681f828a06"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2F4R0aJy6dI8XcP%2BHcZakGlI%2BnvM%2BS%2BzUWyBoTuDNNEpUVzl%2F%2BrWwwcJlBafh1bQcuYwA9XotQW03LldOSU9dVZatq9ddqv9wmmFor2vzwnkh2jZv47DoctsG59o46eXVrrra39P1m5%2Btt%2FV"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 80311478beb618ef-FRA
x-amz-cf-id: iFI-f-gkbXDqAcyK_VyqvIUzqh23SUJAD7FWnVA57KyHMRRTz51D7A==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 bootstrap.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/ 112 KB
22 KB 43ms
43ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073918834/1577975558617/Custom/jacob_redesign/js/bootstrap.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 5630c5d6ce3870273aaf2ed5fe6c2f14.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 3154
x-amz-cf-pop: IAD89-P1
x-amz-request-id: 2BE8FD0PY9QC3R13
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-version-id: 3IDp6mXhqSOlZQ4n6QKdC4Peyv0EBjJp
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: /TSGPeXSYYCkg8yNnUPYcHaQ9mRiIcELg0aknuKxPH+3cry83R7xOVgdzz/TgLsv8dV26WdHNz/4pc7hialNnpzR3fo8JzYX8v1UYo/1IEQ=
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
etag: W/"d810a38ca2781735a27cba0625a027db"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gJBsQBu0y1pjriXTF1GVtJAEqKsnLtRH%2FfIsoJny1OvXPfNiPRt9qNA7rMLQh3BKAfhOmAK5DbPZR6Iu7pOQr68g4nNbAxGrMvp1I5xGJpCi7Qj1ilPCGlgmkx9IIWGNDiMc2vGqUzmj1rAg"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 803114793f5a18ef-FRA
x-amz-cf-id: yHPka9kwPb54gSfHgqNEhNe02UgJTtaHBWPEekftkNcpBDTvWJFx1g==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 plugins.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/ 508 KB
119 KB 55ms
54ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6084513730/1577975558722/Custom/jacob_redesign/js/plugins.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 a7a1b4c19abc42d237405ce4c4069f10.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 3154
x-amz-cf-pop: IAD89-P1
x-amz-request-id: BMWB0C6MQCT3S33E
content-encoding: br
x-cache: RefreshHit from cloudfront
x-amz-version-id: 7fqlaiSrobvA_myCcLItYFNxElIoA1r6
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 15
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8p3GWT+ZQX74T/SWZlpUwT5sn3VPPEYQY+04RyZSwNkAvFuc6rmniUP+9EM73TPCFXFgkwZ0jAk=
last-modified: Thu, 02 Jan 2020 14:32:39 GMT
server: cloudflare
etag: W/"c612fe430751a00bb8750c6601520596"
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6V6CKBVFgH7ZZqLSnr2Wdi1dWeiegjqt7ygaHxOann%2B2%2BoMesZTVv5YrQtX4RjVeM150JYu1bFS03waZHEaRrppSd1INeLfdbY5X0yPhD6PvVelvUcHx7foYczG1jfW4rO4i%2BX%2FEHyfjOEzH"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials: false
cf-ray: 803114799fd518ef-FRA
x-amz-cf-id: FeAUBhjrYvFK9CSATLtRgx9RBkBBuya46U9SNzN44CvTir1fafkKwQ==
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 15

GET
H3 200 module_11124227288_updated_blog_body.min.js Show response
www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/ 244 B
2 KB 94ms
86ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs-fs/hub/1835778/hub_generated/module_assets/11124227288/1683298027233/module_11124227288_updated_blog_body.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 17
x-amz-request-id: 5KXG5419GGQT2QKZ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: PENDING
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener: listener_https
etag: W/"cf3f93254ba12a90654162233cedfbcf"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1683298027233
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.enforceAclForReadsProd 20
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 e880df37740c4e68e519f8478d14cb88.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2vRBYqYBKn.Un2cVRgM_9kk_TDebYnrs
x-amz-cf-pop: IAD89-P2
x-hs-alternate-content-type: text/plain
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 178
alt-svc: h3=":443"; ma=86400
x-amz-id-2: cMQ/1Zx7sppBCT9eZrriGvfDaWVwNvQWJvGUs5K047AypEXDkosmjZaCfZpD8xew7LxLFDy6RvTVAuswuL0iHzBn3soZzetg3Eo35ID1Bgk=
x-evy-trace-route-configuration: listener_https/all
x-request-id: cfbf595f-7f3a-4b21-910a-f6a7f3a44d5a
last-modified: Fri, 05 May 2023 14:47:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A1G7i1RzA1kK%2F2cGilkNX%2BBOQrZ8n%2FgLX6QxxrMjw8%2BixB3s6HQOwXO%2B3PY%2FaAX1tfdONfc%2Bg8ePPu8HUtBH2T7xc7kRDHm1ThpjjGiMvx6vtziJ3VwHUXfVsffprfDAZPshT9sv1cQ%2FgBYF"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-55b7d448b-rwfnd
access-control-allow-credentials: false
cf-ray: 803114799ff018ef-FRA
x-amz-cf-id: bc3107eairPORVeZHzrE0yuOSfcA5RbLM7zT6hxWxVh-fDq2ZF_ouQ==

GET
H3 200 1835778.js Show response
www.avanan.com/hs/scriptloader/ 2 KB
1 KB 318ms
313ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hs/scriptloader/1835778.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a9a8f3e86740453a17f2bc214fe8aad9a8970d1d9a75cc37e097c67c41e7251

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: a383e7ff-3ca6-442c-86a9-88c1a3c01a3e
content-encoding: br
x-envoy-upstream-service-time: 38
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: a383e7ff-3ca6-442c-86a9-88c1a3c01a3e
last-modified: Thu, 07 Sep 2023 18:27:38 GMT
server: cloudflare
x-trace: 2B00F7958265CBA6C0DDBA8F962B361314E5A99CDC000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-mlzrb
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZZi0LDl3L%2B2tF4CggRpmw8aF4Gq6RCI1DsflgA%2BfTTY0gKKuBE%2FpOQWYgBMSdEmYZ8VWNC%2FnRKLDc9hmgbcCOLUo%2B%2B0KvzEeea72ght9DL2qcFolr5AXpcDcLlAXdUR2o3fNbWPNJ29LYKqK"}],"group":"cf-nel","max_age":604800}
cf-ray: 80311479984118ef-FRA
expires: Thu, 07 Sep 2023 18:41:24 GMT

GET
H2 200 conversion.js Show response
www.googleadservices.com/pagead/ 49 KB
18 KB 131ms
84ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

df3c182101e2a4dd3b429ea2e352a65e3338996fdd8e1498cdb77c57f6674ca0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18402
x-xss-protection: 0
server: cafe
etag: 5036645784307573041
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 07 Sep 2023 18:40:24 GMT

GET
H3 200 popper.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 80 KB
23 KB 105ms
97ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/popper.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 1NR5SM0X986KCBQ6
content-encoding: br
edge-cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-11719670560,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: OME08B.rG6TRAJ7DDfxDoqg2ImFXjByx
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: htY0RzcFajXlSEGyUEJ2ks9po3Os/z9TSJ8T1s8ovfdUyWRYM2dz+Jlekw3/wPqSBXGpYY3iklycXmS2aGdN/wwsvXLEdJ8neAvF/6lQs0w=
last-modified: Tue, 30 Jul 2019 21:08:51 GMT
server: cloudflare
etag: W/"18977fcc54cc90302580895825f739ec"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXYMkUIBKCDX%2F8fn%2FfylOv39iJl3F9l8Tj1Yy1YXuNo%2BFl%2Bvvb2btjaI3trtFEjsz5SalOeiPrApJNv%2BaOqVYHo%2BJDqq5pE5AQZ2%2BULvREQWSbTk6gooVvYF9u9BykO0j1h2hAB50hGZLk6O"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 803114799ff518ef-FRA
x-amz-cf-id: DQ7vnDsRrO8aXYwBD6YvEd2g-3rf9P7B77_9tH7nPFXUj1TWrepbqQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 jquery-migrate.js Show response
www.avanan.com/hubfs/website/code/js/ 17 KB
7 KB 134ms
125ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/jquery-migrate.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 4a0b7683a1d33d6d186965e831f2de96.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 513841
x-amz-cf-pop: FRA56-P7
x-amz-request-id: S8KNWZBA4258A9DG
content-encoding: br
edge-cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
cache-tag: F-10555716746,FD-10555648234,P-1835778,FLS-ALL
x-amz-version-id: O.IWEvWv.S2HIJh2gVb3UjxcZN2zO5t0
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: glbC01FfM7gvh0mSJpJ5LnYJL+TCTPx6MRyA+7jC01X3iauOI9+wCW/sMrOYNMuUoB+7uMrldQ4=
last-modified: Tue, 18 Jun 2019 07:39:43 GMT
server: cloudflare
etag: W/"e16bb3f1cf4b40a9e4de0cf7d4950cb3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sShsCGjHwlwkWc5tE1HWIwkBoM77Rh7GeWyZ3gzj9nak3QK26k3TTV%2Bhe5NSeNJbt69Nq33yGQ%2BzEyYn71pq4uFKZUiisiKPwfQb2JcIvaQyYOUtodgYlNnNRG4%2FQ0unC95pMpgIEUNDOisf"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 803114799ff718ef-FRA
x-amz-cf-id: rjhmNeGlyb2x3I70O-HGOOKp0iXanTPH5HceAXHtU6xNfjtUDPmaCw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 hs.megamenu.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 22 KB
6 KB 135ms
128ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.megamenu.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 d4a6e22bfb276f18612ccc6f7763ed5e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: CDG53-C1
x-amz-request-id: 9DEMC143ZCMJT11D
content-encoding: br
edge-cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10555716444,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: Tr8ZpL3KcSID6jBFr2cCd_jZ2gEqr8QS
x-cache: Miss from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Yxc1Bu7m2iuo9+snpj+CFX06i2gaM6+BlgFV2vDAxrH9nADrK3FnPkjLTgZW1xlCj87C3CtHGMo=
last-modified: Tue, 18 Jun 2019 07:33:15 GMT
server: cloudflare
etag: W/"26676e58c4eb0c77a8d2c99b4bd1ad43"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=opFsW%2B0sQhtfSPjFuKB3GBiPf4c4zXT8Abe37cH%2FqvQDJynygXnrNH7sQP6uT6EZz4QYnGiD7EY7%2FlNUPBXAginfMdWDNqeyL7Z2k9qF1z7B3R%2BgkEbGx1nqWQEaEQLiAZL4w%2FajFFMl5Yv7"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 803114799ff818ef-FRA
x-amz-cf-id: sZIpO3Z9Y_6b-QsCJEAOZ5hA6Yr94hvGjB0Eop8VpO_lJS6C6ckMLw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 custombox.min.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 15 KB
5 KB 125ms
117ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/custombox.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 0QNGZHVME71RVFGG
content-encoding: br
edge-cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524627223,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: Tm64yWHx4y9EpRwZ0oVdBIU91wzQQVgx
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: HvXzR5iTz+Jca+JfuquuEAE7kL7tf7UQeJlZX7hxgBw9aAl2PD7dtCXMDPWC8HyIpl1TKhBGrng=
last-modified: Thu, 29 Aug 2019 14:19:27 GMT
server: cloudflare
etag: W/"a99f3446cf6471542e7b5103c1e0ad26"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2YuTnGb2fDsNPYeftixwoapXrO9xgbrrCUsS%2FWnv3ACQOR9PQ5idr1HWSdgSLsPkPfGb8G0k1Y4YIY2MdKsbTgvqE1Inb8U11P95Mr924510c117ntB0w1QrPLRXWqbn2KBeDnmjqn83i33P"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 803114799ffe18ef-FRA
x-amz-cf-id: pw0d-s2CQrOdNY07HZbmAcBV8loDkeQEGfKXy8dDvNb5FaTelnYopA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 custombox.legacy.min.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 102 KB
36 KB 107ms
99ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/custombox.legacy.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 fde85e7daa13f95cf6b8f5fa09c62ef6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 513841
x-amz-cf-pop: FRA56-P7
x-amz-request-id: TWDFFRJV20198DK3
content-encoding: br
edge-cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524756578,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: CNtvX5bcEOKz8jLqkiPSkGvNd2dpptBk
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: crxROUPqAdpnShgmpspwWw1K+F3UAM3PdNg92/bWX2cRbSfQVtMLwUUfpX0jVqdCSwXFHoTjbec=
last-modified: Thu, 29 Aug 2019 14:19:27 GMT
server: cloudflare
etag: W/"626f9c989ad909171b9c7e56dccfadd0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jkt%2Fv%2F5E73eN7svCKv3pyTLPnyP7%2Br2S7Exl2Dv%2BaXYB8u4%2BOvQ%2B3srApWGTGGwuDbcekB5dzvKRJL7A1m4I%2FAoAhWd2HOIwpPY99cwKJVbNno3W7%2FlRAbyWJFxTD%2BWvZyHJdV2TIfDDyps"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311479980118ef-FRA
x-amz-cf-id: VAiY2rQmAZ6yqw5hppuhTUJT6eX6OSXlPVP94w2d7lFSxE_z_lTYHA==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 hs.core.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 4 KB
2 KB 106ms
98ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.core.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 513841
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 8CK0JS2Q7SB28Y6E
content-encoding: br
edge-cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10555648509,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: t39fon58.c8wnVn0KiTmU6Cnt0f.z3k5
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: TZ6inL4EEcl48vd7RapPM2AIGc0actfObweVqXy892g/iUWFOTyYJxn0BYuFM7sVXTwVR3gE2TI=
last-modified: Tue, 18 Jun 2019 07:35:47 GMT
server: cloudflare
etag: W/"ad96a1d08e41474de9b172376ad8f2a6"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMLACNa8un0Q0dnxmpbjOmEgi3JZDm4WS0C8JrSzDCMcY7lXs8o%2BQVLOm0QGYVLsGyIEc8lh5udg9ilvM7cT4OJKF7BfO8ntoOASKOMQxgtluvRQujF0z%2F%2BUC97GkcxiYRrBlM1kCbnE5tsa"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311479980518ef-FRA
x-amz-cf-id: xhMFQEpphY_p1i-dRiRsZrJ_kBsktEJ8VGWet9EQVJmlLXWgOG9sOg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 hs.header.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 45 KB
6 KB 105ms
97ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.header.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: C5AK4SPMRZES4NK7
content-encoding: br
edge-cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-10658801982,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: sLoBYokxi8ZRjPnVZWHiocCdDukS9g6O
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: VXum915p0XK2DtEPrxMqWRzCb7ClgfQsqynY185ilqbXXcpssIx+T3rPS5Q+I60PzP4d94Irn7U=
last-modified: Fri, 21 Jun 2019 15:22:17 GMT
server: cloudflare
etag: W/"da8e6062fc6df06d66405f3894ac0090"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dWcroF6kfUinAeGul%2FAQvOH8oeq%2F%2B3VPCAlZTL7CvNAAaeVjJix4gVwbcGbrDX3ACb57uYG4T8SidJ5wBrcxhU8mbMSJucFtMXOSKQ8SGEHr8VrNxKFveYvOvwnYtrc%2BCFrFDWtYqKg3x8Sw"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311479980818ef-FRA
x-amz-cf-id: T4nbgU8WY144Yn8qz7HAONdhpvj-k282rm9iXbQj4dssBe5z6HSsew==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 hs.unfold.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 16 KB
4 KB 139ms
131ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.unfold.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: W3F8TWPW7MAD756H
content-encoding: br
edge-cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12349469375,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: jtHI_y0b8Eo2FGwKdP6LEhiHSwPKnVW3
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vhpBRQ8AbIL6abwirbI8IOfr8zVTFdOv4vbvazRuHEqb90szyPNtFOJxKkgVsk1gf9EkOzw3PJ4=
last-modified: Thu, 22 Aug 2019 18:14:11 GMT
server: cloudflare
etag: W/"cd7294af40bf5e701ac6f8cca4a7ebcc"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m92IW8oCU6IydJwU9wTeXei%2FJH2tHBajOuTwMJH%2FxtvNmUlzE0GuhRBe70g8PUbozblk3yp7gadIQrdujRyp7blKGHvPm7NC2Z%2B8rqRL1cOJ17K3QEmO4a4rcFlI2tZP%2Fqv9Meydh1pv60Lz"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311479980c18ef-FRA
x-amz-cf-id: F_FYo_ifnla26WzNzIkD5WImFti-roxJhzOfZCkv4iCWo0fsnEezwQ==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 hs.slick-carousel.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 13 KB
4 KB 139ms
131ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.slick-carousel.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 6be461c5a9399007c1540eee90371674.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 8MY42V9X1KBF5WB3
content-encoding: br
edge-cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12709649959,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: 47mSAiAgQ_ZLSqVaPMk.x.DaEXQJE5Q1
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: OquJHW5dJj/j+fuG+Yg4MO6kjOWEVMhGX6OXN+yLSYkTYSD+EFam0E+kKua1llSmEDo7IaS/lkWNniWtPt3swQ==
last-modified: Thu, 05 Sep 2019 14:38:09 GMT
server: cloudflare
etag: W/"333f5cba208ba8133a37ded8fbd1d4df"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ju9wJpBoGrjwqBZW5RmUBEjmrRZKSXGxxDO6KqE%2FvKh%2Bz9xYYYjqTIqAMXMSwW76mNfH60LgFqTwEdUaynixl0mgxq%2FceN8XG%2Be%2Ft0Aq0RwI1ohAc6w39SM4eDf9K8p3218HZpZaJxnpnr8e"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311479980d18ef-FRA
x-amz-cf-id: ManAmlUpoqcuWizfXt4ER2P2K2Nj_rXzCguCPuZNxng9VJpR_Z5LBw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H3 200 hs.modal-window.js Show response
www.avanan.com/hubfs/website/code/js/vendor/ 9 KB
3 KB 139ms
132ms Script
application/javascript 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/hubfs/website/code/js/vendor/hs.modal-window.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6713fb9ddf25585f97a9c877f75edbb8b2c0d0691c1402fe85c145a9098527d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 6f32a39163a1e36ace7a71a85e2d2884.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 511046
x-amz-cf-pop: FRA56-P7
x-amz-request-id: C5ARNHV8FX3Y46R2
content-encoding: br
edge-cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
cache-tag: F-12524633360,FD-10555825718,P-1835778,FLS-ALL
x-amz-version-id: 37fiNFmrqmELkFKd5Hej0YGO_cs4_PVG
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: GNIzqkzyFG3FU+owBDI9IsrvYRA3KSMFpNl6sSSwTT56ECTIfP7gI3XEHfSm1Xi5H7c/q5NP4es=
last-modified: Thu, 29 Aug 2019 14:15:34 GMT
server: cloudflare
etag: W/"e835fc393be7df8bc21680227886c2a8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cc%2F5WgLKAx2z%2BFFW7YfsTvsNM3nTlUmkBFZ3cSDSn9IcGrK84lUQLe%2BCBgX7WzDeDo5IUIcZmXuf%2FIKzcWUOL90wQXHCoEVJ2Zb0kb8UQpgOAxYup0hpEJXie2PP3fTvwAilHcszONP112Ux"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311479981118ef-FRA
x-amz-cf-id: SewEHZJWw0id6rcnVfRVZsan4azzqKVVUO81pUH0NRziJyrCHl1R6Q==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 404 KB
113 KB 104ms
69ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5JCRGP

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d104c35a05df833e9b49faf673a2039519b2f37affedf10add51ad892afa42c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 115344
x-xss-protection: 0
last-modified: Thu, 07 Sep 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 07 Sep 2023 18:40:24 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 278 KB
93 KB 77ms
42ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0f563d722f2e5aa3b7f252428b1364049e627900f77b8fd65c4e99bfd786ae25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94980
x-xss-protection: 0
last-modified: Thu, 07 Sep 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 07 Sep 2023 18:40:24 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
265 B 528ms
30ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=id17evj&ttd_tpi=1&ttd_puid=f3f76756-1d1f-4392-b34d-e3ac799fbf5d|f4ad51fd-cd6a-4e10-92c0-a1fb912d0bfc
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 t.gif
wec-assets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/ 43 B
304 B 75ms
24ms Image
image/gif 18.66.26.40
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wec-assets.terminus.services/f3f76756-1d1f-4392-b34d-e3ac799fbf5d/t.gif?d=f4ad51fd-cd6a-4e10-92c0-a1fb912d0bfc&s=14ea46d5-e549-41b8-85a4-a86a01e68755&p=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&cb=1694112024519&t=The%20Microsoft%20Reply%20Attack&r=&e=page_viewed&u=9af9401e-86ad-4590-9858-f0d22141467d-1694112024519

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.26.40 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-26-40.vie50.r.cloudfront.net

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:34:30 GMT
strict-transport-security: max-age=31536000
via: 1.1 9127bf22c332a88edd7d5939b5870d1e.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-P1
age: 354
x-cache: Hit from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: hPJ7wUHUQwpyqkWYBQs-YHHuCPcbaaZGvYdd3eh--bP8q_h8fcHADw==

GET
H2 200 6si.min.js Show response
j.6sc.co/ 51 KB
15 KB 45ms
10ms Script
application/javascript 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 24 Aug 2023 22:29:49 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "64e7d9dd-cc38"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, no-cache, proxy-revalidate
accept-ranges: bytes
content-length: 14993
expires: Thu, 07 Sep 2023 18:40:24 GMT

GET
H2 200 css
fonts.googleapis.com/ 4 KB
729 B 20ms
18ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto|Montserrat

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aaf9f27511743021075704cc1a18cd238c71531377f310c4170db754d42d7fa3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/5097885803/1577975559034/Custom/system/default/gradient.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Sep 2023 18:40:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Sep 2023 18:40:24 GMT

GET
H3 200 close.svg
www.avanan.com/hubfs/jacob_redesign/page_icons/ 513 B
1 KB 291ms
290ms Image
image/svg+xml 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/jacob_redesign/page_icons/close.svg

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

24a3a9ccca4cde6a90f28a96467b83fcc8e8b02ae532b85c46d45514e98c9dc9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/hs-fs/hub/1835778/hub_generated/template_assets/6073351973/1693338321987/Custom/jacob_redesign/css/template.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=31536000
via: 1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
content-security-policy: upgrade-insecure-requests
age: 495994
x-amz-cf-pop: FRA56-P7
x-amz-request-id: QJW2CAW3ZF0S4EY1
content-encoding: br
edge-cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
cache-tag: F-6129363300,FD-6106722142,P-1835778,FLS-ALL
x-amz-version-id: aGBLOARAtDK9aU8eL5GIguuA_ii6l6Ic
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
alt-svc: h3=":443"; ma=86400
x-amz-id-2: xbyw/Ap4DBiE/conh0FSZDzbE77OQnTbNpuecFZVx+DwncPZHNvKohbAG3rIFD4RTwb5M6tpbxY=
last-modified: Wed, 14 Aug 2019 14:58:10 GMT
server: cloudflare
etag: W/"cad7540d366ad86e66ac89079055b4b9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2B9xjFRsHMYstwLT602wNZPdJVKHb2P%2Fd%2FAhQjb5aR3EM7dV1Mm3bJp4U%2Bj9xdyNWtZdK%2BB4Ht35g8ttUyFl98M1lt5lcTl0CrD4RX%2F0UzSIYkGJZsKTwH3PxYGlylxRjzvO2jZR9sP6GHMQ"}],"group":"cf-nel","max_age":604800}
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
cf-ray: 80311479c89118ef-FRA
x-amz-cf-id: ByXWKrs_5cYkp_q9AIpwZyqM8xBHiHelWh60Ggbef1zymKtLyxdX7Q==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 61 KB
62 KB 24ms
22ms Font
font/woff2 2606:4700:e0::ac40:660b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2FXS9BXE59KTHM2S
age: 1399727
alt-svc: h3=":443"; ma=86400
content-length: 62472
x-amz-id-2: y0aVhYzhNvl7FC6tTsJOSQP3cuOB6jJ7i5eYjPy9MuLK77hpoaUzgFe/D/Orh+zwZdS3OelEfGg=
last-modified: Wed, 30 Jun 2021 15:41:55 GMT
server: cloudflare
etag: "b75b4bfe0d58faeced5006c785eaae23"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gp%2FegxBbL4%2BlYh5TBNn7DWxCqsYDnCiwRHeH0T09cPlGus6fJ3jO3D39scMeq6mj5lp5PnmoYw2Nel5a%2F83Js9KB6NSASxFquBsD8jXJiQBmzkfNuQLlQASSh7DbG8WNTEcKyCA%2FwDkyQGTAojr4B%2BCN"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 80311479cbfd9b9a-FRA

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 68ms
32ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 07:15:26 GMT
x-content-type-options: nosniff
age: 473098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7748
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 07:15:26 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 67ms
31ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 04:53:10 GMT
x-content-type-options: nosniff
age: 568034
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Aug 2024 04:53:10 GMT

GET
H2 200 u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2
fonts.gstatic.com/s/cabin/v26/ 25 KB
26 KB 47ms
12ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v26/u-4i0qWljRw-PfU81xCKCpdpbgZJl6Xvqdns.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Cabin:400,500,600,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

979caf94add5b00ec59d8abde43d200523745c2f4b105c2906f4d9dda4afaeec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 06:03:03 GMT
x-content-type-options: nosniff
age: 477441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26100
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 18:41:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 06:03:03 GMT

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 55ms
19ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 07:35:17 GMT
x-content-type-options: nosniff
age: 558307
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8000
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 31 Aug 2024 07:35:17 GMT

GET
H2 200 Y3Xha8Lh4KbwT09JKuaSiLrM_9s3PtLTO7qVZ6tvG9Gh6Rn0717530VC6IZjkAWZeAVMAiwPTiOvY6PrApUghlzaigLdOofqmSdNk1P10-GVTkFeKum3Ry4PN-kPWSXZyKVbo15AdZRfochIWS6ttM8
lh3.googleusercontent.com/ 132 KB
132 KB 952ms
511ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh3.googleusercontent.com/Y3Xha8Lh4KbwT09JKuaSiLrM_9s3PtLTO7qVZ6tvG9Gh6Rn0717530VC6IZjkAWZeAVMAiwPTiOvY6PrApUghlzaigLdOofqmSdNk1P10-GVTkFeKum3Ry4PN-kPWSXZyKVbo15AdZRfochIWS6ttM8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2625d7bbfa42707e54c3acce1ea1ac20354f6b39f9ca0926a1d1ccc75557c921

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pasted image 0.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135040
x-xss-protection: 0
expires: Fri, 08 Sep 2023 18:40:25 GMT

GET
H2 200 FLr5FKGnX1dMCKianebcc8R8N3vSBhei7SHKrTWTbsJaDJDIN0TZHLC6j5_VPnSYOwRRnqgVz8uoKHVQ7vKDlVIBqiCOJ0EgsuCKcR9G8z1os2HDD2Iu6LqmSuceMxn3yeftZpIOe_gYQ_1fG6Idzfg
lh5.googleusercontent.com/ 43 KB
44 KB 896ms
455ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/FLr5FKGnX1dMCKianebcc8R8N3vSBhei7SHKrTWTbsJaDJDIN0TZHLC6j5_VPnSYOwRRnqgVz8uoKHVQ7vKDlVIBqiCOJ0EgsuCKcR9G8z1os2HDD2Iu6LqmSuceMxn3yeftZpIOe_gYQ_1fG6Idzfg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

defe8bdd321daa5f879a3ce5ae929266c7f8c79b87539e2bf148291f7a5fb5f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="pasted image 0.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44291
x-xss-protection: 0
expires: Fri, 08 Sep 2023 18:40:25 GMT

GET
H2 200 lftracker_v1_OKM7ZEDV9rXg2zo4.js Show response
lftracker.leadfeeder.com/ 31 KB
11 KB 587ms
146ms Script
application/javascript 108.138.17.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://lftracker.leadfeeder.com/lftracker_v1_OKM7ZEDV9rXg2zo4.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-51.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ce8b6777d90b50ec4183fac7c948902229a7b8427e2e63008c52e769ec0c2d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: Aomj2qHwPfuGYeXkmwsAv3exFL2c._FT
content-encoding: gzip
via: 1.1 57ba1933a852bdb178dbe4a1e2e3a5fa.cloudfront.net (CloudFront)
date: Thu, 07 Sep 2023 18:40:26 GMT
last-modified: Fri, 01 Sep 2023 07:02:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P7
x-amz-server-side-encryption: AES256
etag: W/"d87766f57a5bea189c787c89be51fb5c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: Xz4VsXt1i7-X3cNQ9sRJssUs-4KywYpFNqIDkMdHDo9EeSxkjrFGGg==

GET
H2 200 purify.min.js Show response
cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/ 21 KB
8 KB 26ms
19ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.4.3/purify.min.js

Requested by

Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 10272188
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 7628
last-modified: Fri, 06 Jan 2023 14:33:26 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63b83136-1dcc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xhi%2BgvxmNXzkSyibiiGP9wPIFl%2Fkn1qeOOqiCY47tNmOwo4nvmRsnGKMjnilvKFS0cwKV%2B%2Fu7b3sbx%2B1%2BAPgavLkTPQv5tbGFFYkadEl3WRuN%2BfxtE6FR55X%2B22Z1pLdKRcX3rR3uSWnVSL9eRHUM5ph"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8031147a0bdd9bf5-FRA
expires: Tue, 27 Aug 2024 18:40:24 GMT

GET
H2 200 widget.css
www.gartner.com/reviews/public/Widget/css/ 155 KB
112 KB 96ms
88ms Stylesheet
text/css 13.32.27.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-95.fra56.r.cloudfront.net
Software: Apache / Express
Resource Hash: fd70a63872a411b5f43dc2b9c9a0ee83fa6ccc53d8d120c9fd166270ef4d3265

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 08:12:25 GMT
content-encoding: gzip
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
last-modified: Fri, 25 Aug 2023 09:29:09 GMT
server: Apache
x-amz-cf-pop: FRA56-C2
age: 37679
x-powered-by: Express
etag: W/"26c19-18a2c06aa88"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: iQkqNi8cvEanBAqLLF3rlFKOIYCAtK_7jUO5dv5TD_PrRDw6hXr7ag==

GET
H2 200 data Show response
www.gartner.com/reviews/public/Widget/ Frame 781A 34 KB
14 KB 131ms
126ms Document
text/html 13.32.27.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/widget.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-95.fra56.r.cloudfront.net
Software: Apache / Express
Resource Hash: 2a2a9187164b6d552fab986d9e1750fbfbced3a8dbdd0998b8bde5f03d2a9b1d

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 07 Sep 2023 18:40:24 GMT
etag: W/"57f-sr923y4RyJqqcTbg3QoemUgdIRE:dtagent1024322060615355013ZP:dtagent1024322060615355013ZP"
server: Apache
server-timing: dtSInfo;desc="0", dtRpid;desc="-404434457"
vary: Accept-Encoding
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
x-amz-cf-id: h04794-HZjf4yxv92VxgXokv4lqOE4jMkocqWGl5lXeANbWWMCd-dA==
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
x-oneagent-js-injection: true
x-powered-by: Express
x-ruxit-js-agent: true

GET
H3 200 fa-brands-400.woff2
use.fontawesome.com/releases/v5.2.0/webfonts/ 63 KB
63 KB 38ms
31ms Font
font/woff2 2606:4700:e0::ac40:660b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.2.0/webfonts/fa-brands-400.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e0::ac40:660b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589

Request headers

Referer: https://use.fontawesome.com/releases/v5.2.0/css/all.css
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:24 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 4GNM75HR10H95SBQ
age: 503908
alt-svc: h3=":443"; ma=86400
content-length: 64144
x-amz-id-2: q6EAYxPwxcK2lhWbLLNjgkLP7rjuD6sZnPE9qVdV7I4hgYnTJDJFvsyJX7liRbgF0F7rOB67SPA=
last-modified: Wed, 30 Jun 2021 15:41:55 GMT
server: cloudflare
etag: "6814d0e8136d34e313623eb7129d538e"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6rHaMfOt0Wmpi%2FUXCa7aPGRg0BwEbrtqHCngi3%2BhR5NfLpy%2BgKiaBoyVcWmcWQbJv04UxVlldZJRB25%2Fpv6KUFrJS7cqkLdZwqEVJvRpYUaiZwa6%2FTwc%2F83Ef2zjNraKe4oI5Td34VaW%2BWmZhg0J%2FkXF"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 8031147a38502c7d-FRA

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 31ms
24ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 02 Sep 2023 07:52:07 GMT
x-content-type-options: nosniff
age: 470897
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7840
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 01 Sep 2024 07:52:07 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 17ms
10ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900idisplay=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 00:08:32 GMT
x-content-type-options: nosniff
age: 66712
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7816
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Sep 2024 00:08:32 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v25/ 12 KB
13 KB 24ms
23ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto|Montserrat

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Tue, 05 Sep 2023 17:40:01 GMT
x-content-type-options: nosniff
age: 176423
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12708
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:55:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Sep 2024 17:40:01 GMT

GET
H2 200 4393.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 439ms
133ms Script
text/javascript 2606:4700:4400::6812:2b1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/4393.js?p=https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation&e=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2b1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: eafe3212-2b11-4355-88f5-2b1f96c2a74b
x-runtime: 0.003137
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 8031147cbac99072-FRA

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/ 4 KB
2 KB 356ms
55ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/?random=1694112024772&cv=9&fst=1694112024772&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&tiba=The%20Microsoft%20Reply%20Attack&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

20c30ac80765fbc37612100986c60b24fce135da756392f1d4ea8ed8e87c9653

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1628
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 308ms
8ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

db4bbc0b1eaef2f9cf6900231ac3553694431a1c5dc96aa52ced713702af63bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 07 Sep 2023 18:40:25 GMT
content-md5: koaBJkGKIrn3aTlxT4to7Q==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1683
x-fb-debug: Ucobqi+wwuPnft9Zh2ZFkXmZBNwU7Bx4kDonQilQBudnqyHW9i5y5NEtJpllLRoWfZEr+2Cv+asOoH/cMrOi6Q==
x-fb-content-md5: e0a83fe671658dd9ac8a019a2a1daa2f
cross-origin-opener-policy: same-origin-allow-popups
etag: "ce0d8e6b58e3d4912e611c2ccdabd667"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 07 Sep 2023 18:55:10 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 313ms
13ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B94) /
Resource Hash: 392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Thu, 07 Sep 2023 18:40:25 GMT
Content-Encoding: gzip
Age: 697
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27630
Last-Modified: Tue, 24 Jan 2023 21:41:51 GMT
Server: ECS (amb/6B94)
Etag: "9e99725b7a4cd730a934afba2a438bb5+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800
Vary: Accept-Encoding

GET
H2 200 optimize.js Show response
www.google-analytics.com/gtm/ 124 KB
48 KB 255ms
20ms Script
application/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/optimize.js?id=GTM-P5GTK6B

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f5647dca4c2f49ae6d4a8e8a506ecf358b734722e0a09882765a3c1f319d6b62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49017
x-xss-protection: 0
last-modified: Thu, 07 Sep 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 07 Sep 2023 18:40:25 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 238ms
6ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 07 Sep 2023 17:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 3042
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 07 Sep 2023 19:49:43 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 236ms
7ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230123-FRA

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 12 KB
4 KB 56ms
20ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 05 Sep 2023 13:41:52 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=51259
accept-ranges: bytes
content-length: 3822

GET
H2 200 bat.js Show response
bat.bing.com/ 44 KB
13 KB 68ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 07 Sep 2023 18:40:24 GMT
last-modified: Wed, 06 Sep 2023 22:41:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FBE7F5E8248B48A491F0E4243014C456 Ref B: FRAEDGE1418 Ref C: 2023-09-07T18:40:25Z
etag: "09cc4613e1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12981

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/ 3 KB
2 KB 60ms
59ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/881234066/?random=1694112024851&cv=11&fst=1694112024851&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&hn=www.googleadservices.com&frm=0&tiba=The%20Microsoft%20Reply%20Attack&auid=1734974206.1694112025&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee4d7e4894f360c363b3b00ee896d554b24ce5054a7f4d2d3de8f866455b2ff6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1545
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 hotjar-2523353.js Show response
static.hotjar.com/c/ 10 KB
4 KB 60ms
43ms Script
application/javascript 18.66.97.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2523353.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.10 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-10.fra56.r.cloudfront.net

Software

Resource Hash

0bf7d79eb12ffb1d45c9a6e95ca5243776ad8ce3d674b9e9bf1f301ec4e8bc3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Thu, 07 Sep 2023 18:40:25 GMT
via: 1.1 993c0866e705e48daa4fed5e30627712.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
etag: W/6340e016e3633b2e9d9984ada6096267
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: bwUlB0OzXfjehq4Qr1QdPqqEib9gfaFpU_xouJScHKGSIm3w3rfN7w==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 193 KB
51 KB 9ms
8ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 07 Sep 2023 18:40:25 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 52127
x-xss-protection: 0
pragma: public
x-fb-debug: Zbn8xsQrtrwWf0OruDvivjRltHs80MqWaDImOQ3EDtmsTJP79r0Dl6fmM2WNDw3iKEsZ/FdDkMFk2QKCws28Ug==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 w.js Show response
d10lpsik1i8c69.cloudfront.net/ 5 KB
3 KB 48ms
15ms Script
application/javascript 143.204.214.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8hhs2jsPW1W4XqMC9783Gk-N2-36Rys_mZBVLg3XP40by_MW1FkrfX5vsjfxW254SJJ3s3bFmW5SCRY26J_dczN1Z9CpF3h5DsVZLNGQ6cxP-7N24-qJv8G6tPW77qcvN54yBcJW8GNJhM95LsWhW3tK9Zh4LFr3tW3HFpDX8vh0Q5W7KGn9k91b67TW5ngkb63D-_SRW9lZ0-H7wdrtkW737_v28yR6yLW1LDy3S6xbsHzW7_Xj-n7gLGRHf5DMxRs04
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-30.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 17:55:12 GMT
content-encoding: gzip
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:48 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 2714
etag: W/"dc0bbcecf2e632d9beb92f4d88b21c2b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: WXMPTiU_5-b7RC8GELLxUf__E2s7JbH0clkcor-HIQmawMrFxCsPyw==

GET
H2 200 px.js Show response
px.spiceworks.com/ 21 KB
7 KB 144ms
90ms Script
text/javascript 45.60.13.212
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://px.spiceworks.com/px.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.13.212 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: a405625d3620d1ef8d74c8bdfae7a609a563854125a2e4d306b9b33083a50c7c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-iinfo: 2-26716201-26716205 NNYN CT(26 27 0) RT(1694112024406 20) q(0 0 0 0) r(1 1) U24
date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: gzip
x-incap-sess-cookie-hdr: uaGOBS+XiwpsmuzUJkJwBxgZ+mQAAAAAZSUQ7d3yvcHZRqwl4JvhMw==
x-cdn: Imperva
content-type: text/javascript

GET
H2 200 tracker Show response
www.influ2.com/ 7 KB
3 KB 204ms
136ms Script
application/javascript 34.107.254.219
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.influ2.com/tracker?clid=94f01642-c25e-4c39-b6b1-8eb7959ff1af

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MQZBTTX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.254.219 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

219.254.107.34.bc.googleusercontent.com

Software

Resource Hash

ef966526d7edeb1ea065257d4ca023492f2918cc7b7202aebec430e54dbad2ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 google
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 87ms
46ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8hhs2jsPW1W4XqMC9783Gk-N2-36Rys_mZBVLg3XP40by_MW1FkrfX5vsjfxW254SJJ3s3bFmW5SCRY26J_dczN1Z9CpF3h5DsVZLNGQ6cxP-7N24-qJv8G6tPW77qcvN54yBcJW8GNJhM95LsWhW3tK9Zh4LFr3tW3HFpDX8vh0Q5W7KGn9k91b67TW5ngkb63D-_SRW9lZ0-H7wdrtkW737_v28yR6yLW1LDy3S6xbsHzW7_Xj-n7gLGRHf5DMxRs04
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 5178
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 8031147d5f3692c5-FRA
expires: Thu, 07 Sep 2023 19:00:25 GMT

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
422 B 173ms
169ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=1835778&callback=jsonpHandler

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 18b9ec20-b972-41e0-842d-7ed098658d55
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8031147d29c39201&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 18b9ec20-b972-41e0-842d-7ed098658d55
server: cloudflare
x-trace: 2B585EBD3484D380D1A0A136C972D349AE05D7D622000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-2zr9h
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 8031147d29c39201-FRA

GET
H3 200 postlisting Show response
www.avanan.com/_hcms/ 2 KB
1 KB 234ms
234ms XHR
application/json 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/_hcms/postlisting?blogId=4153530738&maxLinks=6&listingType=recent&orderByViews=false&hs-expires=1725599845&hs-version=2&hs-signature=AJ2IBuG_5WNLnDfFC9oMSCrYu7tIkCO_ow&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ef87b393990b7acbdf286fec1e11e7fb30ea15311c6756cbdf46249f0bad21d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7f718b00-9301-49b8-a8a4-d4dd91ec234d
content-encoding: br
x-envoy-upstream-service-time: 24
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7f718b00-9301-49b8-a8a4-d4dd91ec234d
last-modified: Thu, 07 Sep 2023 18:40:25 GMT
server: cloudflare
x-trace: 2BD01F93792ECB3061E1B73ACB9176A99CB3D819A8000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=my2Pb1I35nA4kHqsOZKx1nudHkoO4NUchoal6tztRLpNtZG%2Fbnt7zF0fnB4r%2FxSNYGhwLlQpg5WtfXpYKSgRc2NzkVeUQJf3Z08tNQ3rmk6LGaTlahN%2Fmak9qWhKHk4l6FkEVqsQAG7mlogK"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-20-29-td/envoy-proxy-6cbd47db68-h2vr6
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 8031147bab5d18ef-FRA
x-robots-tag: none

GET
H3 200 postlisting Show response
www.avanan.com/_hcms/ 3 KB
2 KB 191ms
190ms XHR
application/json 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.avanan.com/_hcms/postlisting?blogId=4153530738&maxLinks=6&listingType=popular_all_time&orderByViews=true&hs-expires=1725599845&hs-version=2&hs-signature=AJ2IBuE78BBPEjEyUDmF-w-iIQ1EyEguPA&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

cee4c88acf7c3c3dcccb399551a63adc05cbbc91644ff64b5086136c7c0776ff

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 850ab1aa-ec48-4fca-a4ff-b4068c5129ec
content-encoding: br
x-envoy-upstream-service-time: 34
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 850ab1aa-ec48-4fca-a4ff-b4068c5129ec
last-modified: Thu, 07 Sep 2023 18:40:25 GMT
server: cloudflare
x-trace: 2BDBB0391E58DEE6A5988BF2262AA79FF2AFF1429E000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BIw%2BQHZT0IQERzZR6E8D9puyVwOamLIOXYo%2FW5HQRoxYGxsPnb1X3bm7fnPdVda%2FB5q4vKBW2gZ0mC6IgaaaBPCYlffEKIjFrtK2TOoIQ7QrVBIwszScUfH1PePuHJQeRmq%2BnEPA5fMLQaWZ"}],"group":"cf-nel","max_age":604800}
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/cms-20-29-td/envoy-proxy-6cbd47db68-qzmcr
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
cf-ray: 8031147bab5e18ef-FRA
x-robots-tag: none

GET
H/1.1 200
OK tbw_analytics_v1.0.js Show response
d26x5ounzdjojj.cloudfront.net/tbw/ 12 KB
12 KB 43ms
8ms Script
application/javascript 13.224.194.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d26x5ounzdjojj.cloudfront.net/tbw/tbw_analytics_v1.0.js?20
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/e3t/Ctc/2H+113/ccGyW04/VWBwTY9hB_6kW8klb1q8CxcpLW8kTzPf533R78N1KM5vg3qgyTW95jsWP6lZ3lpW39fxsG5mqBH5W1kr4pX8Ky24VVfdsSc3dJgVFW8tbwgW1M3xT0W5cWlH14xlpPBW3j-NYZ2fxfGTW9lR-587szQ3zW9gP_MW7br0dCW1Q_-Vy3FrNDTW685r6J6jl-vzW6f8hhs2jsPW1W4XqMC9783Gk-N2-36Rys_mZBVLg3XP40by_MW1FkrfX5vsjfxW254SJJ3s3bFmW5SCRY26J_dczN1Z9CpF3h5DsVZLNGQ6cxP-7N24-qJv8G6tPW77qcvN54yBcJW8GNJhM95LsWhW3tK9Zh4LFr3tW3HFpDX8vh0Q5W7KGn9k91b67TW5ngkb63D-_SRW9lZ0-H7wdrtkW737_v28yR6yLW1LDy3S6xbsHzW7_Xj-n7gLGRHf5DMxRs04
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-18.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 09fdb2959efa7f317724a5762ad6dd73d941613bfd3764ed8be04ddbc4338b4b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Thu, 07 Sep 2023 14:58:41 GMT
Via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
Last-Modified: Tue, 24 Mar 2020 04:06:51 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C1
Age: 13304
ETag: "463d5912885bbaf6257aaac2e9d8935e"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11917
X-Amz-Cf-Id: hIMNPeKWztY3mBVwqkZrF8Zta4V1IbMsEzhq-J8E9gdrvJBRevL9Dg==

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 4 KB
2 KB 202ms
185ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&pageId=106960374431&pid=1835778&sv=cta-embed-js-static-1.202&utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&rdy=1&cos=1&df=t&pg=c953fa87-efa0-494e-9947-98ffe764fcd8

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d33bae737e94e6dbd03fa5d4710cfc477029eb3cbfb4e624577c39f98c6c8bcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8e4bc59f-b426-4fee-a005-af1dc923c327
content-encoding: br
x-envoy-upstream-service-time: 55
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8e4bc59f-b426-4fee-a005-af1dc923c327
server: cloudflare
x-trace: 2B645B0F7C3D829A7AFB9A97C73AB5BF6C3194E801000000000000000000
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-kw4z4
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hl703IcRr450VmM%2F2Hq0ZMIv6BzSuMlOY6afzcl3bAm9KXBHWN8CXOvXKfk%2FlGx415gSsUxAziovXLykeY%2BN4K540RjeMKq4edZIvx3NprjCFodLRtj9eH%2BXX8pZGpnUqeS3E1AX22NRivjCuDlMK1lrYi92krYPUgI%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8031147bd8289201-FRA

GET
H2 200 1835778.js Show response
js.hs-banner.com/ 61 KB
16 KB 421ms
390ms Script
text/javascript 2606:4700:4400::ac40:991b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/1835778.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f23f42796e0c3e29ba160c46015b9aef160581a01ac3f0f14e26bf94b208fe79

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
x-amz-version-id: YDXH_YH_fFN824GrCrw6l909TTdj_LzM
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: XYDDTS67BA0R1TSP
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-envoy-upstream-service-time: 72
x-amz-id-2: bKo7GW7IfZ2bLl5F2zZgHWoWouLWmNqKV2dqm/kLnV1eXHm8KmQGr859uzxkfR0sPCBiN+NLYNEN01UXFZ+h8g==
x-evy-trace-listener: listener_https
x-request-id: fa5d5bea-8111-4db0-8e53-17f3a69ac841
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 17 Apr 2023 15:01:25 GMT
server: cloudflare
etag: W/"91a0403e81a48229dd9d61cc70615a87"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6b7cfc8cf5-dq5s5
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8031147d588519ad-FRA
expires: Thu, 07 Sep 2023 18:45:25 GMT

GET
H2 200 1835778.js Show response
js.hs-analytics.net/analytics/1694112000000/ 66 KB
21 KB 216ms
193ms Script
text/javascript 2606:4700::6810:50ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1694112000000/1835778.js
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df6c76d089f56655116221a194e52aa3038051fde02c4d8ffd48df5a116a90e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: 24XTHABT1DBP0VCR
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 932a63be-37e4-46f8-bdf2-3819fd296f55
x-envoy-upstream-service-time: 29
x-amz-id-2: h9Ipr1KbUT4VxkFE2B6bal4VKhraG95MBvzfX4wK44lXuCrfqdj+Yg3nlAty9WHaHhiXOQ3PWmE=
x-evy-trace-listener: listener_https
x-request-id: 932a63be-37e4-46f8-bdf2-3819fd296f55
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 14 Aug 2023 15:27:24 GMT
server: cloudflare
etag: W/"22296a9189818a02f540dfa6f25905a4"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-wrchw
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8031147d5b67bb89-FRA
expires: Thu, 07 Sep 2023 18:45:25 GMT

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 63ms
19ms Script
application/javascript 2606:4700::6812:7d0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7d0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
age: 23029
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js&cfRay=802ee2407dc41c2e-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b41828c438dcec976b93ddee1edebd6d"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1250/bundle/main/lead-flows-release.js
date: Thu, 07 Sep 2023 18:40:25 GMT
x-amz-version-id: w9qtR_oGTBab1H9Wt5L5qiHDqxRKIaLE
via: 1.1 87e02820e63ff6cf9cd98d9efbaab1fc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD55-P5
x-hubspot-correlation-id: 92454a46-c83c-46ed-b66d-f21a5a42a0ae
x-cache: RefreshHit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 16
x-evy-trace-route-configuration: listener_https/all
x-request-id: 92454a46-c83c-46ed-b66d-f21a5a42a0ae
last-modified: Mon, 04 Sep 2023 12:55:59 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-fs8rm
cf-ray: 8031147da9431ca9-FRA
x-amz-cf-id: muJU1GexZoiLqleR5BVXgpRWZk0t79MnT2-P4u78CxLTkPldfE5wsg==

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 54ms
13ms Script
application/javascript 2606:4700::6811:e7a3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.avanan.com
URL: https://www.avanan.com/hs/scriptloader/1835778.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:e7a3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

13a212c6b892024aae8c2db3d8cf9a5ec7d7f0f86948669384001e375a55edb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
x-amz-version-id: ejB.A_S_mq2WBFqiJyHsLYTQXyGD1Wjj
via: 1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 256
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.406/bundles/pixels-release.js&cfRay=80310e3dfcc12beb-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: ae70b662-65a6-45c0-a9ad-8f72fa28a93b
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ae70b662-65a6-45c0-a9ad-8f72fa28a93b
last-modified: Mon, 28 Aug 2023 04:02:35 UTC
server: cloudflare
etag: W/"0d4f9e1a24521caddccf596277344ec4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-89hzd
cf-ray: 8031147dda1b2be2-FRA
x-amz-cf-id: x3fxgNEKIOvzJKq_-dd0T_WZiiJHiPfLO0zkI0OVsRDk80h5S9jsug==
x-hs-target-asset: adsscriptloaderstatic/static-1.406/bundles/pixels-release.js

GET
H2 200 ruxitagentjs_A2NVfhjqru_10243220606153550.js Show response
www.gartner.com/ Frame 781A 170 KB
67 KB 10ms
10ms Script
text/javascript 13.32.27.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10243220606153550.js
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-95.fra56.r.cloudfront.net
Software: Apache /
Resource Hash: 21091df3e91e575d018aa5b94c490bc0921233e901913052ceec557a2f3537ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 10 Aug 2023 02:53:14 GMT
content-encoding: gzip
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
last-modified: Wed, 03 Mar 2010 07:01:40 GMT
server: Apache
x-amz-cf-pop: FRA56-C2
age: 2476031
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
content-length: 67984
x-amz-cf-id: 744rkpFi7vEpkyfkKOmNWXSUoz-mUg_TwHXUYGvkmZNhC0uaiTOjhg==
expires: Fri, 09 Aug 2024 02:53:14 GMT

GET
H2 200 data.js Show response
www.gartner.com/reviews/public/Widget/js/ Frame 781A 2 KB
1 KB 13ms
13ms Script
application/javascript 13.32.27.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/public/Widget/js/data.js
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-95.fra56.r.cloudfront.net
Software: Apache / Express
Resource Hash: 2ece63665d1c156d538ab3ab54b1239af56ceaa6d199d26580c877fefea8688d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 08:45:57 GMT
content-encoding: gzip
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
last-modified: Fri, 25 Aug 2023 09:29:07 GMT
server: Apache
x-amz-cf-pop: FRA56-C2
age: 35668
x-powered-by: Express
etag: W/"6d4-18a2c06a2b8"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0
accept-ranges: bytes
x-amz-cf-id: Bh6bvQkfoQx9vHvXWQvZMKpYKAt8QRX1MFMYxWyY3QeB_NyOcJ71QQ==

GET
H2 200 api Show response
www.gartner.com/reviews/ Frame 781A 6 KB
2 KB 176ms
176ms XHR
application/json 13.32.27.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gartner.com/reviews/api?apiKey=ZTU3MThjMWEtOTc1ZS00YzgwLWIzZGEtNDg0ODlkMDc0ODRk&paramsKey=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/js/data.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-95.fra56.r.cloudfront.net
Software: Apache / Express
Resource Hash: a29e6dee5b62ca9d6e561aea6c85f954074cd171af5f5d8c24e426b45df0ad9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gartner.com/reviews/public/Widget/data?widget_id=YjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy&size=large
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: gzip
via: 1.1 93b0598b43d63761f1a129690721f888.cloudfront.net (CloudFront)
server: Apache
x-amz-cf-pop: FRA56-C2
x-powered-by: Express
etag: W/"1755-V/KzY/gaJKHGavKXCNlDTUcv4cM:dtagent1024322060615355013ZP:dtagent1024322060615355013ZP"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
cache-control: private
server-timing: dtSInfo;desc="0", dtRpid;desc="639278273"
x-amz-cf-id: q4T4rHfAbufJ8TtqFL3wLghNqr5VI0gzBydko01krWorrd8veSHAog==

GET
H2 200 adsct
t.co/i/ 43 B
378 B 290ms
213ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=23624dc9-4194-4e34-bf14-8789e92148ed&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=29b9d878-3ce3-4ac0-ac1b-ebd26389d957&tw_document_href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0967&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-response-time: 158
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=0
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 83cc354f5f807cdd
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 0946811254c9dd17aed96af4561ce7a89e926d80fa39cd57c9d652e6d232724b
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
396 B 255ms
178ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=23624dc9-4194-4e34-bf14-8789e92148ed&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=29b9d878-3ce3-4ac0-ac1b-ebd26389d957&tw_document_href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o0967&type=javascript&version=2.3.29

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-response-time: 153
date: Thu, 07 Sep 2023 18:40:24 GMT
strict-transport-security: max-age=631138519
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 6daf723fbccc7671
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 8c654c44f700ad45a5013cd444b125fd7e23a85cebf0619c37d755966abc6995
content-length: 43

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 304 KB
85 KB 18ms
9ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=3cc6a3be1eaeae619d4c74742fbec113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1c6ac68e136716c9a35af83d28f0440f01d422614420dc6a336712c0d40076b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 07 Sep 2023 18:40:25 GMT
content-md5: o7aHv4mGxd1LCtukZwC2nw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87336
x-fb-debug: qUAjPzK+EYAis1PfdIMGphhamCjAmNBT/1l1WK9lJ9g9tZEngmqMuosa8DP0BDP/l0+8d9kWtzBeZI5hq+25DA==
x-fb-content-md5: 6adfc6c30c22961408846406699e5a88
cross-origin-opener-policy: same-origin-allow-popups
etag: "6d772a241b35073e8c79d10cf0c21b32"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 06 Sep 2024 17:45:17 GMT

GET
H3 200 4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 13 KB
15 KB 78ms
77ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4212a717b8d61a5ee679e86faef6b912c275aac5508f97350dac01bede075100

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
age: 299755
x-amz-request-id: XAA2RBEHHEZ15RK2
edge-cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="4-Reasons-Microsoft-Safe-Links-Make-Office-365-Less-Safe-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "477b6391512f284fdb1b9be9e024d97f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
via: 1.1 62e7b24ca032b612bb93fa7f3437469c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: ydaMoVEI3EqauKaA9V2_DbfLmkZ4PelZ
x-amz-cf-pop: FRA56-P7
cf-polished: origFmt=png, origSize=14729
x-cache: RefreshHit from cloudfront
cache-tag: F-11280554758,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 13698
x-amz-id-2: fTHxiiM9CC0YOJ0MFmCyk7jWxs8jj9Kw4UCWJbGeN/zolJ2p9zIrz5zapW9WWXj7eLqG9GAZ4YI=
last-modified: Mon, 15 Jul 2019 15:27:08 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9DERxPxjZRdAVQUbO1%2B%2FKWGjxtM4tBDJCVz15J%2BMsEKPixzTnzVsTDVAh0S5Nhgu2D6auP4R32cyFZUhV44ayrvxXV7xp7V%2FZRwb9y%2F3iiO1pLOhwI1A0cOGokXlfXz8it1oTjI0Nw%2FAm8zL"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8031147d1de218ef-FRA
x-amz-cf-id: g0u7dzO3oRLNVEui5SxgoiEJFGARGrqx2Cd1gZ26CRTn9YKDMDc_qQ==

GET
H3 200 Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 6 KB
7 KB 82ms
81ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

634cd6856c830752abf4b33133617045f344d5713d8fa567269172ed76d1cac3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
age: 454584
x-amz-request-id: EPKZE2AVTAWJGN4D
edge-cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="Watch-Out-for-HTML-Attachments-the-Latest-Phishing-Trend-Targeting-Office-365-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "8125afc7f8e4f6afcb3215c0f0838e9f"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
via: 1.1 10f3c0984ab3eaba3e5720ed830a77b6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: yOBXxHcQhK5AkB0oyxYBslCmMPyxVN5L
x-amz-cf-pop: FRA56-P4
cf-polished: origFmt=png, origSize=7014
x-cache: RefreshHit from cloudfront
cache-tag: F-11279853502,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 5920
x-amz-id-2: lsgrTDe2DCNVHb08iZUVrrOxIVjpsQE5ba+DPSXYgYoCYnpN1Datf4R5RU1WezZHYgwwC+KND1I=
last-modified: Mon, 15 Jul 2019 15:09:16 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEW6XfDTx1nYJRygaXgOCuI8FORCMVUSjFZshHLm%2BfowruWpuGrjisssdULMrFvKcX5J49Ag7VBVRmETlmi8u0WQppMdW7QYWDf42VbKdlHLZ82fVZUPQ%2BaSzMyVjPiUcq%2FpJkdXB2a%2By10I"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8031147d1de518ef-FRA
x-amz-cf-id: Qu8U3LpP2gFXU7ac2lkFeXhfT7_DEil0rCCJn1MJfNOkfG5ByLiS-Q==

GET
H3 200 Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 10 KB
12 KB 89ms
88ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

54ff1ebf4247ecd1fdefdd027b695c8eca043b8987861f9edd37fee6ccceb2ef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
age: 454584
x-amz-request-id: XAA1V44YEYJZXTJC
edge-cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="Mimecast-vs-Proofpoint-Why-They-Cant-Secure-Office-365-and-Gmail-Part-1-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "b6aafb5047af62538589406b53694ac6"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: N_MnPa4GyRrx42wIuC2oH5cUB01QyWa3
x-amz-cf-pop: FRA56-P4
cf-polished: origFmt=png, origSize=12541
x-cache: RefreshHit from cloudfront
cache-tag: F-11280371673,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 10722
x-amz-id-2: AhIy24NuSMO/SIOEwp6f+rT090hCAEch/dbKCjNv6j/FYdYA7ChfuB8R1dSqw7Y+Vbo6yhea38w=
last-modified: Mon, 15 Jul 2019 15:29:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j0RI6mJ%2BQ%2FUysYlZ7mPbSa34NILgujxjfCv95pTE8nZoLzPiF02s89Vp4ZyWAOwNx3QcT9lcHzDGOgVebjqRmCKzoktmCtHoKYxSbe7JIRPxzADAgbIhIY4iWh4hwJHtV0tVt8BZPJBvuYTL"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8031147d1de918ef-FRA
x-amz-cf-id: q7A8IFxxwbKMB6cf0A8p2Aq6_KvaGxs2qorOfNoLEpOCELH0rbQqkw==

GET
H3 200 Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 10 KB
11 KB 92ms
91ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

46891f1a0d9fc55b4650e10dbdc598a5269f19fdbd69305f8b8d1cd360b49f8d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
age: 454584
x-amz-request-id: X99F80K3JVCTES29
edge-cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="Why-Multi-Factor-Authentication-Isnt-Foolproof-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "bca56f3cf898c1b6593fb7ed155d1c49"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
via: 1.1 8a6f67a9421de326f43e9107751b580e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: FviQOCsHbLeXzaUcA2EbVpPC3vT_wGWu
x-amz-cf-pop: FRA56-P4
cf-polished: origFmt=png, origSize=11848
x-cache: RefreshHit from cloudfront
cache-tag: F-11288678777,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 10258
x-amz-id-2: ItMyAmUarO/MEJbdnx4bNky9QVfXDH4TKZTlzSAtHl+jZv/2C6rNNT8pOePfJXX5G/pllAaEUIM=
last-modified: Mon, 15 Jul 2019 19:24:10 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yirlqco%2BeN%2BBFdPqkoZrxTAlu712XAawfE%2Bh0VzF2fFtP1C6RUCBgNQ%2BAUwPi8vKuD43QYUO%2Bk7DUF1WRxXfaFNv2gwZ2qsrKPcF1WCp7vCDTKQC%2Fed7ungWqrWV%2BAHlZYYzM5ZcTx9aLhp0"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8031147d1deb18ef-FRA
x-amz-cf-id: NYsI1MSQ9bPQwQoBCYLwwvvqqpO9u36s6CrtYeCdRB7RG_fyhWqSGA==

GET
H3 200 baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 5 KB
6 KB 63ms
62ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fbecdde63cefbeb511fc193ff653cf649ce9a2a9a120316d40f20b809afb647

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
age: 454584
x-amz-request-id: B3S2CSXRP3S4DQ5C
edge-cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="baseStriker-Office-365-Security-Fails-To-Secure-100-Million-Email-Users-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "fc3f83b4e407e381c43aab80d24ea1d4"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
via: 1.1 9987fa8ab620895e83d1d8f10c40f6d2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: G5ELs3jKBLJmOK8DWOt6WhtX3JSMSxSz
x-amz-cf-pop: FRA56-P4
cf-polished: origFmt=png, origSize=7128
x-cache: RefreshHit from cloudfront
cache-tag: F-11280371233,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 5408
x-amz-id-2: 3MzPzcSxDns5BFfO+5hKafooyYNIrjAZKHrVqtE7kZ0NXzoD0lN7E8oEpNC8JhsqkT48d3Ji7x4=
last-modified: Mon, 15 Jul 2019 15:25:56 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=voyuu9YpPGa8LNk3Cw5kLlXw9w9p1Lnux%2Fq7%2F4KlbjNm8054vayw9ksDIvZh%2Fim2cHXkrHUlpTZzNwawCKoMV6o49nJB%2Bp03H5wzokZxGVdNE8VoqJd9zM46a%2BfyDYsp12iG5yh6hC%2FPapxZ"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8031147d1def18ef-FRA
x-amz-cf-id: 0txlALaQ831oEwCtrITVMEEW3s-y7ZtlVPSJFEaNki1991S3t3b2Rg==

GET
H3 200 Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.png
www.avanan.com/hubfs/website/img/blog/featured/ 8 KB
9 KB 57ms
56ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/featured/Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f268614e7be44fc18dbfa5350bfeea8539258da4830ef728c56e05bf62f46b57

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
age: 454584
x-amz-request-id: CE8726RY47JZZHV7
edge-cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
x-hs-https-only: worker
content-disposition: inline; filename="Widespread-Attack-on-Office-365-Corporate-Users-with-Zero-day-Ransomware-Virus-Featured.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "548590285b53aff019e25f9f13cb06ea"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000
via: 1.1 3d34e163f3f1a0c4a397ad818b79a810.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 2lJpL73VoPYJGYmEK4csso3aWzFV5e03
x-amz-cf-pop: FRA56-P4
cf-polished: origFmt=png, origSize=9877
x-cache: RefreshHit from cloudfront
cache-tag: F-11280052410,FD-11279853394,P-1835778,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 8328
x-amz-id-2: Egi23tjQ5D3mrfihAK+sr4IhToMW2iYTbV28oxOSw0c3HF6r270UpzsiGrzXOrsO1uPQBmfVphA=
last-modified: Mon, 15 Jul 2019 15:28:27 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UM7OcfBmAu444lOMnpdAjf2Fj7kJbz4WNPc6j%2BFZ8PQ7DOVzHJFIuE%2BV5%2FKQ%2F86xdhBuLXxus5KK014cvLY9G0XS7Z3c8dOUEe7LMbHzMFroPVeFxEar%2FH55bIqLW6rIiFYF9JVGBg1mL94a"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8031147d1df118ef-FRA
x-amz-cf-id: o4RrYKsgJ9tilpdfL3IHU9mrOnS_kLPuQquDRX--WKJBemH6Qra0sg==

GET
H2 200 cta-loaded.js Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 0
606 B 154ms
142ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-loaded.js?pid=1835778&pg=c953fa87-efa0-494e-9947-98ffe764fcd8&lt=1694112024582&dt=1694112024590&at=1694112025153&an=1

Requested by

Host: js.hscta.net
URL: https://js.hscta.net/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-origin-hublet: na1
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: acd27143-9248-48ff-9dd3-1316fd8f37f3
x-envoy-upstream-service-time: 6
content-length: 0
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: acd27143-9248-48ff-9dd3-1316fd8f37f3
last-modified: Thu, 07 Sep 2023 18:40:25 GMT
server: cloudflare
x-trace: 2BBB7E7FFA58F484A16C3BEE248A859198CA323647000000000000000000
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7UktcdPYWgV6DY5nDJ2g%2FwEUNBqKSjL3RsizeCbynBuZ9ts2augqp%2FF1sG3sjPqJgom3R5K9V4SEuUVqQGKazdgePl5uXTJCk4KA4y7Sxns8M%2Frqceu1xC2Slh44Qv%2FMEj9vB5qe9tiVKGL%2B0JtpUUDS9IePEODipdE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=utf-8
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6xsfj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
x-robots-tag: noindex, follow
cf-ray: 8031147e1a9a9201-FRA

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 445ms
393ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Thu, 07 Sep 2023 18:40:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: f2489664-5d9f-41bf-a637-0216ea550930
x-envoy-upstream-service-time: 3
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f2489664-5d9f-41bf-a637-0216ea550930
Last-Modified: Thu, 07 Sep 2023 18:40:25 GMT
Server: cloudflare
X-Trace: 2B542576B308C3B39EED805CDC3B9CE2BDBD6FC338000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6fhst
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 8031147e5d7491e4-FRA

GET
H/1.1 200
OK counters.gif
perf.hsforms.com/embed/v3/ 35 B
1 KB 179ms
139ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Thu, 07 Sep 2023 18:40:25 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: b7ca8cd4-f15d-457a-a614-74bdd4c35d17
x-envoy-upstream-service-time: 19
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b7ca8cd4-f15d-457a-a614-74bdd4c35d17
Last-Modified: Thu, 07 Sep 2023 18:40:25 GMT
Server: cloudflare
X-Trace: 2BAE4B9091D6AC3C4C80D64CE5F6676EC1D2AA2402000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-4bsw8
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 8031147e5f679966-FRA

GET
H/1.1 200
OK widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html Show response
platform.twitter.com/widgets/ Frame 1950 320 KB
104 KB 17ms
17ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.avanan.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BC0) /
Resource Hash: 4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1863960
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105435
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Sep 2023 18:40:25 GMT
Etag: "95e1b50b0c179aefb47b5b211bb347b5+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BC0)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 1936026250043111 Show response
connect.facebook.net/signals/config/ 137 KB
35 KB 82ms
82ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1936026250043111?v=2.9.125&r=stable&domain=www.avanan.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

679474b6d9d6d3aa6144b419aace177cc1cf7cf9ff8b1cd871f618b112a5cfa5

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 07 Sep 2023 18:40:25 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: zLkkuManEVXOxFIoc9Cg6xR5NUVMfEk3107HfmU7PHXUoDE/sIOBOg28UXs1aL2GiuqhhgZIqhbD+bt8PSPkvA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 16 B
195 B 21ms
18ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1986075408&t=pageview&_s=1&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&ul=en-us&de=UTF-8&dt=The%20Microsoft%20Reply%20Attack&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABQAAAACAAI~&jid=1877267874&gjid=771413737&cid=1406688938.1694112025&tid=UA-59393664-1&_gid=771358039.1694112025&_r=1&_slc=1&gtm=45He38u0n81MQZBTTX&z=823688083

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b3c6f35195cdf97b110a6a3bbc41467d747d28b0c9e9950a171931ce58405547

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/881234066/ 42 B
455 B 49ms
21ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/881234066/?random=1694112024772&cv=9&fst=1694109600000&num=1&guid=ON&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&tiba=The%20Microsoft%20Reply%20Attack&fmt=3&is_vtc=1&random=2984058450&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/881234066/ 42 B
455 B 48ms
21ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/881234066/?random=1694112024772&cv=9&fst=1694109600000&num=1&guid=ON&eid=375603260%2C466465925%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=0&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&tiba=The%20Microsoft%20Reply%20Attack&fmt=3&is_vtc=1&random=2984058450&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
settings.luckyorange.net/ 2 KB
1 KB 564ms
493ms Fetch
application/json 104.26.11.16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://settings.luckyorange.net/?u=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&s=128904

Requested by

Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.11.16 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19357aceb0d2e948b724b218887bfcb150024c6be540a27aa400c9a8408c2503

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://www.avanan.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VSMjPRzdhRdubQf2HYaT2bwSTl%2BoArsqPmpfx3au5qdC3BIWbKo8WE4jVTyoj6w6NOscoorN8vyxL4rWs5q51OcjxLXd3MjBPPs0f8eAWxIbdhvdUe6R5a9M3IjGMkJE1v7pA6Bs8vvnwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-credentials: true
cf-ray: 8031147e5f6c9956-FRA
access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,Keep-Alive,X-Requested-With,If-Modified-Since

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 52ms
23ms Script
application/x-javascript 2a02:26f0:3500:16::215:149b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:149b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 28 Aug 2023 12:14:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=55399
accept-ranges: bytes
content-length: 4862

GET
H2 200 modules.c7962ba31267c30299df.js Show response
script.hotjar.com/ 223 KB
55 KB 105ms
39ms Script
application/javascript 18.165.227.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.c7962ba31267c30299df.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2523353.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.165.227.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-165-227-104.lhr61.r.cloudfront.net

Software

Resource Hash

f5d7e440936d0aa4088a8bacc16206224b58b6fa1882dc54c3f953450fc75563

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 08:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 825d5bfd8fcf34b79a6a3617d10bce7c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR61-P5
age: 35239
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55578
last-modified: Thu, 07 Sep 2023 08:52:45 GMT
etag: "628a0bf92690f9881613d19390363f0b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: OfPSV_ma5QIZsG7bT4PJYKhHr0XpLUGpjQVRPIgU45F05jGXL1gkoQ==

GET
H2 200 /
www.google.com/pagead/1p-user-list/881234066/ 42 B
108 B 25ms
24ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/881234066/?random=1694112024851&cv=11&fst=1694109600000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&frm=0&tiba=The%20Microsoft%20Reply%20Attack&fmt=3&is_vtc=1&random=1760100865&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/881234066/ 42 B
108 B 25ms
23ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/881234066/?random=1694112024851&cv=11&fst=1694109600000&bg=ffffff&guid=ON&async=1&gtm=45He38u0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&frm=0&tiba=The%20Microsoft%20Reply%20Attack&fmt=3&is_vtc=1&random=1760100865&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 1950 869 B
659 B 179ms
119ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=aea9602336d8d4f347669cb146ff8f990b877eaf

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2b2d73daf636805223fb11d48f3e94f7.html?origin=https%3A%2F%2Fwww.avanan.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-response-time: 90
date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Thu, 07 Sep 2023 18:40:25 GMT
server: tsa_f
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: 3be234747f990726
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7626143928
x-connection-hash: bd0fc4bf1d77debc0355b32b0374785700c9c61f73ead6fffc627d012313e9c5
content-length: 337

GET
H2 204 25018126.js Show response
bat.bing.com/p/action/ 0
117 B 41ms
41ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/25018126.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Thu, 07 Sep 2023 18:40:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 917BC0197CA14759819D06707CDFF68C Ref B: FRAEDGE1418 Ref C: 2023-09-07T18:40:25Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 34ms
34ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=25018126&tm=gtm002&Ver=2&mid=b89a0288-51ad-4fdd-888a-cfdc4b742c38&sid=025086804dae11ee89a1ad452c270ad2&vid=0250b4c04dae11eea86a15c82578f15f&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=The%20Microsoft%20Reply%20Attack&p=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&r=&lt=1174&evt=pageLoad&sv=1&rn=370252

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 07 Sep 2023 18:40:24 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F99D49762DD144B796B375E7DE83EC6F Ref B: FRAEDGE1418 Ref C: 2023-09-07T18:40:25Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tbw Show response
match.prod.bidr.io/cookie-sync/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/tbw
https://match.prod.bidr.io/cookie-sync/tbw?_bee_ppp=1

44 B
659 B

31ms
31ms

Script
application/javascript

52.212.62.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://match.prod.bidr.io/cookie-sync/tbw?_bee_ppp=1

Requested by

Protocol

HTTP/1.1

Server

52.212.62.39 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-62-39.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

23df85b431121cb12e63cfeb071b25638717938bdf143ba526ea427913d86b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=2592000; includeSubDomains
x-content-type-options: nosniff
Server: gunicorn
Connection: keep-alive
Content-Length: 44
content-type: application/javascript

Redirect headers

location: https://match.prod.bidr.io/cookie-sync/tbw?_bee_ppp=1
Date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 63ms
21ms XHR
text/plain 2a00:1450:400c:c09::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-59393664-1&cid=1406688938.1694112025&jid=1877267874&gjid=771413737&_gid=771358039.1694112025&_u=aEBAAEAAQAAAACAAI~&z=1116423937

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 07 Sep 2023 18:40:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
84 KB 41ms
40ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FV5LS2GGRB&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

976381ee0acc1930f7357aa1487bea4fcbfdcf752c9942d8e2e800056df30e67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85999
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 07 Sep 2023 18:40:25 GMT

GET
H2 200 logo-bubble-white-bg-2x-min.png
reviews.static.gartner.com/public/Widget/img/ 2 KB
3 KB 142ms
39ms Image
image/png 2600:9000:214f:9a00:14:c034:4840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reviews.static.gartner.com/public/Widget/img/logo-bubble-white-bg-2x-min.png
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:9a00:14:c034:4840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache / Express
Resource Hash: b59a0404929cf4a3ad1cbd9c2ffaaff3f8c2e838a70867c1de2dfddc5a2b2f91

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gartner.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 10:16:47 GMT
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
last-modified: Fri, 25 Aug 2023 09:29:08 GMT
server: Apache
x-amz-cf-pop: FRA53-C1
age: 894218
x-powered-by: Express
etag: W/"923-18a2c06a6a0"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 2339
x-amz-cf-id: mHYlsiObRk2n0C50ex_p91meKrAJN1m6KW6aLmimyjBYRlJwCOgNqQ==

GET
H2 200 stars.png
reviews.static.gartner.com/public/Widget/img/ 1 KB
2 KB 141ms
38ms Image
image/png 2600:9000:214f:9a00:14:c034:4840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reviews.static.gartner.com/public/Widget/img/stars.png
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:9a00:14:c034:4840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache / Express
Resource Hash: 22cecf5526a9a6a3c3d49dea18b28fd902a5a2bec155a04a7c21bb654b9ec0c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gartner.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 04:37:43 GMT
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
last-modified: Fri, 25 Aug 2023 09:29:08 GMT
server: Apache
x-amz-cf-pop: FRA53-C1
age: 914562
x-powered-by: Express
etag: W/"4f5-18a2c06a6a0"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1269
x-amz-cf-id: 9MbX2Eww74zRaHAI4vpgXazKQ2iGKafj2DLmaiYsr7cHn3i8lZ9Nng==

GET
H2 200 chevron-right.png
reviews.static.gartner.com/public/Widget/img/ 217 B
574 B 140ms
37ms Image
image/png 2600:9000:214f:9a00:14:c034:4840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://reviews.static.gartner.com/public/Widget/img/chevron-right.png
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/reviews/public/Widget/css/widget.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:9a00:14:c034:4840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache / Express
Resource Hash: f75e7361bbcda225d800dd06644f99253ae2cf5ab6a0e47ff7967474e7afb4a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gartner.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 03 Sep 2023 12:01:24 GMT
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
last-modified: Fri, 25 Aug 2023 09:29:07 GMT
server: Apache
x-amz-cf-pop: FRA53-C1
age: 369541
x-powered-by: Express
etag: W/"d9-18a2c06a2b8"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 217
x-amz-cf-id: dGoui_nocjHhBLLsmQbNxhnhSenBrKkInYcVgiQrx_Wx3S1F2g_i9w==

GET
DATA 200
OK truncated
/ 36 KB
36 KB Font
font/woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a2f15820ffe7ec552c256f18b8cd6485618d23a5648f535992e5c6928a542b7

Request headers

Referer
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: font/woff2

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
471 B 121ms
114ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1237514&r=1694112025383&ref=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1237514
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
via: 1.1 google
x-guploader-uploadid: ADPycdsl0JqCqzUVkBoj099xVy1F5wFKjEXzwhtj1Gy3l7jLFYYcve3ldB2xW-ey3Gp3N-TIuwJFtyuV8k_RXGR03YGyD0GZPaHT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Thu, 07 Sep 2023 19:40:25 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 158ms
113ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1237514&r=1694112025383&ref=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.avanan.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 07 Sep 2023 18:40:25 GMT
expires: Thu, 07 Sep 2023 18:40:25 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ADPycdtwCwCbtEQUZ8yq5fHpwB_HjjZnkMpSiTMFHUBIu6bjHKpguomiGheDHeCYFFkBl4WeRPv2jNKnXlXu0UNPWILwjtTV4nNm

GET
H2 200 /
tr.lfeeder.com/ 43 B
294 B 127ms
86ms Image
image/gif 18.66.112.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.lfeeder.com/?sid=OKM7ZEDV9rXg2zo4&data=eyJnYVRyYWNraW5nSWRzIjpbIlVBLTU5MzkzNjY0LTEiXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLUZWNUxTMkdHUkIiXSwiZ2FDbGllbnRJZHMiOlsiMTQwNjY4ODkzOC4xNjk0MTEyMDI1Il0sImNvbnRleHQiOnsibGlicmFyeSI6eyJuYW1lIjoibGZ0cmFja2VyIiwidmVyc2lvbiI6IjIuNjEuMyJ9LCJwYWdlVXJsIjoiaHR0cHM6Ly93d3cuYXZhbmFuLmNvbS9ibG9nL3RoZS1taWNyb3NvZnQtcmVwbHktYXR0YWNrP3V0bV9jYW1wYWlnbj1DYW1wYWlnbiUyMC0lMjBNMzY1JTIwU01CJTIwVVMlMjAxNTAlMjBFbXAlMjA5JTJGNSUyMC0lMjBGWTIzJnV0bV9tZWRpdW09ZW1haWwmX2hzbWk9MjcyNTQzMzc2Jl9oc2VuYz1wMkFOcXR6LV92Nk9LWk5PYVdCaGhZZ3RmX204cE5lV0stRlh4eVpWTDZIcE95clJ2MjZFZVdKWVhTbjdfLXJ2UWVyVWZJRHNnSzEtSGd6UDZEUEZ3MFRPVnpLb1k4c2lLejQ3NV9xN1FUc3pIVThmNU9YT1B0VUNJJnV0bV9jb250ZW50PTI3MjU0MzM3NiZ1dG1fc291cmNlPWhzX2F1dG9tYXRpb24iLCJwYWdlVGl0bGUiOiJUaGUgTWljcm9zb2Z0IFJlcGx5IEF0dGFjayIsInJlZmVycmVyIjoiIn0sImV2ZW50IjoidHJhY2tpbmctZXZlbnQiLCJjbGllbnRFdmVudElkIjoiYTdmOTRmOGFhOWVmY2I3NiIsInNjcmlwdElkIjoiT0tNN1pFRFY5clhnMnpvNCIsImNvb2tpZXNFbmFibGVkIjp0cnVlLCJjb25zZW50TGV2ZWwiOiJub25lIiwiYW5vbnltaXplSXAiOnRydWUsImxmQ2xpZW50SWQiOiJMRjEuMS5kYzU1M2QxNGJiYTA1MzMwLjE2OTQxMTIwMjUzOTIiLCJmb3JlaWduQ29va2llcyI6W10sInByb3BlcnRpZXMiOnt9LCJhdXRvVHJhY2tpbmdFbmFibGVkIjp0cnVlLCJhdXRvVHJhY2tpbmdNb2RlIjoib25fc2NyaXB0X2xvYWQifQ==
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-92.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-P5
x-cache: LambdaGeneratedResponse from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: iwjm5R5CkfwbopD_-2PA7EOTcgX1LdiKe3fnNvFV3_OCRSOwaLHv2Q==

GET
H2 200 0516
px.spiceworks.com/px/ 42 B
574 B 123ms
121ms Image
image/gif 45.60.13.212
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.spiceworks.com/px/0516?buster=18824&pxref=&consent=true&_fpv=2.4&_fpt=3&_fp2=09c9bad9b1b156853faae4d59bc6d29a
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.13.212 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-iinfo: 2-26716201-26716223 NNNN CT(26 28 0) RT(1694112024406 268) q(0 0 1 -1) r(1 1) U24
date: Thu, 07 Sep 2023 18:40:25 GMT
x-incap-sess-cookie-hdr: 27OEBet4QElsmuzUJkJwBxgZ+mQAAAAA6F5jHQdF9sQRg2JpYAvzgQ==
x-cdn: Imperva
content-length: 42
content-type: image/gif

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 59ms
7ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1936026250043111&ev=PageView&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&rl=&if=false&ts=1694112025479&sw=1600&sh=1200&v=2.9.125&r=stable&ec=0&o=30&fbp=fb.1.1694112025471.817968063&it=1694112025195&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 07 Sep 2023 18:40:25 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 51ms
51ms Image
image/gif 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-59393664-1&cid=1406688938.1694112025&jid=1877267874&_u=aEBAAEAAQAAAACAAI~&z=1742678801

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 75ms
72ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-59393664-1&cid=1406688938.1694112025&jid=1877267874&_u=aEBAAEAAQAAAACAAI~&z=1742678801

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
t.influ2.com/u/ 63 B
322 B 207ms
130ms XHR
text/plain 2a00:1450:4001:827::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.influ2.com/u/?cb=1694112025485
Requested by: Host: www.influ2.com
URL: https://www.influ2.com/tracker?clid=94f01642-c25e-4c39-b6b1-8eb7959ff1af
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 88fdffc005db75c38fc6551d1daea13948b2c5e8b5fcc7859d9a8ac55a5bd672

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-origin: https://www.avanan.com
date: Thu, 07 Sep 2023 18:40:25 GMT
content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 google
vary: Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/110528/domain/avanan.com/ 36 B
373 B 69ms
14ms XHR
application/json 2600:9000:20eb:6e00:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/110528/domain/avanan.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:6e00:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:38:41 GMT
content-encoding: gzip
via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 104
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: XYTN30H72u4j2K8hJEkib4-Jg529tkQShuKtnc4NbAGgz3Llh3axjA==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%25...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D110528%26time%3D1694112025500%26url%3Dhttps%253A%252F%252Fwww.avanan.com%252Fblog...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%25...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2...

0
265 B

194ms
163ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true&e_ipv6=AQJ5fD4pVJlEKQAAAYpw8g4_boaP4RlJA0CpRnKJNkm3gZshYtQFU_ywT1CDU2gV-uo5MdmtnJvXdyaKqgnWLAQTjOfXjg
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: CA5AB6324870416A935FF97A99165503 Ref B: FRAEDGE1419 Ref C: 2023-09-07T18:40:26Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYEyTGKcUeAgw6DHkhEOA==

Redirect headers

date: Thu, 07 Sep 2023 18:40:25 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 264A45B15D824E9F9611E32271602054 Ref B: FRAEDGE1318 Ref C: 2023-09-07T18:40:26Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=110528&time=1694112025500&url=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&cookiesTest=true&liSync=true&e_ipv6=AQJ5fD4pVJlEKQAAAYpw8g4_boaP4RlJA0CpRnKJNkm3gZshYtQFU_ywT1CDU2gV-uo5MdmtnJvXdyaKqgnWLAQTjOfXjg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYEyTGHhFoojeh56HFaRA==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
254 B 39ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-FV5LS2GGRB&gtm=45je3960&_p=1986075408&_gaz=1&ul=en-us&sr=1600x1200&cid=1406688938.1694112025&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&dt=The%20Microsoft%20Reply%20Attack&sid=1694112025&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FV5LS2GGRB&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
56 B 24ms
22ms Ping
text/plain 2a00:1450:400c:c09::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FV5LS2GGRB&cid=1406688938.1694112025&gtm=45je3960&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FV5LS2GGRB&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.avanan.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 55ms
53ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FV5LS2GGRB&cid=1406688938.1694112025&gtm=45je3960&aip=1&z=1776232246

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 113 B
1 KB 140ms
123ms XHR
application/json 2606:4700::6811:c8cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1835778

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c8cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b648b3c9d20f3b87bf24c9f20cd940d40ab038f24fc3142588961fc57131e74b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ccd49c96-f466-4520-af9d-5989a787f689
content-encoding: br
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ccd49c96-f466-4520-af9d-5989a787f689
server: cloudflare
x-trace: 2B84A10049B8CB1F245C835B71609FE4B14009BE96000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-s8zqc
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vdbHtuO7WW7h%2FBZecqEisSSBszQz7frFRxDOIjP1caZGA3cfSRWAkn9F8K7ENe5MvVjzLO%2B45nZdMWSoO3Il58V%2BIQcPYdnRIQrkNkSN5HnqqSORhF0BtTYminQXMkBNGEkiFkfBG9GRQbL5"}],"group":"cf-nel","max_age":604800}
cf-ray: 803114811ab1371c-FRA
access-control-allow-headers: *

GET
H/1.1 200
OK button.e7f9415a2e000feaab02c86dd5802747.js Show response
platform.twitter.com/js/ 8 KB
3 KB 14ms
13ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.e7f9415a2e000feaab02c86dd5802747.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B94) /
Resource Hash: ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Thu, 07 Sep 2023 18:40:25 GMT
Content-Encoding: gzip
Age: 1863947
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 2618
Last-Modified: Tue, 24 Jan 2023 21:41:06 GMT
Server: ECS (amb/6B94)
Etag: "506673dbdb9085e7201e137e893cc152+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=315360000

GET
BLOB 200
OK 189e2d6b-e52c-4510-8a5c-19ef2e2d4600
https://www.avanan.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.avanan.com/189e2d6b-e52c-4510-8a5c-19ef2e2d4600
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK pista.js Show response
d26x5ounzdjojj.cloudfront.net/2.14.0/ 98 KB
98 KB 9ms
9ms Script
application/javascript 13.224.194.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d26x5ounzdjojj.cloudfront.net/2.14.0/pista.js
Requested by: Host: d26x5ounzdjojj.cloudfront.net
URL: https://d26x5ounzdjojj.cloudfront.net/tbw/tbw_analytics_v1.0.js?20
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-18.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 10deca523f2d7d41a77738b61b503fb9ec9f7c8e5f96d34b4e760f7ab807983a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Date: Wed, 06 Sep 2023 20:31:18 GMT
Via: 1.1 2bbba694ff55d664208103e9c25dce14.cloudfront.net (CloudFront)
Last-Modified: Thu, 06 Aug 2020 17:08:18 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA2-C1
Age: 79748
ETag: "8f4885b5f0517e98f2ecf6c734d1decd"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 100013
X-Amz-Cf-Id: vdL-sRRKvR1IFRrpcqCVk34AIRh-R2fUN3gu25KQumueob4yTFzuDw==

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame B335 37 KB
14 KB 14ms
13ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B94) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1863939
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Sep 2023 18:40:25 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6B94)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H/1.1 200
OK tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html Show response
platform.twitter.com/widgets/ Frame 7B56 37 KB
14 KB 30ms
15ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2b2d73daf636805223fb11d48f3e94f7.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6B94) /
Resource Hash: a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 1863939
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 13592
Content-Type: text/html; charset=utf-8
Date: Thu, 07 Sep 2023 18:40:25 GMT
Etag: "28919252629e2fa1d4ed52f48cb66ac0+gzip"
Last-Modified: Tue, 24 Jan 2023 21:41:10 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6B94)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
99 B 119ms
118ms Image
image/gif 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22AvananSecurity%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1694112025798%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22aaf4084522e3a%3A1674595607486%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=aea9602336d8d4f347669cb146ff8f990b877eaf

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-response-time: 90
date: Thu, 07 Sep 2023 18:40:25 GMT
strict-transport-security: max-age=631138519
last-modified: Thu, 07 Sep 2023 18:40:25 GMT
server: tsa_f
vary: Origin
content-type: image/gif
x-transaction-id: ca3c710e588b2294
cache-control: must-revalidate, max-age=600
perf: 7626143928
x-connection-hash: bd0fc4bf1d77debc0355b32b0374785700c9c61f73ead6fffc627d012313e9c5
content-length: 43

OPTIONS
H2 200 tp2
com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ Frame 0
0 330ms
98ms Preflight 35.171.218.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.218.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-218-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.avanan.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.avanan.com
access-control-max-age: 600
content-length: 0
date: Thu, 07 Sep 2023 18:40:26 GMT
server: nginx

POST
H2 200 tp2 Show response
com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ 2 B
321 B 310ms
103ms XHR
text/plain 35.171.218.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d26x5ounzdjojj.cloudfront.net
URL: https://d26x5ounzdjojj.cloudfront.net/2.14.0/pista.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.218.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-218-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.avanan.com
date: Thu, 07 Sep 2023 18:40:26 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
DATA 200
OK truncated
/ Frame B335 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 clickstream.js Show response
d10lpsik1i8c69.cloudfront.net/js/ Frame 9684 287 KB
92 KB 47ms
7ms Script
application/javascript 143.204.214.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Requested by: Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/w.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-30.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08364858e416bd80eb1c1e08b68b3b0bdf8c565df9324401e800e0a781147aeb

Request headers

Referer
Origin: https://www.avanan.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 01:01:29 GMT
content-encoding: gzip
via: 1.1 4809763494a078a525dc1a2dff5ddf6c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
age: 581937
x-cache: Hit from cloudfront
last-modified: Fri, 02 Sep 2022 19:59:47 GMT
server: AmazonS3
etag: W/"6a7ba000cc0f3518baa46608eb12410c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-id: IO2AEusljvSsbwFUK2eHNY7PB0e3NsFTtNjs_OWmkSumZbF3ReJfWw==

GET
DATA 200
OK truncated
/ Frame 7B56 822 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 16ms
15ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1936026250043111&ev=Microdata&dl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&rl=&if=false&ts=1694112025983&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%2C%22meta%3Adescription%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22og%3Atitle%22%3A%22The%20Microsoft%20Reply%20Attack%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.avanan.com%2Fhubfs%2FFeatured%2520Images%2520-%25202023-03-17T145245.680.png%23keepProtocol%22%2C%22og%3Aimage%3Awidth%22%3A%22960%22%2C%22og%3Aimage%3Aheight%22%3A%22540%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%22%2C%22og%3Atype%22%3A%22article%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.125&r=stable&ec=1&o=30&fbp=fb.1.1694112025471.817968063&it=1694112025195&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 07 Sep 2023 18:40:25 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 bf Show response
bf28149orj.bf.dynatrace.com/ Frame 781A 205 B
479 B 361ms
110ms XHR
text/plain 34.206.231.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bf28149orj.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=AQAKRMMBRECTCAHOMHANQIABHMJGDNEO-0&modifiedSince=1694109164759&rf=https%3A%2F%2Fwww.gartner.com%2Freviews%2Fpublic%2FWidget%2Fdata%3Fwidget_id%3DYjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy%26size%3Dlarge&bp=3&app=c9f1951eb65229e3&crc=4236768655&en=4vwhu0vt&end=1
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10243220606153550.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.231.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-231-112.compute-1.amazonaws.com
Software: /
Resource Hash: b7c3a9928f39697bc8878fc6596a954b9fd5691cb3341731fad84c77cdccc0a0

Request headers

Referer: https://www.gartner.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gartner.com
x-oneagent-js-injection: true
date: Thu, 07 Sep 2023 18:40:26 GMT
cache-control: no-cache
content-length: 205
content-type: text/plain;charset=utf-8

GET
H2 200 / Show response
c.6sc.co/ 7 B
193 B 16ms
16ms XHR
text/html 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-184.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.avanan.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 36 B
335 B 66ms
10ms XHR
text/html 2a02:26f0:ab00::214:8e70
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ab00::214:8e70 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e953b2b3797aee78418f706637a16233ad4e893f165305828290723e04ccba88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Sep 2023 18:40:26 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.avanan.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2001:ac8:20:3d00:1011:fcb7:8182:e6ac
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1694112026490_34901612_115734158_21_841_7_26_219";dur=1
content-length: 36
expires: Thu, 07 Sep 2023 18:40:26 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 260ms
237ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=7988b8b9b9fb2b24661a471cde834fcb&svisitor=null&visitor=7ef0a0e0-d07a-48c8-8096-97775077321c&session=cdb9045f-8ca1-4c09-81b3-d215da67c406&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2007%20Sep%202023%2018%3A40%3A24%20GMT%22%2C%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Sep%202023%2018%3A40%3A24%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%227988b8b9b9fb2b24661a471cde834fcb%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Sep%202023%2018%3A40%3A24%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2007%20Sep%202023%2018%3A40%3A24%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&pageViewId=ec971d17-045f-482c-8da6-8f8c89c7d22d&v=1.1.6

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 insent Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ 80 KB
23 KB 99ms
13ms Script
binary/octet-stream 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/insent
Requested by: Host: www.avanan.com
URL: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: .FAB9Y95ndDaGNhchbIulf.cdaY.U50y
content-encoding: gzip
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
date: Thu, 07 Sep 2023 11:30:36 GMT
last-modified: Fri, 01 Sep 2023 11:30:15 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 25791
etag: "6c640d0008fb2a23a0ff942202f8657c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: binary/octet-stream
content-length: 23142
x-amz-cf-id: 7Few9url1v0dy5SHewaXiumq0cok1RvhT37ylm3R0m1KiMZO7z48Yw==

GET
H3 200 like.php Show response
www.facebook.com/plugins/ Frame 5081 51 KB
16 KB 268ms
267ms Document
text/html 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12b73790fda244%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffc2e6a4232e99c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=3cc6a3be1eaeae619d4c74742fbec113

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bc20b36f751ad260de8396c96601235213045021b8e8c546ebc2235932f0e134

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 07 Sep 2023 18:40:26 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: fJzNpSK6gXcvnLE/4EnWEki1Ms6yGdQtf2BGlRcOvmyizRd8RfLjjX5mDbEnS0nb/jMIxfTUUIFe9OKCuQgvcg==
x-xss-protection: 0

GET
H3 200 like.php Show response
www.facebook.com/plugins/ Frame 37FF 51 KB
16 KB 265ms
264ms Document
text/html 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2bd57a5d93d8fc%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffc2e6a4232e99c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=3cc6a3be1eaeae619d4c74742fbec113

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b5cc125463294edc27240a2259bf0f28cf2b46bd2e58d0a0fe306eabe5f5e938

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 07 Sep 2023 18:40:26 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma: no-cache
priority: u=0,i
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: lqWNTx5v6B8Uhdp9p59hov5YQGmdMfPMBXsQadDL1y+iqxO3ndQ8MAyZqyhjDUAu713txm0fNcLiePIfdyfTdA==
x-xss-protection: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
564 B 130ms
123ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1835778&pi=106960374431&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&cpi=106960374431&cgi=4153530738&lpi=106960374431&lvi=106960374431&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&t=The+Microsoft+Reply+Attack&cts=1694112026522&vi=0101b15f53427aaddc7791658dab84df&nc=true&u=23485541.0101b15f53427aaddc7791658dab84df.1694112026515.1694112026515.1694112026515.1&b=23485541.1.1694112026515&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2bfafdb7-1fb2-4b7f-bdc8-b7aafd40281b
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2bfafdb7-1fb2-4b7f-bdc8-b7aafd40281b
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fs5iqQ7LTHrvqPTPyObMvE7zQeHoSl4qq4tMHJxpWCFzqqC4R8pdCx5sa7PokYM2RP2kaK4gPc8Z116y74iNngc21164%2B71MiwM1f74fv%2FD4W3Y84XKv%2FbHBHXI5g%2FPhZGEMtHYoegVWh65Ada1G"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-w76pp
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 80311485da2d9201-FRA
x-robots-tag: none

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
669 B 171ms
155ms Image
image/gif 2606:4700::6812:c07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c8111529-fa32-47c3-813b-7143a0dfbedf
x-envoy-upstream-service-time: 27
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c8111529-fa32-47c3-813b-7143a0dfbedf
last-modified: Thu, 07 Sep 2023 18:40:26 GMT
server: cloudflare
x-trace: 2BC8D3DFDFC597A091132CA46480E07BC3AE38E868000000000000000000
vary: origin, Accept-Encoding
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-hgnfq
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
accept-ranges: bytes
x-robots-tag: none
cf-ray: 80311485ece73625-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
591 B 129ms
123ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22c953fa87-efa0-494e-9947-98ffe764fcd8%22%2C%22456f8fc2-2a2d-451b-be42-2ab5d22687fa%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1835778&pi=106960374431&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&cpi=106960374431&cgi=4153530738&lpi=106960374431&lvi=106960374431&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&t=The+Microsoft+Reply+Attack&cts=1694112026524&vi=0101b15f53427aaddc7791658dab84df&nc=true&u=23485541.0101b15f53427aaddc7791658dab84df.1694112026515.1694112026515.1694112026515.1&b=23485541.1.1694112026515&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b1e6a09a-7287-4b90-9819-f645711c57df
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b1e6a09a-7287-4b90-9819-f645711c57df
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ccFjOTwC%2FoM0%2Baiem6rHWDyl%2BafEigxEcyByaIcOwHqRgejorXpsOs9pO5DV7EdRUNTCDQh%2FQgjhLlij45SnIJDb2l%2FF%2Ff8%2B%2BeYj7L10O%2BVrn4tkzJ5LHwOCaVvb5Ldf7%2Fu3X063U9Eq4EQlhuIQ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-85gwf
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 80311485da2e9201-FRA
x-robots-tag: none

GET
H2 200 blink_green.png
d10lpsik1i8c69.cloudfront.net/graphics/ 1 KB
2 KB 7ms
7ms Image
image/png 143.204.214.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d10lpsik1i8c69.cloudfront.net/graphics/blink_green.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-30.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9746bbc8be1eacd912bb90f2226b3f9141b15938f7b0281825c74999c0040c9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 09:49:19 GMT
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 3142268
etag: "2e4ff7ec8bf18d247ee942621e0f9d65"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1283
x-amz-cf-id: fr37FptDgr0N6q8RLvHVxufWje1IxQBThelFhWFJoiHEXVJuCI9BSA==

GET
H2 200 logo-light.png
d10lpsik1i8c69.cloudfront.net/graphics/ 1 KB
1 KB 8ms
8ms Image
image/png 143.204.214.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d10lpsik1i8c69.cloudfront.net/graphics/logo-light.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-30.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8c34bc7bc1985e63394c3c2afff88cdcfc06e501320432dd23eaff83ea6754eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 09:48:55 GMT
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 3142292
etag: "35ce74c31e3ef54462a234340af702d7"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 1143
x-amz-cf-id: jjpscWWqq41FatPiiK0P_AhRUqnROMRzqbrKvQWXuLjcWaHgYrVQzg==

GET
H2 200 sound-on-white.png
d10lpsik1i8c69.cloudfront.net/graphics/ 277 B
620 B 9ms
8ms Image
image/png 143.204.214.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d10lpsik1i8c69.cloudfront.net/graphics/sound-on-white.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-30.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: da0c1bc51d4ebfa2570f3e7546d9d3ccfb3f9d3c1199b1ca49869510aa79392a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sun, 23 Jul 2023 04:10:13 GMT
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 4026614
etag: "76f1993de0fd323f67cece8d8e63bfa2"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 277
x-amz-cf-id: ZXWSJJf34903aPHRNHMzznN1WsD8I0T37wZpN7TtgxLt8MCcUpPquA==

POST
H2 200 tp2 Show response
com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ 2 B
320 B 108ms
104ms XHR
text/plain 35.171.218.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Requested by: Host: d26x5ounzdjojj.cloudfront.net
URL: https://d26x5ounzdjojj.cloudfront.net/2.14.0/pista.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.218.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-218-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://www.avanan.com
date: Thu, 07 Sep 2023 18:40:26 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

OPTIONS
H2 200 tp2
com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/ Frame 0
0 103ms
102ms Preflight 35.171.218.118
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://com-thebigwillow-prod1.collector.snplow.net/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.171.218.118 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-171-218-118.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.avanan.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://www.avanan.com
access-control-max-age: 600
content-length: 0
date: Thu, 07 Sep 2023 18:40:26 GMT
server: nginx

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 3 KB
3 KB 216ms
170ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1835778&utk=0101b15f53427aaddc7791658dab84df&__hstc=23485541.0101b15f53427aaddc7791658dab84df.1694112026515.1694112026515.1694112026515.1&__hssc=23485541.1.1694112026515&contentId=106960374431&currentUrl=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93e22cbbb2bba6dca577b6eadef25d454efc9bc008b13365e8b25cae5bf0be8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ccdf7e9f-f918-4796-adce-f73f124328eb
content-encoding: br
x-envoy-upstream-service-time: 47
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ccdf7e9f-f918-4796-adce-f73f124328eb
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.avanan.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rk00Jaytm%2BEjHptKdWjH4%2B0rlIw8pYyyVWnAcIMcKYgp%2FyLMOX2e7iAoOsIboST4dSNfd9quQ4HE1RytHpCBqFa8LzyCi%2B9sCS0YpR8CIkApTRVQhnOd8QYA5aEkj%2FKB0cc7lVQKTRwMM3imGNv"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 803114870d591d8a-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-dgnsg

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 252ms
252ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=7988b8b9b9fb2b24661a471cde834fcb&svisitor=null&visitor=7ef0a0e0-d07a-48c8-8096-97775077321c&session=cdb9045f-8ca1-4c09-81b3-d215da67c406&event=ipv6&q=%7B%22address%22%3A%222001%3Aac8%3A20%3A3d00%3A1011%3Afcb7%3A8182%3Ae6ac%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&pageViewId=ec971d17-045f-482c-8da6-8f8c89c7d22d&v=1.1.6

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 37FF 299 B
446 B 14ms
7ms Image
image/png 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df2bd57a5d93d8fc%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffc2e6a4232e99c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-debug: PAY361Nnw+k7LyI58T7fz9FGD1OHDfsybLb1nIKOxD3P1SJ7XH/NCXLZw9kpNtAEMrW5sjL9CGKHgduWQD6iTQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 01 Sep 2024 03:37:03 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 5081 299 B
550 B 13ms
7ms Image
image/png 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12b73790fda244%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffc2e6a4232e99c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-debug: PAY361Nnw+k7LyI58T7fz9FGD1OHDfsybLb1nIKOxD3P1SJ7XH/NCXLZw9kpNtAEMrW5sjL9CGKHgduWQD6iTQ==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 01 Sep 2024 03:37:03 GMT

GET
H2 200 12D0EXN41br.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yz/l/en_US/ Frame 37FF 520 KB
135 KB 32ms
8ms XHR
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yz/l/en_US/12D0EXN41br.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2fa711100d4aaee5306e7b1785fc6fcc8604954fffa6d1a60ab66b356f40600f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: rOj0pu6efAibzTjk26rQng==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137245
x-fb-debug: f6MfxWyh82QEGVqo11Epi9B6ZRyQLuRVgIVJswKuuDLmfYRJOlkeB9BEll0mxu7Y4raKdTTAmYr+TyffC8AMVg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 01 Sep 2024 10:52:50 GMT

GET
H2 200 12D0EXN41br.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yz/l/en_US/ Frame 5081 520 KB
134 KB 42ms
30ms XHR
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yz/l/en_US/12D0EXN41br.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df12b73790fda244%26domain%3Dwww.avanan.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.avanan.com%252Ffc2e6a4232e99c%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&layout=button_count&locale=en_US&sdk=joey&share=true&show_faces=false&width=120

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2fa711100d4aaee5306e7b1785fc6fcc8604954fffa6d1a60ab66b356f40600f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:26 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: rOj0pu6efAibzTjk26rQng==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 137245
x-fb-debug: f6MfxWyh82QEGVqo11Epi9B6ZRyQLuRVgIVJswKuuDLmfYRJOlkeB9BEll0mxu7Y4raKdTTAmYr+TyffC8AMVg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 01 Sep 2024 10:52:50 GMT

GET
H2 200 / Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame AFC5 3 KB
2 KB 10ms
8ms Document
text/html 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/insent
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6da0c102cfc89e3d6fcced3c16008344a12e4a5e17f5e49cb9c8a36c3c179c41

Request headers

Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 544200
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Fri, 01 Sep 2023 11:30:27 GMT
etag: W/"16e3074f2965ac2e635cb95224b1a3c9"
last-modified: Fri, 01 Sep 2023 11:30:18 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
x-amz-cf-id: Mnn035z7OVRRkTU4-Yxc51ip_slWUIbY6oIMGt41oHUgEO8W6X_tdg==
x-amz-cf-pop: FRA60-P4
x-amz-version-id: zDn7p7vWxOOihAPmEmXSquZ5fCzlpOt3
x-cache: Error from cloudfront

GET
H2 200 env.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame AFC5 437 B
806 B 13ms
9ms Script
application/javascript 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/env.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ff4e0b144f55e6bf1ac619baad9714973a381bc5c106e2cf62543d8d671f9c19

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id: DmgVUrsbNmh0zFcaosq_jdGFz91EWuHz
date: Thu, 07 Sep 2023 11:30:40 GMT
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
last-modified: Mon, 10 Apr 2023 13:35:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 25787
etag: "649ed907ccaa01c40f7d298cda51d4e0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
content-length: 437
x-amz-cf-id: KET0QEFSxIGADIOj_t_z6_LZ5rX3NRCRWMrmgqCDLg8umRGITKhbMA==

GET
H2 200 pusher.min.js Show response
js.pusher.com/6.0/ Frame AFC5 64 KB
18 KB 72ms
8ms Script
application/javascript 143.204.210.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.pusher.com/6.0/pusher.min.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.210.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-210-101.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Sat, 12 Aug 2023 23:15:56 GMT
content-encoding: gzip
via: 1.1 0cbb1ca51bf146be48b40804581e4466.cloudfront.net (CloudFront)
last-modified: Thu, 14 May 2020 14:40:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 2229871
etag: W/"ba16a869e0473ee0ff7636f71e340c60"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
x-cache: Hit from cloudfront
cache-control: max-age=2592000
x-amz-cf-id: CqUG5T83FxvpJmTm-yIm0DaqALq0egHujDtu4eFXTndqE0zuZQPhJQ==

GET
H2 200 vendors.683cd746.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame AFC5 1 MB
375 KB 13ms
10ms Script
application/javascript 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.683cd746.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d9c13239fe95d9b00d407ce8d3429b7b984844d92534083e8f56d922103ce965

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 11:30:27 GMT
content-encoding: gzip
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
x-amz-version-id: Np0PPQFIQYl5RzLfh4HP_8mGBCkO0Ios
last-modified: Fri, 01 Sep 2023 11:30:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 544200
etag: W/"4b8b33f00f06b9358242fdaa40b2291b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: AC5GOOaDutnLybJVXH4AkEsgXlXVmi35Si_dejYRh5VuE7GPgXfFkg==

GET
H2 200 commons.35a081be.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame AFC5 228 KB
63 KB 45ms
42ms Script
application/javascript 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/commons.35a081be.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c644d06ec09522a102b85292bf5c793c92ad2fd9bb9db832ff4d38368781fc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 11:30:27 GMT
content-encoding: gzip
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
x-amz-version-id: WgP3dZZRyrSaefjPlnJxnppXSDepg8Pg
last-modified: Fri, 01 Sep 2023 11:30:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 544200
etag: W/"b096025f0d053a48a49ff7e39ef53f5d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: VzamLVcMmf1V5JJmzIPNNZeWUJ3fAODw_YHvtgjeBDVwKkPHXpUxoQ==

GET
H2 200 reduxComponents.0a82253c.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame AFC5 58 KB
14 KB 50ms
47ms Script
application/javascript 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/reduxComponents.0a82253c.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7b2914870d2ac55b769a1af8248666b2032d9c9de53fd752d423bd593ba100b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 11:30:27 GMT
content-encoding: gzip
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
x-amz-version-id: JkzJDvXQlZpO3yEwmqAHmVoYSmk.Bi6e
last-modified: Fri, 01 Sep 2023 11:30:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 544200
etag: W/"5ee9d716cdb6914fc6d257f87d7c6586"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: oFGu8HFOAxOhTdFPpCKHqc2_uirbh_LEjcPG0dlB2aJKtDgaNIS0fQ==

GET
H2 200 main.7d349fe6.chunk.js Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/ Frame AFC5 117 KB
28 KB 50ms
48ms Script
application/javascript 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/main.7d349fe6.chunk.js
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c0dfb840dd0831f0520dcec511a6723e0ed1652ef61d2087e49642754d22aa87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 11:30:27 GMT
content-encoding: gzip
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
x-amz-version-id: UJDpBhkjr4TCuipHVadGz9bhLxzXe.qT
last-modified: Fri, 01 Sep 2023 11:30:18 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 544200
etag: W/"ca8741e0fb8d47f7f146c1e3e87930b6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: TUyvvoSrPrW1Jhhe2bOZ74NMNAgGcx6EWZ59q-LBelR9ANqFUu6asw==

GET
H2 200 reset.css
d10lpsik1i8c69.cloudfront.net/css/ 2 KB
1 KB 16ms
9ms Stylesheet
text/css 143.204.214.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d10lpsik1i8c69.cloudfront.net/css/reset.css
Requested by: Host: d10lpsik1i8c69.cloudfront.net
URL: https://d10lpsik1i8c69.cloudfront.net/js/clickstream.js?v=e708588
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.214.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-214-30.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 401f533697cfb484598d2da76b5f4708bbca985a1fab42dbcfaa0741374d3245

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Wed, 02 Aug 2023 09:48:55 GMT
content-encoding: gzip
via: 1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
last-modified: Fri, 02 Sep 2022 19:59:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 3142291
etag: W/"7144eaceff0b31347712515a6116074e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: B0gc7NKayfaqRHl3ObIB4c2eIqqi1HOsMoKJzIv2wRriWSRMs8np-g==

GET
BLOB 200
OK d4b9ffb3-2246-4c6f-bc2e-87bd617bb302
https://www.avanan.com/ Frame 9684 0
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.avanan.com/d4b9ffb3-2246-4c6f-bc2e-87bd617bb302
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Length: 0
Content-Type

GET
BLOB 200
OK ef31a9a9-3c8f-4b10-afb3-944e2fb1c225
https://www.avanan.com/ Frame 9684 30 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.avanan.com/ef31a9a9-3c8f-4b10-afb3-944e2fb1c225
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fb5a1fff57218742c5c1e469970504556a10d235b2379872b4ffcef9901d3bc0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Content-Length: 31224
Content-Type

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
482 B 146ms
146ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=9862d401-d68f-4977-9e32-b0849cab6384&lfi=4974344&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4254527045&v=1.1&a=1835778&pi=106960374431&ct=blog-post&ccu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack&cpi=106960374431&cgi=4153530738&lpi=106960374431&lvi=106960374431&lvc=en-us&pu=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&t=The+Microsoft+Reply+Attack&cts=1694112026944&vi=0101b15f53427aaddc7791658dab84df&nc=true&u=23485541.0101b15f53427aaddc7791658dab84df.1694112026515.1694112026515.1694112026515.1&b=23485541.1.1694112026515&pt=0&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2e0905a2-53b3-4522-94cd-bea6579dcd9c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 18
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2e0905a2-53b3-4522-94cd-bea6579dcd9c
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U9tjq3nt8RPNpIWoUEJjnAV%2BFwFhWCzesZkpzIe82ho5tSh%2F16L7KcYjoi1c6RRFURWzfTg%2BzoAfvYQ3qY3qRMDVrWOC3ADjdE7oZw%2FJLnrA5MhDWFUyTggUo6witU%2ByN8wYWn5IsucpOtgwRSpQ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-jpkw5
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 803114886c729201-FRA
x-robots-tag: none

GET
H2 200 english.json Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame AFC5 6 KB
2 KB 9ms
6ms XHR
application/json 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/english.json
Requested by: Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.683cd746.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 05c580da7227f1f1038b071466c09ff25dfaa681d82e4a71ed58beadf63e8670

Request headers

Accept: application/json, text/plain, */*
Cache-Control: max-age=31536000
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Fri, 01 Sep 2023 11:30:30 GMT
content-encoding: gzip
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
x-amz-version-id: glkqJQc8Y1n3ri4wk8euaTNbwUDUdhRv
last-modified: Fri, 01 Sep 2023 11:30:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 544198
etag: W/"05d6f056048cdc28c10284bd31bf2c30"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
cache-control: max-age=31536000
x-amz-cf-id: b81o8Y0olCYx8h9ZV6O1yHCkf5oNpY5gnH3HYOIY0VgdOmvqnhQbHg==

GET
H2 200 getuser Show response
checkpointsoftwaretechnologiesincavanan.widget.insent.ai/ Frame AFC5 2 KB
1 KB 2046ms
2046ms XHR
application/json 2600:9000:225e:1600:f:7ae2:7780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/getuser?url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation

Requested by

Host: checkpointsoftwaretechnologiesincavanan.widget.insent.ai
URL: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/static/js/vendors.683cd746.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:225e:1600:f:7ae2:7780:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ed2fd5658632fd431f239d983fa945c77f2730564fa9008a4250bc780a8fd26c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://checkpointsoftwaretechnologiesincavanan.widget.insent.ai/?project_key=p2xERwhuLXXni4npvQaI&blog_url=www.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&event_listener=8SGDAk1I24nRU8a&hubspot_cookies=[%220101b15f53427aaddc7791658dab84df%22]&parent_innerwidth=1600&parent_innerheight=1200&widgetVisibility=true&locale=undefined
hubspotCookies: ["0101b15f53427aaddc7791658dab84df"]
accept-language: de-DE,de;q=0.9
Authorization: Bearer p2xERwhuLXXni4npvQaI
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:29 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
via: 1.1 7bf0fe9eca07efaffe6363062053f386.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
apigw-requestid: K5jcWh5zCYcEMFA=
x-xss-protection: 1; mode=block
etag: W/"879-0o3M4pC9efcAXDQR21OZNMiw+VA"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-amz-cf-id: vkruy5m-qKHSyDA0Ro6FGPTEqzhvuNn2wMhhWs_xVBwrJf_XaJlMYA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 368ms
368ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:27 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 blog-subscription-laptop-icon-2.png
www.avanan.com/hubfs/website/img/blog/ 109 KB
111 KB 42ms
41ms Image
image/webp 2606:2c40::c73c:67fe
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.avanan.com/hubfs/website/img/blog/blog-subscription-laptop-icon-2.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbf4d29d3505a4790b827cde56ca8e4e1d03ab709bb9db801f0a4f02c0fcc0e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
age: 20650
x-amz-request-id: PDTKC5XR5KYFZ42J
x-amz-server-side-encryption: AES256
edge-cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="blog-subscription-laptop-icon-2.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 2
cf-bgj: imgq:85,h2pri
etag: "8d71f834d25a82123bd27e64ec06b767"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1681321816755
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 2
date: Thu, 07 Sep 2023 18:40:27 GMT
strict-transport-security: max-age=31536000
via: 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: eGk4cuTrlwYommw7ReeuO26P_osPr7sE
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=212633
x-cache: RefreshHit from cloudfront
cache-tag: F-110679711133,FD-11279827778,P-1835778,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 112020
x-amz-id-2: qPwZ0JbGa9SoKW8SALmJI9JtK/3YhJan43Sp46zqSA5NuuOBdOLNDKh9V6Xv25GD4wpcQpddLC0=
last-modified: Wed, 12 Apr 2023 17:50:17 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmIFXB9xKLnY7Ruh3U1t3iFcs5Me4kayUBl9OKBlOFdZSKPghwFx0OpOqvG5Z1XBWZqyp%2Bld8Ff3ND2ZefYzOn3c6OqC%2B%2BOnplNM8e3QgILwgGsmEcGRza%2FSmVyx43tw8bMOgnullwnPZztr"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8031148eab9618ef-FRA
x-amz-cf-id: aBv2AoxDH7drblbvXUO3FErQooOjnTPl_1yunibG2m0xigy3_E352Q==

POST
H2 200 bf Show response
bf28149orj.bf.dynatrace.com/ Frame 781A 205 B
477 B 106ms
105ms XHR
text/plain 34.206.231.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bf28149orj.bf.dynatrace.com/bf?type=js3&flavor=cors&vi=AQAKRMMBRECTCAHOMHANQIABHMJGDNEO-0&modifiedSince=1694109164759&rf=https%3A%2F%2Fwww.gartner.com%2Freviews%2Fpublic%2FWidget%2Fdata%3Fwidget_id%3DYjZjODZjODMtNGZjZS00MzZjLTgxZDktYjVhMWY5NmM5Yjgy%26size%3Dlarge&bp=3&app=c9f1951eb65229e3&crc=2078426997&en=4vwhu0vt&end=1
Requested by: Host: www.gartner.com
URL: https://www.gartner.com/ruxitagentjs_A2NVfhjqru_10243220606153550.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.231.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-231-112.compute-1.amazonaws.com
Software: /
Resource Hash: 48734f9b3ba644ecbc6537f9b8958d75f22ba187a5b764271b29f04e2ed97b85

Request headers

Referer: https://www.gartner.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://www.gartner.com
x-oneagent-js-injection: true
date: Thu, 07 Sep 2023 18:40:28 GMT
cache-control: no-cache
content-length: 205
content-type: text/plain;charset=utf-8

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 211ms
211ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:28 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 211ms
211ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:29 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
484 B 489ms
489ms Image
image/gif 2.17.100.184
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-184.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.avanan.com/blog/the-microsoft-reply-attack?utm_campaign=Campaign%20-%20M365%20SMB%20US%20150%20Emp%209%2F5%20-%20FY23&utm_medium=email&_hsmi=272543376&_hsenc=p2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI&utm_content=272543376&utm_source=hs_automation
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date: Thu, 07 Sep 2023 18:40:30 GMT
x-content-type-options: nosniff
content-length: 43
pragma: no-cache
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: image/gif
access-control-allow-origin
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: *
expires: Wed, 19 Apr 2000 11:43:00 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=7988b8b9b9fb2b24661a471cde834fcb&svisitor=null&visitor=7ef0a0e0-d07a-48c8-8096-97775077321c&session=cdb9045f-8ca1-4c09-81b3-d215da67c406&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2007%20Sep%202023%2018%3A40%3A31%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2007%20Sep%202023%2018%3A40%3A30%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226775%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Reply-to%20address%20is%20not%20always%20what%20it%20seems.%20%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22The%20Microsoft%20Reply%20Attack%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation&pageViewId=ec971d17-045f-482c-8da6-8f8c89c7d22d&v=1.1.6

Verdicts & Comments Add Verdict or Comment

250 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

56 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.avanan.com/	1970-01-20 14:35:13	Name: __cf_bm Value: sCV_jd3YaRnaurE.xHyKb6TqHa.ZmST690PChkLnQxE-1694112023-0-ASH/LX61T9O94mR2iH5bIWf3dMwYVnqxasiZE0f3GHc/Y8eQA+XhQfyvBbwdimXCZ9omo1r47K95CdiE0AMbusM=
.www.avanan.com/	1969-12-31 23:59:59	Name: __cfruid Value: 8cf3ac3c5c239fe3cf49065f2bbabac137cc07e7-1694112023
www.avanan.com/	1970-01-20 23:20:48	Name: d-a8e6 Value: f4ad51fd-cd6a-4e10-92c0-a1fb912d0bfc
www.avanan.com/	1970-01-20 14:35:12	Name: s-9da4 Value: 14ea46d5-e549-41b8-85a4-a86a01e68755
.hubspot.com/	1970-01-20 14:35:13	Name: __cf_bm Value: KSe6FeC.IwFsHbJVlrqYAHfbfGQSEmO_dp_3Os28n6I-1694112024-0-AQf5MkSgwtmrGmC+EWVxDGi2jgucRqtJKT8Le5Q/UDtNsY/bjpmRbb9wFYnuUn+ooBlz8L5JwQl5MapYhagzHh4=
.avanan.com/	1970-01-20 16:44:48	Name: _gcl_au Value: 1.1.1734974206.1694112025
.doubleclick.net/	1970-01-20 14:35:12	Name: test_cookie Value: CheckForPermission
tracking.g2crowd.com/	1970-01-20 14:55:21	Name: _session_id Value: 9219e0b26e271f732ef88d3844142ccd
.g2crowd.com/	1970-01-20 14:35:13	Name: __cf_bm Value: PCI7AFIBM_0cJIoZyrrd5kToivxyPAWmu3Rq77njZXI-1694112025-0-AeUIpIEm0jxQUqFISakyjjrhpW5S5nN3yxrywCVMM6uMGlp0BQ44eoPveDck/JUIHwsqrqdaEu82DpFWym825d0=
.techtarget.com/	1970-01-20 14:35:13	Name: __cf_bm Value: BFJRFCMHX.aEkwd8WAtN0OSod5ZLyXlFFdQz6hTs1rg-1694112025-0-AabDvBuGMK0VpdTvX21xq21zZHu7E7Jj2GRkBqUTO8IBqGO1nta8cvkfbPLctvNafQecn/0IeUKVC+2ixKyajks=
.avanan.com/	1970-01-21 00:11:12	Name: _ga Value: GA1.2.1406688938.1694112025
.avanan.com/	1970-01-20 14:36:38	Name: _gid Value: GA1.2.771358039.1694112025
.avanan.com/	1970-01-20 14:35:12	Name: _gat_UA-59393664-1 Value: 1
.avanan.com/	1970-01-20 14:36:38	Name: _uetsid Value: 025086804dae11ee89a1ad452c270ad2
.avanan.com/	1970-01-20 23:56:48	Name: _uetvid Value: 0250b4c04dae11eea86a15c82578f15f
.bing.com/	1970-01-20 23:56:48	Name: MUID Value: 1FC29AD9B3476E3407AA895CB22C6F41
.avanan.com/	1970-01-20 23:20:48	Name: _lfa Value: LF1.1.dc553d14bba05330.1694112025392
.avanan.com/	1970-01-20 16:44:48	Name: _fbp Value: fb.1.1694112025471.817968063
.twitter.com/	1970-01-21 00:11:12	Name: personalization_id Value: "v1_0FtWNkH9Bd0+T6xsrziiZg=="
.t.co/	1970-01-21 00:11:12	Name: muc_ads Value: e48add86-56f2-4133-8efe-453f32b0bb8c
.spiceworks.com/	1970-01-21 00:11:12	Name: _swnid Value: pvl0pu6odcna
.spiceworks.com/	1970-01-21 00:11:12	Name: _swauth Value: n
.avanan.com/	1970-01-21 00:11:12	Name: _ga_FV5LS2GGRB Value: GS1.2.1694112025.1.0.1694112025.60.0.0
www.avanan.com/	1970-01-20 14:36:38	Name: ln_or Value: eyIxMTA1MjgiOiJkIn0%3D
.influ2.com/	1970-01-20 23:20:48	Name: R Value: ac5a98379b38eb305f3b82d5
.bidr.io/	1970-01-21 00:03:45	Name: bito Value: AABmdE7J9DIAAAx_pI9dyg
.bidr.io/	1970-01-21 00:03:45	Name: bitoIsSecure Value: ok
.linkedin.com/	1970-01-20 16:44:48	Name: li_sugr Value: 799e7d06-74ab-4bb9-9ec0-a8b008e92619
.linkedin.com/	1970-01-20 23:20:48	Name: bcookie Value: "v=2&f0635c12-c8f6-418c-84ef-af22ddde4310"
.linkedin.com/	1970-01-20 14:36:38	Name: lidc Value: "b=TGST01:s=T:r=T:a=T:p=T:g=3126:u=1:x=1:i=1694112025:t=1694198425:v=2:sig=AQG1tiEdVj7CzGpQ8oJT4Rz63cmq3T4Y"
.avanan.com/	1970-01-20 23:20:48	Name: _hjSessionUser_2523353 Value: eyJpZCI6IjczMzU2OTE2LWQwNmYtNWY1ZC1iMWMzLWY5ZTI5MjMxNjMzYSIsImNyZWF0ZWQiOjE2OTQxMTIwMjU3MTUsImV4aXN0aW5nIjpmYWxzZX0=
.avanan.com/	1970-01-20 14:35:13	Name: _hjFirstSeen Value: 1
.avanan.com/	1970-01-20 14:35:12	Name: _hjIncludedInSessionSample_2523353 Value: 0
.avanan.com/	1970-01-20 14:35:13	Name: _hjSession_2523353 Value: eyJpZCI6ImIxMjg0MWZiLWU5NGItNDAwMi1iOTFmLWEyNThmYjJjMDQ2ZCIsImNyZWF0ZWQiOjE2OTQxMTIwMjU3MjIsImluU2FtcGxlIjpmYWxzZX0=
.avanan.com/	1970-01-20 14:35:13	Name: _hjAbsoluteSessionInProgress Value: 0
www.avanan.com/	1970-01-21 00:11:12	Name: tbw_bw_uid Value: bito.AABmdE7J9DIAAAx_pI9dyg
www.avanan.com/	1970-01-21 00:11:12	Name: tbw_bw_sd Value: 1694112026
www.avanan.com/	1970-01-20 14:35:13	Name: _sp_ses.05d9 Value: *
www.avanan.com/	1970-01-21 00:11:12	Name: _sp_id.05d9 Value: bb228dc0-aff1-4bd4-aece-f39afa7139da.1694112026.1.1694112026.1694112026.31906517-5ee8-473b-b7ce-97b5286e256d
.linkedin.com/	1970-01-20 15:18:24	Name: UserMatchHistory Value: AQJ7fa9055UsVgAAAYpw8gzsw1cAfhHhlNXM9bJRA0CfNktkE3yr80PX6wy9CQyexZ2DhzVp-D0JKg
.linkedin.com/	1970-01-20 15:18:24	Name: AnalyticsSyncHistory Value: AQJHAFW9QSODGAAAAYpw8gzseyqhrW3NAJfU878BKcQnuuucbUS7VjCLo1nGefuCpNKGi7uMsKEpytfPssvPMA
.www.linkedin.com/	1970-01-20 23:20:48	Name: bscookie Value: "v=1&2023090718402673759168-69cf-4e1b-8753-f3f7f4da69bdAQELjmipocbToe6oX3xq2zwGwlFSTyJx"
.linkedin.com/	1970-01-20 18:54:24	Name: li_gc Value: MTswOzE2OTQxMTIwMjY7MjswMjHTPwl8U5fkmn7ii2m8EyjnLaInw9j9CGJ64kzMOX+w5Q==
www.avanan.com/	1970-01-21 00:11:12	Name: _gd_visitor Value: 7ef0a0e0-d07a-48c8-8096-97775077321c
www.avanan.com/	1970-01-20 14:35:26	Name: _gd_session Value: cdb9045f-8ca1-4c09-81b3-d215da67c406
com-thebigwillow-prod1.collector.snplow.net/	1970-01-20 23:20:48	Name: sp Value: 39bfaca8-ecf9-476b-890d-b555c47fd9b1
.avanan.com/	1970-01-20 18:54:24	Name: __hstc Value: 23485541.0101b15f53427aaddc7791658dab84df.1694112026515.1694112026515.1694112026515.1
.avanan.com/	1970-01-20 18:54:24	Name: hubspotutk Value: 0101b15f53427aaddc7791658dab84df
.avanan.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.avanan.com/	1970-01-20 14:35:13	Name: __hssc Value: 23485541.1.1694112026515
.avanan.com/	1970-01-21 00:11:12	Name: _lo_uid Value: 128904-1694112025762-93f24bd5f7fb42fc
.avanan.com/	1970-01-20 14:35:15	Name: _lorid Value: 128904-1694112025762-b0d627a98723a380
.avanan.com/	1970-01-20 23:20:48	Name: _lo_v Value: 1
.avanan.com/	1970-01-20 18:54:24	Name: __lotl Value: https%3A%2F%2Fwww.avanan.com%2Fblog%2Fthe-microsoft-reply-attack%3Futm_campaign%3DCampaign%2520-%2520M365%2520SMB%2520US%2520150%2520Emp%25209%252F5%2520-%2520FY23%26utm_medium%3Demail%26_hsmi%3D272543376%26_hsenc%3Dp2ANqtz-_v6OKZNOaWBhhYgtf_m8pNeWK-FXxyZVL6HpOyrRv26EeWJYXSn7_-rvQerUfIDsgK1-HgzP6DPFw0TOVzKoY8siKz475_q7QTszHU8f5OXOPtUCI%26utm_content%3D272543376%26utm_source%3Dhs_automation
.6sc.co/	1970-01-21 00:11:12	Name: 6suuid Value: b4641102e74b3a001a19fa64a30300003cdf5900
.avanan.com/	1970-01-21 00:11:12	Name: insent-user-id Value: z5Eqa266eFxNmMkqV1694112027570

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.hubapi.com
app.hubspot.com
b.6sc.co
bat.bing.com
bf28149orj.bf.dynatrace.com
c.6sc.co
cdn.linkedin.oribi.io
cdn2.hubspot.net
cdnjs.cloudflare.com
checkpointsoftwaretechnologiesincavanan.widget.insent.ai
com-thebigwillow-prod1.collector.snplow.net
connect.facebook.net
cta-service-cms2.hubspot.com
d10lpsik1i8c69.cloudfront.net
d26x5ounzdjojj.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
forms.hubspot.com
googleads.g.doubleclick.net
ibc-flow.techtarget.com
ipv6.6sc.co
j.6sc.co
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscta.net
js.hsleadflows.net
js.pusher.com
lftracker.leadfeeder.com
lh3.googleusercontent.com
lh5.googleusercontent.com
match.adsrvr.org
match.prod.bidr.io
no-cache.hubspot.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px.spiceworks.com
px4.ads.linkedin.com
region1.analytics.google.com
reviews.static.gartner.com
script.hotjar.com
settings.luckyorange.net
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
static.xx.fbcdn.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
t.influ2.com
tr.lfeeder.com
track.hubspot.com
tracking.g2crowd.com
trk.techtarget.com
use.fontawesome.com
vidassets.terminus.services
wec-assets.terminus.services
www.avanan.com
www.facebook.com
www.gartner.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.influ2.com
www.linkedin.com
b.6sc.co
104.244.42.200
104.244.42.3
104.244.42.5
104.26.11.16
108.138.17.51
13.107.42.14
13.224.194.18
13.32.27.95
142.250.184.194
143.204.210.101
143.204.214.30
146.75.116.157
18.165.183.67
18.165.227.104
18.66.112.92
18.66.26.40
18.66.97.10
2.17.100.184
2001:4860:4802:32::36
2600:9000:20eb:6e00:2:53b2:240:93a1
2600:9000:214f:9a00:14:c034:4840:93a1
2600:9000:225e:1600:f:7ae2:7780:93a1
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:67fe
2606:4700:4400::6812:2b1f
2606:4700:4400::ac40:973c
2606:4700:4400::ac40:991b
2606:4700::6810:50ba
2606:4700::6810:6cd1
2606:4700::6810:e05d
2606:4700::6811:180e
2606:4700::6811:c8cc
2606:4700::6811:e7a3
2606:4700::6812:7d0c
2606:4700::6812:c07d
2606:4700::6812:d333
2606:4700::6813:9a53
2606:4700::6813:9b53
2606:4700:e0::ac40:660b
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2002
2a00:1450:4001:806::2003
2a00:1450:4001:81c::200a
2a00:1450:4001:827::2013
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2003
2a00:1450:4001:82b::2004
2a00:1450:4001:830::200e
2a00:1450:400c:c09::9a
2a02:26f0:3500:16::215:149b
2a02:26f0:ab00::214:8e70
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
3.33.220.150
34.107.254.219
34.111.208.231
34.206.231.112
35.171.218.118
45.60.13.212
52.212.62.39
03817f3f6505178f6f24ef977ac8cd844ba3427f0353759e41bea905c565020a
057d87ec0edbdb5fe7d60d32da4c3abfe1dc2e6a0aacd6543a5e9dabb7bbd21b
05c580da7227f1f1038b071466c09ff25dfaa681d82e4a71ed58beadf63e8670
081d08f71fb7a07fd5247ce2d20af91a41899fd4ee1b129c18fedf8a04b5bbae
08364858e416bd80eb1c1e08b68b3b0bdf8c565df9324401e800e0a781147aeb
08deb5fb8e8a49d3e598cab0f6c178154648cd6234894569a0987812b19475f3
09fdb2959efa7f317724a5762ad6dd73d941613bfd3764ed8be04ddbc4338b4b
0bf7d79eb12ffb1d45c9a6e95ca5243776ad8ce3d674b9e9bf1f301ec4e8bc3f
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0c5109ab0fecc5ef21cc3eddf9e5e66741feb3c03a08c0c5d12a153bffe56a4d
0c644d06ec09522a102b85292bf5c793c92ad2fd9bb9db832ff4d38368781fc7
0f563d722f2e5aa3b7f252428b1364049e627900f77b8fd65c4e99bfd786ae25
10deca523f2d7d41a77738b61b503fb9ec9f7c8e5f96d34b4e760f7ab807983a
13a212c6b892024aae8c2db3d8cf9a5ec7d7f0f86948669384001e375a55edb5
19357aceb0d2e948b724b218887bfcb150024c6be540a27aa400c9a8408c2503
1c6ac68e136716c9a35af83d28f0440f01d422614420dc6a336712c0d40076b3
20c30ac80765fbc37612100986c60b24fce135da756392f1d4ea8ed8e87c9653
21091df3e91e575d018aa5b94c490bc0921233e901913052ceec557a2f3537ae
22cecf5526a9a6a3c3d49dea18b28fd902a5a2bec155a04a7c21bb654b9ec0c9
23df85b431121cb12e63cfeb071b25638717938bdf143ba526ea427913d86b4b
24a3a9ccca4cde6a90f28a96467b83fcc8e8b02ae532b85c46d45514e98c9dc9
257855f4e23a1e3d382077b15bfc30971c9c261fc23512c88abfdcda05f28bc4
2625d7bbfa42707e54c3acce1ea1ac20354f6b39f9ca0926a1d1ccc75557c921
265dc9381f2b760551a12eb31f4bbc194ea6609b90fd79a59fc53cb0e1210146
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28a26321734fb5f8c8fe42b5503f162fdf1469bf97e2d9c503a83cc2b3c534cd
2a2a9187164b6d552fab986d9e1750fbfbced3a8dbdd0998b8bde5f03d2a9b1d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
2ece63665d1c156d538ab3ab54b1239af56ceaa6d199d26580c877fefea8688d
2fa711100d4aaee5306e7b1785fc6fcc8604954fffa6d1a60ab66b356f40600f
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
327f498e13e0a8166699d8d770f3806775c2707dd893d18f0139b84b0b9d8576
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
3636e8810aa8b16828af450174251147977372f0201e77d464c719f110b0924f
3726f6f71175b54abf48e8863b8634461bcbf34831f7c1b0a1d11e2604782b3a
389e7668a1ebd8a04eca206d27b7147519be465eed883f6a2d68bd419ada24b4
392c9fa9cd1273a2a89d1a83a69cd1f63f21d1d55e7be21e1d8f51f25145668b
3ac0c589d242920586289eabdd93bf71f3d85bb1c6c8333d3e2deb4e173b61a4
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3eb73cc89830d3824b5c588849b29a5d4bad5b71108ba60e17bad3e6276dd5f7
4002d65e95f94dc87ae8ad170eb8dbc3644921032ac76dcb376537d9304a6fbf
401f533697cfb484598d2da76b5f4708bbca985a1fab42dbcfaa0741374d3245
4212a717b8d61a5ee679e86faef6b912c275aac5508f97350dac01bede075100
46891f1a0d9fc55b4650e10dbdc598a5269f19fdbd69305f8b8d1cd360b49f8d
48734f9b3ba644ecbc6537f9b8958d75f22ba187a5b764271b29f04e2ed97b85
49c8d692cb67ec3cc5b35e839c50c5c9eea05fe3ce82894eb02d22240554a0aa
4d0130d314f1669c9ea5a911d401d6250f96386a52b0c38f7b3fb43cdcd10589
4eed62e19ef261a18dade30aac09258399bbead589a04d061bce834f0d5a2bcd
54ff1ebf4247ecd1fdefdd027b695c8eca043b8987861f9edd37fee6ccceb2ef
56f9c5f99829774d0b2fbdcfd9750b617127e913afa0569afef6dfa22165659e
5a6284f5e68fe70bb17c9aecb532fdb513b37ec0096d21e9a7231fbcfeda6794
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f
632aad1aced665736ec2c09c131e25fb0f8f2c8b50edd7eeeec9266d205f75de
634cd6856c830752abf4b33133617045f344d5713d8fa567269172ed76d1cac3
679474b6d9d6d3aa6144b419aace177cc1cf7cf9ff8b1cd871f618b112a5cfa5
6a9a8f3e86740453a17f2bc214fe8aad9a8970d1d9a75cc37e097c67c41e7251
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ce8b6777d90b50ec4183fac7c948902229a7b8427e2e63008c52e769ec0c2d4
6da0c102cfc89e3d6fcced3c16008344a12e4a5e17f5e49cb9c8a36c3c179c41
6fbecdde63cefbeb511fc193ff653cf649ce9a2a9a120316d40f20b809afb647
71577fb46a22fa031506bab9c5ddb4640e38ef10a1b4959a11288b41ce4b0757
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7a2f15820ffe7ec552c256f18b8cd6485618d23a5648f535992e5c6928a542b7
7a82df3611c2166b9b9e824830c57bc09ef40860b9dc83fb2897b9a2a3ab0b98
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b4c6df43d8be2860c107af980f4ae9c27dea1b14e0112921c3aef511bb29b07
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8150a6e66442996f64560b128d0effe532ed5eabdf0a8c6176c8c4e8ed502e6f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
87d6c8ca2c4746ba9c42bd4b56b9f8dcb23dc4f4c8a5e338039a915eddbb4cfb
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984
88fdffc005db75c38fc6551d1daea13948b2c5e8b5fcc7859d9a8ac55a5bd672
8c31f9221454873de9c5bc222c2b5c97f216d3b21b0a3589f77f49fbcacf4a0d
8c34bc7bc1985e63394c3c2afff88cdcfc06e501320432dd23eaff83ea6754eb
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8deb475ac50713a43d3cf93fb2579f1badda5b9dee5704850b032f0f25564895
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
8ef87b393990b7acbdf286fec1e11e7fb30ea15311c6756cbdf46249f0bad21d
8f26365e1bb8c480eccb5eac0477b592ff6057b9bab06e4f62a838cbb631f82e
9178d19c46b5a36fc8d4de24aa7fef3b62e7f69c259f4e81ee3f2d5aba263216
92544ed57b172f513a507fe6d3e09d763bc23c413e47d110d8dc03ef896490dd
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
93e22cbbb2bba6dca577b6eadef25d454efc9bc008b13365e8b25cae5bf0be8a
94b9164549fba805d07a371447577e77ca7d335fb19f9eaf978209851969cf08
97152508df33871d78e6d8595480ac6c5cf8f2feb1fc1ef7fd2ef7a0517810c7
9746bbc8be1eacd912bb90f2226b3f9141b15938f7b0281825c74999c0040c9b
976381ee0acc1930f7357aa1487bea4fcbfdcf752c9942d8e2e800056df30e67
979caf94add5b00ec59d8abde43d200523745c2f4b105c2906f4d9dda4afaeec
9952dbddc1103498d87538f64bd985046019a40ee11438af7cd4b1bd0f4cfd72
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
a28a88a058bb32f3fff988c31380f2392939d9c4d1bf38b32f531969a02a33de
a29e6dee5b62ca9d6e561aea6c85f954074cd171af5f5d8c24e426b45df0ad9f
a405625d3620d1ef8d74c8bdfae7a609a563854125a2e4d306b9b33083a50c7c
a62430c1506f9d9ecc0bca9ffa39a073d5148f07be4aa54ed4532f9650caf56a
a7fd41fd349db8949a256323b8d9af1f86fe14bbd84214553ca70cb488a95e7b
a87eea0ed4667d6241611511e68dce431477cbd9a06c9482b01323d6a0b972f9
aaf9f27511743021075704cc1a18cd238c71531377f310c4170db754d42d7fa3
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b057f4707a4e3bbf69647a669ebc4dbf35a9b5b25864b5fc63162e71f58621c8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b212b5d5a1ff05906a7bbe45ec1192cb7f8cb096da65573b94eb19e3d853bccd
b399c5e2375b9f5d108af3cc74f7d665747a5d1955f5fde2db7f110b30a1f65e
b3c6f35195cdf97b110a6a3bbc41467d747d28b0c9e9950a171931ce58405547
b59a0404929cf4a3ad1cbd9c2ffaaff3f8c2e838a70867c1de2dfddc5a2b2f91
b5cc125463294edc27240a2259bf0f28cf2b46bd2e58d0a0fe306eabe5f5e938
b648b3c9d20f3b87bf24c9f20cd940d40ab038f24fc3142588961fc57131e74b
b7c3a9928f39697bc8878fc6596a954b9fd5691cb3341731fad84c77cdccc0a0
bc20b36f751ad260de8396c96601235213045021b8e8c546ebc2235932f0e134
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf6f2ddd3a93cfc831316931e733e85bfa4d344c33398e6c32115761bec7ba69
c0dfb840dd0831f0520dcec511a6723e0ed1652ef61d2087e49642754d22aa87
c0e96c0f51eb10934d2022f7d30dbeaf05f748f85d32dfe71711f2dbb21621d8
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
cee4c88acf7c3c3dcccb399551a63adc05cbbc91644ff64b5086136c7c0776ff
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
cf53806c2a4cef2c89a8502411683c83162fe73859d7d24244259e7e793df68a
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d104c35a05df833e9b49faf673a2039519b2f37affedf10add51ad892afa42c6
d33bae737e94e6dbd03fa5d4710cfc477029eb3cbfb4e624577c39f98c6c8bcf
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
d9c13239fe95d9b00d407ce8d3429b7b984844d92534083e8f56d922103ce965
d9f69c562fa39d1b002af05da1c6b99247e69c14a48e67b35d8a8b0efd739128
da0c1bc51d4ebfa2570f3e7546d9d3ccfb3f9d3c1199b1ca49869510aa79392a
db4bbc0b1eaef2f9cf6900231ac3553694431a1c5dc96aa52ced713702af63bc
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
ddd0af87d02bf88046acaf36141538c4852763b37b99ad5ea41ab6b07829818f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
deb3d40a52e939dc606cacea278753f149b56d19b6619994069659687e3a7728
defe8bdd321daa5f879a3ce5ae929266c7f8c79b87539e2bf148291f7a5fb5f4
df3c182101e2a4dd3b429ea2e352a65e3338996fdd8e1498cdb77c57f6674ca0
df6c76d089f56655116221a194e52aa3038051fde02c4d8ffd48df5a116a90e9
e3640c9e176b212640e5d1ba0e522d80ebe382b5a18fc55ae4f7be28d1b138be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6713fb9ddf25585f97a9c877f75edbb8b2c0d0691c1402fe85c145a9098527d
e7b2914870d2ac55b769a1af8248666b2032d9c9de53fd752d423bd593ba100b
e93bed4a0a68fb13e24d2866e4d24fcac552c62b97fa85d78d2d9cfcf3ba80a4
e94bb9eafa09b4181f7208f1466552561329b27bc870ea785be1fbbeb32661d8
e953b2b3797aee78418f706637a16233ad4e893f165305828290723e04ccba88
eb3d44316a4c7bf68ca5d8bef0896c554f5264e57fc49bc7adc3f34636ee53ed
ed2fd5658632fd431f239d983fa945c77f2730564fa9008a4250bc780a8fd26c
ee4d7e4894f360c363b3b00ee896d554b24ce5054a7f4d2d3de8f866455b2ff6
ef116c4b154888a36784c143110b264cfe6528a4061c5dcc14e6431ecfbcac56
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef966526d7edeb1ea065257d4ca023492f2918cc7b7202aebec430e54dbad2ba
f23f42796e0c3e29ba160c46015b9aef160581a01ac3f0f14e26bf94b208fe79
f268614e7be44fc18dbfa5350bfeea8539258da4830ef728c56e05bf62f46b57
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
f54ad99ac9b8bf0271cc6d19132826863aa3dc7077b4d5c586f99c46130efb30
f5647dca4c2f49ae6d4a8e8a506ecf358b734722e0a09882765a3c1f319d6b62
f5d7e440936d0aa4088a8bacc16206224b58b6fa1882dc54c3f953450fc75563
f68519ba7639cdbff92cf7c044bd5455e4c87320689a3f2d4b2418ca4e91cd01
f75e7361bbcda225d800dd06644f99253ae2cf5ab6a0e47ff7967474e7afb4a6
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25
fb5a1fff57218742c5c1e469970504556a10d235b2379872b4ffcef9901d3bc0
fbf4d29d3505a4790b827cde56ca8e4e1d03ab709bb9db801f0a4f02c0fcc0e1
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fd6aef7e70901bd5018e23bf8f366b1363e27c9263a2e058df2ca725cf81aab5
fd70a63872a411b5f43dc2b9c9a0ee83fa6ccc53d8d120c9fd166270ef4d3265
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fe5f4af17be162aaf3e1dadbc08fe06e678c87620a221b3fef8e2ca7a779986d
ff4e0b144f55e6bf1ac619baad9714973a381bc5c106e2cf62543d8d671f9c19
ffaf29f879d07e6eabf1c15bba8c3b72f6a821f615f2da67d0c24b267feeab8c

www.avanan.com Open in urlscan Pro 2606:2c40::c73c:67fe Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

204 Requests

97 %HTTPS

60 %IPv6

50 Domains

71 Subdomains

62 IPs

5 Countries

5343 kBTransfer

12455 kBSize

56 Cookies

27 Outgoing links

Page URL History

Redirected requests

204 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.avanan.com Open in urlscan Pro
2606:2c40::c73c:67fe Public Scan

Screenshot
Live screenshot

Full Image

204
Requests

97 %
HTTPS

60 %
IPv6

50
Domains

71
Subdomains

62
IPs

5
Countries

5343 kB
Transfer

12455 kB
Size

56
Cookies

204 HTTP transactions
3 data transactions